Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/e0Mvgs_741kf0PPrYHNs1bIU5d0.roa
File:                     e0Mvgs_741kf0PPrYHNs1bIU5d0.roa (raw, json)
Hash identifier:          jnpMTqwKhKoVsyjyvfHyTrYNrSp062w3E1sxS2jwxa8=
Subject key identifier:   7B:43:2F:82:CF:FB:E3:59:1F:D0:F3:EB:60:73:6C:D5:B2:14:E5:DD
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFA9767B98A4A95B01148FB5696B8
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/e0Mvgs_741kf0PPrYHNs1bIU5d0.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48126
IP address blocks:        2a0f:5707:aa40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:97:67:b9:8a:4a:95:b0:11:48:fb:56:96:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b432f82cffbe3591fd0f3eb60736cd5b214e5dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:33:c6:3c:8e:8a:76:3c:aa:85:1c:c3:8a:a8:
                    16:4a:a7:6a:94:9d:06:58:18:f9:6e:87:cd:ec:31:
                    1a:d6:c5:52:77:59:f8:fb:de:66:fd:00:70:22:15:
                    94:3f:1f:f0:ac:95:15:b4:c2:a7:50:d2:34:96:60:
                    d9:61:94:65:16:af:c1:d7:f9:8a:91:0c:a1:b2:b3:
                    eb:50:46:4b:22:aa:80:82:23:22:92:c0:57:6a:9f:
                    ea:f1:a4:b4:c4:dc:76:87:69:09:5f:5b:09:7a:ce:
                    27:7f:16:43:7c:b1:01:4a:91:ba:37:58:52:6b:e2:
                    09:c0:72:c6:d6:da:e8:52:6a:23:f8:b1:bc:f4:79:
                    15:7a:59:77:fd:5a:73:32:5e:86:29:98:c5:9c:78:
                    40:29:2e:84:dc:c7:7e:d1:e4:66:5d:23:db:4d:34:
                    d1:4e:6d:5c:fd:2a:e3:8d:87:c9:50:ce:22:b9:6d:
                    fe:bb:24:f2:1b:0f:ab:c9:ed:56:e5:06:6c:ef:c6:
                    c8:8b:75:70:21:4d:5f:70:e6:a6:d5:e7:5e:f2:dd:
                    b2:41:da:2d:dc:63:1d:36:32:18:be:96:d6:f1:e6:
                    5c:9a:98:16:70:a4:6c:e3:55:77:48:1d:ae:9b:e7:
                    58:10:fe:75:72:f2:c6:87:be:0c:f6:e4:ab:79:67:
                    e2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:43:2F:82:CF:FB:E3:59:1F:D0:F3:EB:60:73:6C:D5:B2:14:E5:DD
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/e0Mvgs_741kf0PPrYHNs1bIU5d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa40::/44

    Signature Algorithm: sha256WithRSAEncryption
         29:ac:56:2e:78:cb:1e:8e:e6:ec:ca:7f:0b:ab:5f:eb:07:13:
         68:41:b9:93:f0:3c:53:58:e4:40:d4:02:16:1c:92:2e:7c:0e:
         a6:b8:92:8a:3d:96:86:51:4c:3b:70:9b:37:5a:05:92:5d:f2:
         de:89:97:22:fe:af:38:d8:c5:96:09:06:e7:44:7c:7d:ca:c1:
         c0:9d:70:0a:7c:9e:c5:cf:56:63:34:6d:7a:e6:0a:9a:d6:19:
         b4:dc:54:cb:a6:d0:cc:9b:ce:27:5c:e6:e6:21:31:1b:fc:b9:
         ba:2b:b0:ca:35:1e:be:dd:2b:4c:69:1e:41:13:10:9c:fd:c3:
         94:d2:59:8d:2a:2a:d1:4d:5b:84:f9:a4:c3:90:2b:91:52:08:
         9a:96:15:53:74:96:a5:b8:21:b6:cc:c1:e8:87:f4:9a:64:07:
         19:37:22:b4:be:0f:34:24:7c:dc:e4:4b:bf:75:60:b3:5f:80:
         e0:b1:eb:2a:88:f6:67:0d:63:d0:72:30:c7:a1:e5:da:64:a8:
         ce:e5:6f:bb:75:ba:2b:7a:4b:c4:75:81:71:82:6b:ab:06:cc:
         63:e1:85:80:75:fb:b7:ff:da:91:0b:64:ee:4c:4c:d9:5d:08:
         67:2b:b0:d8:c6:60:bd:a0:cc:c7:e1:b8:34:48:e0:00:46:00:
         c0:a6:a0:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vqXZ7mKSpWwEUj7Vpa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjQzMmY4MmNmZmJlMzU5MWZkMGYzZWI2MDczNmNkNWIyMTRlNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljPGPI6KdjyqhRzDiqgWSqdqlJ0G
WBj5bofN7DEa1sVSd1n4+95m/QBwIhWUPx/wrJUVtMKnUNI0lmDZYZRlFq/B1/mK
kQyhsrPrUEZLIqqAgiMiksBXap/q8aS0xNx2h2kJX1sJes4nfxZDfLEBSpG6N1hS
a+IJwHLG1troUmoj+LG89HkVell3/VpzMl6GKZjFnHhAKS6E3Md+0eRmXSPbTTTR
Tm1c/SrjjYfJUM4iuW3+uyTyGw+rye1W5QZs78bIi3VwIU1fcOam1ede8t2yQdot
3GMdNjIYvpbW8eZcmpgWcKRs41V3SB2um+dYEP51cvLGh74M9uSreWfiIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHtDL4LP++NZH9Dz62BzbNWyFOXdMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvZTBNdmdzXzc0MWtmMFBQcllITnMxYklVNWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6pA
MA0GCSqGSIb3DQEBCwUAA4IBAQAprFYueMsejubsyn8Lq1/rBxNoQbmT8DxTWORA
1AIWHJIufA6muJKKPZaGUUw7cJs3WgWSXfLeiZci/q842MWWCQbnRHx9ysHAnXAK
fJ7Fz1ZjNG165gqa1hm03FTLptDMm84nXObmITEb/Lm6K7DKNR6+3StMaR5BExCc
/cOU0lmNKirRTVuE+aTDkCuRUgialhVTdJaluCG2zMHoh/SaZAcZNyK0vg80JHzc
5Eu/dWCzX4DgsesqiPZnDWPQcjDHoeXaZKjO5W+7dborekvEdYFxgmurBsxj4YWA
dfu3/9qRC2TuTEzZXQhnK7DYxmC9oMzH4bg0SOAARgDApqCK
-----END CERTIFICATE-----