Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jqVFMeG1SZ2JMQmKBaPjwS_0Kkk.roa
File:                     jqVFMeG1SZ2JMQmKBaPjwS_0Kkk.roa (raw, json)
Hash identifier:          cHbc4d/SdnA5meOBTFmhZ3rY/Q0LVcF7dDNa0dPKsdI=
Subject key identifier:   8E:A5:45:31:E1:B5:49:9D:89:31:09:8A:05:A3:E3:C1:2F:F4:2A:49
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0A6ED753E7F7C728657C22C93D65
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jqVFMeG1SZ2JMQmKBaPjwS_0Kkk.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211679
IP address blocks:        2a0f:5707:23::/48 maxlen: 48
                          2a0f:5707:b110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0a:6e:d7:53:e7:f7:c7:28:65:7c:22:c9:3d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ea54531e1b5499d8931098a05a3e3c12ff42a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b7:1a:a1:83:6f:62:04:3f:77:ad:5a:8b:9c:
                    69:47:77:de:b6:41:d9:61:2d:66:2f:f9:14:28:2d:
                    3e:ca:57:49:92:98:12:a8:77:12:39:a7:b8:e2:b7:
                    1d:d6:77:49:7f:aa:f0:d4:52:69:cf:86:b6:ec:30:
                    c6:2e:71:74:e1:92:33:32:67:b7:12:7f:bb:52:f7:
                    3c:12:2c:e9:72:fc:a9:79:b3:f8:b9:de:95:f7:b3:
                    cb:47:43:bc:5a:e4:8c:7f:fd:d8:3f:39:23:26:14:
                    ff:e4:bc:1b:27:f3:d2:c3:b7:de:c1:39:59:93:75:
                    6c:a9:34:78:d0:22:61:6b:b1:ae:40:f0:93:99:9d:
                    25:1d:6e:de:8a:bc:28:c9:38:4e:78:86:65:e0:1a:
                    4e:22:6d:75:0c:76:26:f4:67:63:a0:c4:7d:86:3a:
                    eb:a2:8e:c4:fa:69:5b:2c:f3:50:3a:b1:62:de:7b:
                    48:7c:64:70:db:c9:66:9c:15:2e:27:ba:30:a0:38:
                    b5:b9:55:1d:f4:05:f6:4a:2b:c8:53:bb:cb:1a:df:
                    bf:2d:aa:6a:4c:07:a0:4a:ca:b7:a7:1f:e0:b1:a2:
                    06:a1:dd:af:14:d4:0e:80:e3:2c:c3:c7:ba:79:81:
                    3f:e7:af:58:b4:fa:ec:3c:37:7a:83:d3:1a:72:a1:
                    72:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A5:45:31:E1:B5:49:9D:89:31:09:8A:05:A3:E3:C1:2F:F4:2A:49
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jqVFMeG1SZ2JMQmKBaPjwS_0Kkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:23::/48
                  2a0f:5707:b110::/44

    Signature Algorithm: sha256WithRSAEncryption
         3b:ad:c4:21:61:45:90:3c:cd:72:cf:bc:99:93:0a:ed:d7:48:
         2e:80:7f:ea:0d:fd:5c:38:25:6a:d5:69:70:35:21:81:db:4d:
         62:28:d4:25:fd:2c:54:44:af:62:91:7c:6c:79:ed:96:76:a5:
         a9:e5:03:53:7c:69:da:d7:95:12:de:9c:31:43:d8:aa:61:2d:
         42:e4:56:bd:68:f4:ca:2e:b9:37:0f:0e:ca:65:f5:25:f0:e3:
         a9:fc:42:56:12:86:72:57:a8:a4:2a:94:88:10:57:ab:d8:d6:
         bb:74:6e:fb:93:88:06:cc:7f:b2:c8:23:8c:06:50:9f:c4:d7:
         c4:a2:74:d1:be:c5:83:68:9c:9d:b5:5e:80:97:26:13:8d:4f:
         c0:f3:c5:c5:cd:93:1e:53:4c:e3:78:29:38:e7:1e:44:67:c2:
         21:79:f8:9d:aa:08:03:d3:1d:33:35:ac:7f:6b:9b:2b:98:30:
         2c:e3:85:cb:e1:30:30:ad:90:9b:a0:69:f3:b0:d5:45:45:e4:
         85:70:90:0a:e7:89:f6:29:a2:ee:41:9a:85:32:fe:f6:d8:85:
         c1:62:e9:8d:b9:7f:8e:d3:ff:65:6d:f1:fb:70:99:ab:da:46:
         38:08:f2:be:5e:96:3f:16:b4:ad:9e:ad:8f:91:53:6a:ac:eb:
         36:5f:ae:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2wpu11Pn98coZXwiyT1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWE1NDUzMWUxYjU0OTlkODkzMTA5OGEwNWEzZTNjMTJmZjQyYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLcaoYNvYgQ/d61ai5xpR3fetkHZ
YS1mL/kUKC0+yldJkpgSqHcSOae44rcd1ndJf6rw1FJpz4a27DDGLnF04ZIzMme3
En+7Uvc8EizpcvypebP4ud6V97PLR0O8WuSMf/3YPzkjJhT/5LwbJ/PSw7fewTlZ
k3VsqTR40CJha7GuQPCTmZ0lHW7eirwoyThOeIZl4BpOIm11DHYm9GdjoMR9hjrr
oo7E+mlbLPNQOrFi3ntIfGRw28lmnBUuJ7owoDi1uVUd9AX2SivIU7vLGt+/Lapq
TAegSsq3px/gsaIGod2vFNQOgOMsw8e6eYE/569YtPrsPDd6g9MacqFyjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI6lRTHhtUmdiTEJigWj48Ev9CpJMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvanFWRk1lRzFTWjJKTVFtS0JhUGp3U18wS2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg9XBwAj
AwcEKg9XB7EQMA0GCSqGSIb3DQEBCwUAA4IBAQA7rcQhYUWQPM1yz7yZkwrt10gu
gH/qDf1cOCVq1WlwNSGB201iKNQl/SxURK9ikXxsee2WdqWp5QNTfGna15US3pwx
Q9iqYS1C5Fa9aPTKLrk3Dw7KZfUl8OOp/EJWEoZyV6ikKpSIEFer2Na7dG77k4gG
zH+yyCOMBlCfxNfEonTRvsWDaJydtV6AlyYTjU/A88XFzZMeU0zjeCk45x5EZ8Ih
efidqggD0x0zNax/a5srmDAs44XL4TAwrZCboGnzsNVFReSFcJAK54n2KaLuQZqF
Mv722IXBYumNuX+O0/9lbfH7cJmr2kY4CPK+XpY/FrStnq2PkVNqrOs2X66D
-----END CERTIFICATE-----