Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jc1ejz8TI-zoHCOEoyC6UM06Qcg.roa
File:                     jc1ejz8TI-zoHCOEoyC6UM06Qcg.roa (raw, json)
Hash identifier:          pXnTXjHsnKbLRZDVoSUih0Bi5TrSMjSPpaJMzKjrW78=
Subject key identifier:   8D:CD:5E:8F:3F:13:23:EC:E8:1C:23:84:A3:20:BA:50:CD:3A:41:C8
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFEED690CF25A7FE7E3E7FEC9C538
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jc1ejz8TI-zoHCOEoyC6UM06Qcg.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197477
IP address blocks:        2a0f:5707:ab30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fe:ed:69:0c:f2:5a:7f:e7:e3:e7:fe:c9:c5:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dcd5e8f3f1323ece81c2384a320ba50cd3a41c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a6:af:6f:4c:7d:7f:cc:1d:1c:71:5d:62:0a:
                    82:58:e5:f4:9e:a1:0a:a6:fc:41:a6:d5:2d:99:ed:
                    e5:b9:04:51:84:98:b8:26:04:dc:fb:71:a6:c2:ac:
                    25:aa:4f:82:fe:1f:07:a9:e8:ec:ba:d9:7e:23:b7:
                    23:0a:52:bf:ce:80:64:2f:55:d9:ad:1b:71:9f:8d:
                    af:00:62:9d:fa:88:6d:61:3b:3e:b8:88:40:c5:d2:
                    9d:d7:33:3f:1b:f9:3e:cf:fb:6e:76:f0:ff:19:c0:
                    28:43:fa:a1:e9:d7:c3:88:6a:d0:b8:a3:d4:75:35:
                    de:29:b1:df:01:0d:77:a6:db:d7:01:fd:48:c7:cd:
                    0b:12:7f:14:46:6d:a8:ba:70:43:e0:5a:22:d3:dd:
                    16:d2:28:e9:f4:aa:92:e3:35:ba:0b:a0:71:07:3b:
                    a9:aa:c0:06:e0:ca:f6:10:92:f6:dd:e2:d6:f1:8f:
                    ad:c7:79:a8:c8:a0:a2:5c:3a:3b:9a:a9:b7:3a:be:
                    f9:77:7b:ec:c7:6c:e3:3d:88:10:18:6c:7c:6d:03:
                    9c:c3:8d:89:4c:e8:79:93:ec:36:e8:af:2b:37:31:
                    88:f1:d0:0a:77:9b:e5:10:46:fe:a5:73:94:a8:86:
                    5e:50:80:3f:fe:71:82:47:ca:e6:be:72:da:53:90:
                    ac:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CD:5E:8F:3F:13:23:EC:E8:1C:23:84:A3:20:BA:50:CD:3A:41:C8
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jc1ejz8TI-zoHCOEoyC6UM06Qcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab30::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:ba:cb:ab:7a:96:53:3b:df:bc:24:5b:59:85:f6:57:39:4e:
         d0:44:e6:b8:cf:78:0f:87:97:07:46:cb:92:c8:fd:f4:c7:0f:
         68:cc:cd:41:b3:06:fb:d0:8b:5f:71:eb:f3:ef:4a:c3:cf:7e:
         d7:a3:38:8e:7c:3b:76:ea:e1:0b:bf:fe:04:b3:a2:55:90:11:
         fa:08:86:c6:41:c3:e1:91:09:cc:32:ac:4e:38:b1:01:1b:ea:
         07:e0:2f:69:96:7a:f0:61:cc:9a:49:2a:22:e8:4c:1b:f7:f7:
         26:3d:ef:c6:11:48:20:4c:ee:d4:72:f2:f8:f8:e8:64:a9:6d:
         aa:02:15:b8:de:b9:d4:27:aa:32:b3:ff:23:ca:76:d2:1f:13:
         14:cb:42:9c:df:4d:73:05:07:41:f7:49:23:e1:d6:d8:53:8a:
         9f:f1:c1:1a:49:48:56:41:61:9b:48:a7:4c:79:a9:3c:24:f6:
         8c:2f:ef:7f:f8:af:fe:43:c4:ea:b9:ff:30:2e:a3:25:54:95:
         45:bf:77:ef:07:8b:ca:6b:9a:27:d2:17:ff:32:8d:f5:e7:a5:
         16:9a:af:1b:b0:5d:44:6a:5f:66:92:ca:76:f2:fe:31:d3:13:
         a4:2f:70:d4:11:b8:30:6c:c2:97:82:df:07:f9:84:31:97:23:
         86:76:ba:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2v7taQzyWn/n4+f+ycU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNkNWU4ZjNmMTMyM2VjZTgxYzIzODRhMzIwYmE1MGNkM2E0MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaavb0x9f8wdHHFdYgqCWOX0nqEK
pvxBptUtme3luQRRhJi4JgTc+3Gmwqwlqk+C/h8Hqejsutl+I7cjClK/zoBkL1XZ
rRtxn42vAGKd+ohtYTs+uIhAxdKd1zM/G/k+z/tudvD/GcAoQ/qh6dfDiGrQuKPU
dTXeKbHfAQ13ptvXAf1Ix80LEn8URm2ounBD4Foi090W0ijp9KqS4zW6C6BxBzup
qsAG4Mr2EJL23eLW8Y+tx3moyKCiXDo7mqm3Or75d3vsx2zjPYgQGGx8bQOcw42J
TOh5k+w26K8rNzGI8dAKd5vlEEb+pXOUqIZeUIA//nGCR8rmvnLaU5CsCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI3NXo8/EyPs6BwjhKMgulDNOkHIMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvamMxZWp6OFRJLXpvSENPRW95QzZVTTA2UWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6sw
MA0GCSqGSIb3DQEBCwUAA4IBAQAhusurepZTO9+8JFtZhfZXOU7QROa4z3gPh5cH
RsuSyP30xw9ozM1Bswb70Itfcevz70rDz37XoziOfDt26uELv/4Es6JVkBH6CIbG
QcPhkQnMMqxOOLEBG+oH4C9plnrwYcyaSSoi6Ewb9/cmPe/GEUggTO7UcvL4+Ohk
qW2qAhW43rnUJ6oys/8jynbSHxMUy0Kc301zBQdB90kj4dbYU4qf8cEaSUhWQWGb
SKdMeak8JPaML+9/+K/+Q8Tquf8wLqMlVJVFv3fvB4vKa5on0hf/Mo3156UWmq8b
sF1Eal9mksp28v4x0xOkL3DUEbgwbMKXgt8H+YQxlyOGdrqP
-----END CERTIFICATE-----