Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gMFKm_t8UVVal3Z3_5323Zb5Qtc.roa
File:                     gMFKm_t8UVVal3Z3_5323Zb5Qtc.roa (raw, json)
Hash identifier:          mM77p2DcQhbJ5JU5ktLyXj/kmKoCkquYLe7KvSGj7S4=
Subject key identifier:   80:C1:4A:9B:FB:7C:51:55:5A:97:76:77:FF:9D:F6:DD:96:F9:42:D7
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB074A52C69816C11BE8CB2C8FBC4B
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gMFKm_t8UVVal3Z3_5323Zb5Qtc.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210522
IP address blocks:        2a0f:5707:abe0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:4a:52:c6:98:16:c1:1b:e8:cb:2c:8f:bc:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80c14a9bfb7c51555a977677ff9df6dd96f942d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2f:26:2e:d1:5e:03:6e:c1:39:3a:43:d1:93:
                    63:16:71:af:90:58:58:5f:89:0d:ba:86:fc:eb:71:
                    01:3a:90:30:7b:53:87:a4:8c:97:d7:87:15:a3:0e:
                    52:15:4d:31:7c:0c:25:ed:0b:ef:e6:90:b3:1e:f1:
                    50:88:36:f9:80:37:3a:7d:4d:2e:86:14:f2:88:12:
                    68:3d:c6:d4:66:66:fb:7b:57:6d:7e:01:11:42:ff:
                    94:70:51:6e:fc:c9:35:e2:97:db:85:cc:b7:1b:a2:
                    02:0f:eb:51:84:fb:97:70:1a:d4:95:3b:6c:de:59:
                    ee:88:bb:8a:54:07:1d:d5:09:4d:1d:e4:a8:7b:fb:
                    a6:b3:1e:22:9f:53:43:cc:63:d5:e2:4f:8b:8d:c4:
                    62:a0:84:21:1b:7a:36:0f:f6:18:2e:96:7b:62:7c:
                    ac:a2:07:08:42:4d:3d:2a:aa:d1:de:83:87:e8:8c:
                    dd:66:56:2c:22:9d:11:1f:fc:44:ac:8a:9b:be:9b:
                    b8:98:1d:62:d0:38:28:42:c2:21:2b:a8:e9:4a:89:
                    a8:a9:34:b9:4d:67:be:0e:e6:4c:36:f2:81:1b:ce:
                    c0:4c:6d:41:2c:d6:45:ef:5b:bf:d3:9f:42:7d:e7:
                    c3:c4:4d:76:14:e8:7b:57:d4:25:7f:13:9d:85:1b:
                    34:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C1:4A:9B:FB:7C:51:55:5A:97:76:77:FF:9D:F6:DD:96:F9:42:D7
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gMFKm_t8UVVal3Z3_5323Zb5Qtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abe0::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:df:91:63:b9:c0:a0:74:f1:2d:89:2b:53:01:27:05:06:92:
         9a:c2:2e:95:aa:3c:93:21:f3:d8:6d:4a:b7:f6:7d:9e:76:1b:
         f9:5a:73:28:51:32:a0:da:dc:cc:2f:f6:70:44:8f:37:f9:39:
         f4:0d:25:c8:a9:aa:0d:67:a7:40:68:15:47:73:3a:a1:ff:d9:
         cc:82:3c:42:e8:e6:37:6c:b6:83:c7:c7:a5:ce:55:d0:f0:57:
         15:62:ce:2c:1d:80:53:12:a1:01:24:10:aa:60:9f:d9:e5:20:
         cf:84:9b:a5:fb:11:44:64:91:01:83:4a:6f:b3:f4:23:e1:11:
         4c:23:63:0b:37:30:17:8c:4a:72:d9:06:5c:e0:55:5c:7c:69:
         00:9f:f3:19:74:a1:f0:d7:8a:be:80:90:6d:eb:0b:4a:7b:f5:
         7e:75:97:fa:6f:f6:3d:5a:31:a2:67:14:cb:c8:b6:6a:c6:f6:
         60:22:24:28:dc:de:6a:4c:ab:ef:5b:28:ef:97:d3:bf:7d:81:
         dc:aa:e6:b7:26:11:1f:8b:c5:53:ac:09:a6:b0:d7:90:a9:85:
         c6:6d:db:5c:81:2e:ed:39:44:ac:9b:e6:7f:e8:c6:b7:ab:b9:
         11:c5:c6:37:0b:8e:73:2b:30:f4:7b:ef:48:7b:ee:76:a2:89:
         1f:40:85:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wdKUsaYFsEb6Mssj7xLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMxNGE5YmZiN2M1MTU1NWE5Nzc2NzdmZjlkZjZkZDk2Zjk0MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAti8mLtFeA27BOTpD0ZNjFnGvkFhY
X4kNuob863EBOpAwe1OHpIyX14cVow5SFU0xfAwl7Qvv5pCzHvFQiDb5gDc6fU0u
hhTyiBJoPcbUZmb7e1dtfgERQv+UcFFu/Mk14pfbhcy3G6ICD+tRhPuXcBrUlTts
3lnuiLuKVAcd1QlNHeSoe/umsx4in1NDzGPV4k+LjcRioIQhG3o2D/YYLpZ7Ynys
ogcIQk09KqrR3oOH6IzdZlYsIp0RH/xErIqbvpu4mB1i0DgoQsIhK6jpSomoqTS5
TWe+DuZMNvKBG87ATG1BLNZF71u/059CfefDxE12FOh7V9QlfxOdhRs0cwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIDBSpv7fFFVWpd2d/+d9t2W+ULXMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvZ01GS21fdDhVVlZhbDNaM181MzIzWmI1UXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6vg
MA0GCSqGSIb3DQEBCwUAA4IBAQBC35FjucCgdPEtiStTAScFBpKawi6VqjyTIfPY
bUq39n2edhv5WnMoUTKg2tzML/ZwRI83+Tn0DSXIqaoNZ6dAaBVHczqh/9nMgjxC
6OY3bLaDx8elzlXQ8FcVYs4sHYBTEqEBJBCqYJ/Z5SDPhJul+xFEZJEBg0pvs/Qj
4RFMI2MLNzAXjEpy2QZc4FVcfGkAn/MZdKHw14q+gJBt6wtKe/V+dZf6b/Y9WjGi
ZxTLyLZqxvZgIiQo3N5qTKvvWyjvl9O/fYHcqua3JhEfi8VTrAmmsNeQqYXGbdtc
gS7tOUSsm+Z/6Ma3q7kRxcY3C45zKzD0e+9Ie+52ookfQIXa
-----END CERTIFICATE-----