Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jyHhTaRtrIt-HEtbEdwi2lq1s5c.roa
File:                     jyHhTaRtrIt-HEtbEdwi2lq1s5c.roa (raw, json)
Hash identifier:          D32JjZfMCjT214MXwf52qO5S8rL84wzzzzyR4yFbf3A=
Subject key identifier:   8F:21:E1:4D:A4:6D:AC:8B:7E:1C:4B:5B:11:DC:22:DA:5A:B5:B3:97
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0300DA0578BCA0F9D1EA88A12A9F
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jyHhTaRtrIt-HEtbEdwi2lq1s5c.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207401
IP address blocks:        2a0f:5707:fff4::/48 maxlen: 48
                          2a0f:5707:fff5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:03:00:da:05:78:bc:a0:f9:d1:ea:88:a1:2a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f21e14da46dac8b7e1c4b5b11dc22da5ab5b397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e9:3e:60:b1:69:f0:f0:01:da:4e:dd:96:30:
                    72:1e:52:9c:77:99:46:30:59:9e:cd:04:36:58:f9:
                    ce:b8:c9:3e:f7:c2:59:fa:be:d3:1a:56:4d:e5:b4:
                    1b:f6:a8:ff:7f:a8:a3:45:55:e7:bf:e8:06:1b:4d:
                    c1:30:15:e1:2c:fd:59:8e:c7:2f:5b:e3:f4:98:f3:
                    c5:c9:0e:d1:d4:fb:a4:85:b8:ac:cf:84:86:8f:76:
                    ff:8e:a1:2f:ae:bf:33:04:0c:2f:82:d8:53:72:c8:
                    b4:eb:8f:82:63:9a:16:69:09:63:e1:59:4b:66:29:
                    8c:d3:a4:f0:b6:a6:09:f1:c6:a1:22:d4:b4:c1:db:
                    20:06:b0:d4:30:13:f6:7b:fe:8a:f7:11:44:99:5b:
                    2a:5a:5c:03:56:1c:ed:6e:25:d1:4e:85:95:21:94:
                    0a:f1:bb:8e:35:64:7d:5a:b5:31:33:b1:56:38:de:
                    67:6d:0a:6a:48:f9:6f:58:cd:84:cc:52:17:14:80:
                    e7:81:ee:ed:34:58:dd:f9:51:43:ea:5c:a4:5d:95:
                    7d:8d:99:1b:b9:77:26:e1:82:c0:5f:43:93:c4:e3:
                    7c:87:f7:7c:1c:b6:5d:5a:03:d4:64:69:4c:d0:f2:
                    e8:99:10:b0:0e:ee:4f:33:1f:54:15:ee:ba:75:35:
                    ab:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:21:E1:4D:A4:6D:AC:8B:7E:1C:4B:5B:11:DC:22:DA:5A:B5:B3:97
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/jyHhTaRtrIt-HEtbEdwi2lq1s5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:fff4::/47

    Signature Algorithm: sha256WithRSAEncryption
         7c:a3:1f:5b:63:c9:f6:78:b0:77:9e:3c:3c:e5:ef:50:87:9b:
         c4:41:81:ee:e2:04:d5:65:43:97:61:4d:80:14:32:57:20:d2:
         4c:37:bd:27:b6:8c:9d:6a:02:a9:63:46:08:3a:f2:91:a1:56:
         e4:d3:4e:df:65:ab:82:ef:58:9e:ad:34:69:3a:60:c5:7f:b5:
         09:d2:76:da:48:c7:73:88:a8:9d:1e:c0:5d:3e:94:13:1e:5f:
         ae:78:27:7b:ab:9b:2b:7d:29:96:29:7f:52:26:75:b7:44:91:
         77:29:de:31:80:87:77:e1:83:03:af:ce:37:1f:3a:44:01:09:
         38:55:a9:79:8a:d2:d1:8d:30:3f:49:d0:9a:81:8c:d5:7c:dd:
         10:68:62:fd:fa:08:ee:43:a9:14:cf:e3:d8:59:88:de:3e:91:
         56:dc:a6:0c:ce:fd:36:bc:6c:b7:3b:79:0d:f0:77:d2:f1:4d:
         e2:6f:62:ac:03:04:bf:c7:3f:a0:b9:19:cb:2f:77:6e:49:15:
         59:78:5c:61:f3:b3:cd:24:c9:15:2c:4d:d3:3c:db:71:f9:19:
         97:c2:f4:48:ac:b0:9b:af:18:9c:08:e5:3a:a7:ea:fe:9a:ac:
         45:9a:c4:1b:f1:2c:17:d7:ed:ea:5e:5d:75:96:37:41:84:31:
         a6:84:4f:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wMA2gV4vKD50eqIoSqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjIxZTE0ZGE0NmRhYzhiN2UxYzRiNWIxMWRjMjJkYTVhYjViMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquk+YLFp8PAB2k7dljByHlKcd5lG
MFmezQQ2WPnOuMk+98JZ+r7TGlZN5bQb9qj/f6ijRVXnv+gGG03BMBXhLP1Zjscv
W+P0mPPFyQ7R1Pukhbisz4SGj3b/jqEvrr8zBAwvgthTcsi064+CY5oWaQlj4VlL
ZimM06TwtqYJ8cahItS0wdsgBrDUMBP2e/6K9xFEmVsqWlwDVhztbiXRToWVIZQK
8buONWR9WrUxM7FWON5nbQpqSPlvWM2EzFIXFIDnge7tNFjd+VFD6lykXZV9jZkb
uXcm4YLAX0OTxON8h/d8HLZdWgPUZGlM0PLomRCwDu5PMx9UFe66dTWrqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI8h4U2kbayLfhxLWxHcItpatbOXMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvanlIaFRhUnRySXQtSEV0YkVkd2kybHExczVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg9XB//0
MA0GCSqGSIb3DQEBCwUAA4IBAQB8ox9bY8n2eLB3njw85e9Qh5vEQYHu4gTVZUOX
YU2AFDJXINJMN70ntoydagKpY0YIOvKRoVbk007fZauC71ierTRpOmDFf7UJ0nba
SMdziKidHsBdPpQTHl+ueCd7q5srfSmWKX9SJnW3RJF3Kd4xgId34YMDr843HzpE
AQk4Val5itLRjTA/SdCagYzVfN0QaGL9+gjuQ6kUz+PYWYjePpFW3KYMzv02vGy3
O3kN8HfS8U3ib2KsAwS/xz+guRnLL3duSRVZeFxh87PNJMkVLE3TPNtx+RmXwvRI
rLCbrxicCOU6p+r+mqxFmsQb8SwX1+3qXl11ljdBhDGmhE+H
-----END CERTIFICATE-----