Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gitaqaHSKT8MOiKAPrwTZ2yAJhs.roa
File:                     gitaqaHSKT8MOiKAPrwTZ2yAJhs.roa (raw, json)
Hash identifier:          Dmet9bGp/Iqm9LyjCU+soNGOm/pvR1YMaE0KtnAfHvc=
Subject key identifier:   82:2B:5A:A9:A1:D2:29:3F:0C:3A:22:80:3E:BC:13:67:6C:80:26:1B
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB03505101D20FFE17672D9DD148D1
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gitaqaHSKT8MOiKAPrwTZ2yAJhs.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207468
IP address blocks:        2a0f:5707:ffa4::/46 maxlen: 48
                          2a0f:5707:fff2::/48 maxlen: 48
                          2a0f:5707:ffa0::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:03:50:51:01:d2:0f:fe:17:67:2d:9d:d1:48:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822b5aa9a1d2293f0c3a22803ebc13676c80261b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:83:a8:bd:a3:b5:9b:ca:eb:87:4b:b7:6a:cc:
                    4b:24:0d:41:d1:0f:19:f8:83:a5:5f:60:d0:28:b3:
                    32:29:58:b3:48:9b:c9:7e:32:24:15:3e:71:32:ad:
                    25:b8:07:25:05:58:17:a0:82:22:c6:36:bf:52:ce:
                    34:d4:67:bd:0a:44:29:d5:50:aa:2e:9b:3f:7d:23:
                    9e:6d:b4:ac:67:53:ef:42:b4:b2:24:ea:3b:ca:79:
                    c2:e6:e5:b1:d1:db:65:24:55:07:be:ad:0f:18:7c:
                    d9:49:a4:05:f6:2c:de:6b:ac:3b:41:b2:71:f7:cc:
                    ab:e3:91:22:88:25:52:dc:d1:6f:d4:ec:e9:47:2d:
                    4e:7d:c3:fd:a7:0e:bb:27:90:ea:cd:e0:5a:fa:95:
                    50:49:5d:8f:e1:b6:96:16:63:48:c6:08:34:5c:19:
                    4c:f6:e6:18:fa:cd:ff:2a:53:bb:78:6a:a0:31:3e:
                    0d:b6:1b:b2:f3:72:c7:3b:50:90:18:e4:ad:2c:88:
                    9d:ec:52:fe:d8:54:97:a3:c9:59:9c:0b:61:84:ac:
                    32:d5:20:7b:e8:68:13:4e:66:b9:94:3a:85:96:d8:
                    82:a7:a6:b0:74:f8:2c:43:5d:50:29:d3:91:7f:3c:
                    f7:49:5b:0e:21:31:9d:d3:f4:ee:36:f1:d6:f5:c5:
                    75:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2B:5A:A9:A1:D2:29:3F:0C:3A:22:80:3E:BC:13:67:6C:80:26:1B
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gitaqaHSKT8MOiKAPrwTZ2yAJhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ffa0::/45
                  2a0f:5707:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:64:55:ed:08:02:c7:93:e0:23:1b:31:99:da:00:c2:63:ce:
         7c:d0:34:3e:63:5b:6d:a3:c4:4e:31:7f:51:39:c6:a5:ea:57:
         61:7c:f0:b5:0b:89:1e:79:c5:78:99:6e:fb:34:52:dd:5d:96:
         ad:4f:78:84:4c:da:4f:d8:57:7c:68:f1:00:16:9b:49:ee:02:
         dc:64:74:01:c5:5a:0f:92:6a:08:fe:b4:35:17:c3:ed:ec:53:
         f1:f4:53:17:1e:a3:c3:13:a0:b4:12:99:94:9d:50:a6:09:2b:
         92:fa:d3:ec:af:ba:c5:b7:a6:06:12:82:50:c2:25:4e:ab:8a:
         d1:52:b6:d3:0e:a8:4c:ac:a2:c4:3d:e9:ff:f0:f8:e9:fe:6c:
         ee:a9:0e:26:4e:56:8c:d5:cd:8d:d9:73:4e:42:e4:1a:11:3d:
         6c:71:1a:2b:ae:e8:b8:b1:65:91:af:b6:f1:72:22:77:ba:30:
         7d:3e:44:5f:46:ee:20:72:b0:a5:4e:4e:49:e5:b8:7c:ad:ad:
         ba:76:6d:2d:a3:d4:18:2c:55:a1:03:a7:4b:dd:f7:3f:d7:cf:
         8d:8b:d3:61:29:d0:fa:49:f0:51:b3:a6:44:fc:3e:91:83:cf:
         85:b4:24:86:19:da:bc:b0:f8:24:c9:b0:81:be:91:65:c0:1a:
         6d:f6:66:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2wNQUQHSD/4XZy2d0UjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJiNWFhOWExZDIyOTNmMGMzYTIyODAzZWJjMTM2NzZjODAyNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIOovaO1m8rrh0u3asxLJA1B0Q8Z
+IOlX2DQKLMyKVizSJvJfjIkFT5xMq0luAclBVgXoIIixja/Us401Ge9CkQp1VCq
Lps/fSOebbSsZ1PvQrSyJOo7ynnC5uWx0dtlJFUHvq0PGHzZSaQF9izea6w7QbJx
98yr45EiiCVS3NFv1OzpRy1OfcP9pw67J5DqzeBa+pVQSV2P4baWFmNIxgg0XBlM
9uYY+s3/KlO7eGqgMT4Nthuy83LHO1CQGOStLIid7FL+2FSXo8lZnAthhKwy1SB7
6GgTTma5lDqFltiCp6awdPgsQ11QKdORfzz3SVsOITGd0/TuNvHW9cV1ZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIIrWqmh0ik/DDoigD68E2dsgCYbMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvZ2l0YXFhSFNLVDhNT2lLQVByd1RaMnlBSmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcDKg9XB/+g
AwcAKg9XB//yMA0GCSqGSIb3DQEBCwUAA4IBAQDAZFXtCALHk+AjGzGZ2gDCY858
0DQ+Y1tto8ROMX9ROcal6ldhfPC1C4keecV4mW77NFLdXZatT3iETNpP2Fd8aPEA
FptJ7gLcZHQBxVoPkmoI/rQ1F8Pt7FPx9FMXHqPDE6C0EpmUnVCmCSuS+tPsr7rF
t6YGEoJQwiVOq4rRUrbTDqhMrKLEPen/8Pjp/mzuqQ4mTlaM1c2N2XNOQuQaET1s
cRorrui4sWWRr7bxciJ3ujB9PkRfRu4gcrClTk5J5bh8ra26dm0to9QYLFWhA6dL
3fc/18+Ni9NhKdD6SfBRs6ZE/D6Rg8+FtCSGGdq8sPgkybCBvpFlwBpt9maG
-----END CERTIFICATE-----