Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gz12IZdvv59RcUJoWq6qQnokJlE.roa
File:                     gz12IZdvv59RcUJoWq6qQnokJlE.roa (raw, json)
Hash identifier:          j6mEklm0fbOId3o/xRaHmfq3Z49C6SLxW498KMOT3DY=
Subject key identifier:   83:3D:76:21:97:6F:BF:9F:51:71:42:68:5A:AE:AA:42:7A:24:26:51
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFF9C4DC8FA1504FA43BCA19CA0E7
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gz12IZdvv59RcUJoWq6qQnokJlE.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205210
IP address blocks:        2a0f:5707:aa50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ff:9c:4d:c8:fa:15:04:fa:43:bc:a1:9c:a0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=833d7621976fbf9f517142685aaeaa427a242651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:61:14:cf:7b:14:97:1d:c9:5d:b2:f1:36:44:
                    cb:f0:86:03:be:b3:2e:5e:db:aa:bb:fc:f4:b1:59:
                    b5:25:28:d4:2b:a6:6c:19:61:b1:b0:50:4a:93:81:
                    c9:c3:1b:9f:c1:7c:64:85:6f:42:91:3a:94:ff:b1:
                    3e:65:17:ec:06:cb:5d:62:01:8c:24:d8:55:a2:ee:
                    23:a8:c3:54:e2:70:45:11:6c:7e:5f:35:6f:78:68:
                    8d:31:20:1f:80:72:7b:42:01:15:08:c0:b4:2f:f0:
                    b1:d2:c0:dd:3d:f6:79:bc:1e:10:f3:86:b8:aa:e8:
                    23:97:cd:bd:12:36:c2:52:a3:40:c7:b3:32:91:d5:
                    17:44:45:69:5d:48:1f:14:17:f1:e2:c3:5d:f5:05:
                    b8:df:98:95:ce:d5:55:0e:8f:fd:04:ac:de:96:dd:
                    e6:55:9e:fd:c7:5a:83:27:86:c9:13:e3:cb:4f:f4:
                    54:de:6a:6d:cf:18:ee:3b:71:51:ff:cb:4b:08:ff:
                    e8:52:ff:ba:b6:bb:80:39:73:43:ac:3c:35:2e:49:
                    84:1f:a6:f8:19:61:86:ac:06:b3:6d:03:ed:c3:86:
                    a0:46:7b:45:28:aa:f2:24:83:a4:ed:45:b3:bc:f2:
                    e1:19:1d:e4:33:7e:62:4d:82:94:4b:80:0e:e0:20:
                    d3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3D:76:21:97:6F:BF:9F:51:71:42:68:5A:AE:AA:42:7A:24:26:51
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/gz12IZdvv59RcUJoWq6qQnokJlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa50::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:7a:f6:69:95:01:e0:ad:22:e3:8f:0e:0d:31:fa:d8:f8:50:
         e4:d8:87:8d:a6:43:0c:6b:66:fe:54:1d:dc:12:e4:ad:bc:f7:
         99:dc:f3:e6:78:95:fe:39:0e:e7:c3:a8:93:b9:76:5d:fb:98:
         b1:a5:c1:f3:f9:c0:54:a4:04:c3:1c:12:2c:99:28:38:ac:12:
         fb:07:69:06:af:f4:a5:d2:c4:9f:2c:d6:fe:b7:44:4b:f4:a1:
         55:54:34:04:5a:be:28:a3:63:a4:b9:8a:b8:5e:ce:c7:20:c2:
         ab:2d:74:a5:49:75:25:ca:c4:d1:aa:96:f8:ee:e5:7b:95:73:
         2f:5b:38:83:e1:4a:c9:3a:52:a4:59:4a:ee:1c:8c:6e:81:b9:
         56:73:59:15:84:f9:ca:33:55:08:96:79:25:37:d6:ab:cf:18:
         0e:95:12:82:52:60:d0:28:78:21:a2:de:25:f2:61:31:09:95:
         25:4a:85:83:b4:72:78:e4:7b:77:51:46:64:7e:f6:79:b3:b1:
         29:29:e4:e0:d4:f4:24:e1:3a:4c:f5:82:26:86:d5:fd:b2:67:
         a9:70:d8:0c:b9:2b:0e:20:dc:b8:ae:66:91:84:18:97:92:91:
         37:8c:c4:b2:5d:ca:b8:9b:03:22:2b:08:47:bd:93:e4:4e:2d:
         14:98:c1:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2v+cTcj6FQT6Q7yhnKDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNkNzYyMTk3NmZiZjlmNTE3MTQyNjg1YWFlYWE0MjdhMjQyNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+mEUz3sUlx3JXbLxNkTL8IYDvrMu
Xtuqu/z0sVm1JSjUK6ZsGWGxsFBKk4HJwxufwXxkhW9CkTqU/7E+ZRfsBstdYgGM
JNhVou4jqMNU4nBFEWx+XzVveGiNMSAfgHJ7QgEVCMC0L/Cx0sDdPfZ5vB4Q84a4
qugjl829EjbCUqNAx7MykdUXREVpXUgfFBfx4sNd9QW435iVztVVDo/9BKzelt3m
VZ79x1qDJ4bJE+PLT/RU3mptzxjuO3FR/8tLCP/oUv+6truAOXNDrDw1LkmEH6b4
GWGGrAazbQPtw4agRntFKKryJIOk7UWzvPLhGR3kM35iTYKUS4AO4CDTUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIM9diGXb7+fUXFCaFquqkJ6JCZRMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvZ3oxMklaZHZ2NTlSY1VKb1dxNnFRbm9rSmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6pQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAXevZplQHgrSLjjw4NMfrY+FDk2IeNpkMMa2b+
VB3cEuStvPeZ3PPmeJX+OQ7nw6iTuXZd+5ixpcHz+cBUpATDHBIsmSg4rBL7B2kG
r/Sl0sSfLNb+t0RL9KFVVDQEWr4oo2OkuYq4Xs7HIMKrLXSlSXUlysTRqpb47uV7
lXMvWziD4UrJOlKkWUruHIxugblWc1kVhPnKM1UIlnklN9arzxgOlRKCUmDQKHgh
ot4l8mExCZUlSoWDtHJ45Ht3UUZkfvZ5s7EpKeTg1PQk4TpM9YImhtX9smepcNgM
uSsOINy4rmaRhBiXkpE3jMSyXcq4mwMiKwhHvZPkTi0UmMEq
-----END CERTIFICATE-----