Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mHjktcuJqofAFZ3MytUgMd9fqbA.roa
File:                     mHjktcuJqofAFZ3MytUgMd9fqbA.roa (raw, json)
Hash identifier:          4GtbwvT9uVqRJG+2g60aVPZVR+bMbjr1gORn0TnoTQo=
Subject key identifier:   98:78:E4:B5:CB:89:AA:87:C0:15:9D:CC:CA:D5:20:31:DF:5F:A9:B0
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFE90651C84639FBA03DDBA764758
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mHjktcuJqofAFZ3MytUgMd9fqbA.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139949
IP address blocks:        2a0f:5701:fe06::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fe:90:65:1c:84:63:9f:ba:03:dd:ba:76:47:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9878e4b5cb89aa87c0159dcccad52031df5fa9b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:28:2d:9f:e2:65:7e:4c:6c:04:a4:9d:eb:4d:
                    41:6d:3a:f3:38:2c:af:6e:11:3d:e3:ed:3b:1f:7e:
                    8b:e2:4e:32:e8:90:ea:38:35:6c:f9:9f:08:36:21:
                    47:df:01:27:fe:ec:52:04:b6:08:f2:3a:a7:6b:6f:
                    08:35:d4:38:07:54:46:8a:8e:ab:05:e7:53:7f:5a:
                    ce:09:8a:19:f0:c1:6d:f6:ea:5e:f7:55:d2:dd:e2:
                    e8:db:da:1c:1a:e7:ea:f7:b9:f1:c5:e9:59:50:a8:
                    ea:ba:d6:db:0e:9a:aa:5d:7a:fe:f2:22:30:01:08:
                    c3:4b:10:65:c5:fb:2d:8d:a6:9d:61:7d:09:36:be:
                    c4:0c:38:94:4d:a6:1d:ba:51:0b:cd:1a:bf:62:b8:
                    26:52:2f:34:08:30:80:1f:29:f5:35:e0:cf:dc:69:
                    f0:74:ae:61:2a:3d:16:bb:df:56:bb:3d:39:0e:87:
                    b2:6a:9a:ef:97:52:fb:63:36:ee:96:ca:91:b0:06:
                    95:a6:6a:ec:db:71:01:24:ff:d3:34:9b:77:14:b7:
                    e1:92:37:44:40:ed:39:89:dc:41:ad:8b:e1:0b:b3:
                    67:38:77:7c:c3:69:84:21:89:b5:00:1e:5e:74:f9:
                    64:7b:7e:3c:2f:8a:90:63:35:4e:b0:a3:da:f1:14:
                    83:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:78:E4:B5:CB:89:AA:87:C0:15:9D:CC:CA:D5:20:31:DF:5F:A9:B0
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mHjktcuJqofAFZ3MytUgMd9fqbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5701:fe06::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:5f:cd:53:62:50:10:eb:7e:8f:60:6d:d6:53:de:a9:9c:cb:
         a1:22:da:ee:f7:94:69:d4:3a:8d:ed:b4:00:b3:eb:2e:bf:f0:
         e9:b5:89:6b:b1:16:16:7f:27:95:23:71:78:ee:67:71:f7:82:
         13:f8:1b:a8:b0:4f:a5:38:71:d2:b6:ca:8b:66:3a:2f:e8:ca:
         ea:48:90:c1:7c:bc:49:3f:f0:62:47:43:76:28:63:90:4d:fc:
         f6:aa:f2:29:55:f1:8e:0c:8d:be:75:32:05:4e:51:1c:48:59:
         21:c3:1a:32:b0:17:b5:1f:17:a6:29:08:93:59:bb:dd:06:ca:
         7c:04:0f:c8:cb:53:33:1a:d6:f6:23:df:dc:3c:4b:eb:0b:b4:
         3f:a6:a9:4f:1c:13:0d:a7:c4:c1:31:ef:1b:bd:91:b8:2f:90:
         0b:1f:02:04:ba:d5:5e:14:d3:37:b3:44:ec:fd:fb:a0:7f:26:
         3a:3d:1b:95:e2:b7:cc:01:24:89:da:2b:2f:7d:dc:9d:b8:a8:
         dd:84:60:07:e8:bc:25:ae:a4:06:6a:cf:28:55:c1:30:0d:81:
         43:ec:3b:f2:17:5c:86:aa:5b:25:41:07:1e:2b:c4:36:ae:3c:
         b7:ab:ba:47:a6:a7:01:f1:9b:ea:e1:63:f8:e6:de:cf:2b:d2:
         44:92:86:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2v6QZRyEY5+6A926dkdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODc4ZTRiNWNiODlhYTg3YzAxNTlkY2NjYWQ1MjAzMWRmNWZhOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCgtn+JlfkxsBKSd601BbTrzOCyv
bhE94+07H36L4k4y6JDqODVs+Z8INiFH3wEn/uxSBLYI8jqna28INdQ4B1RGio6r
BedTf1rOCYoZ8MFt9upe91XS3eLo29ocGufq97nxxelZUKjqutbbDpqqXXr+8iIw
AQjDSxBlxfstjaadYX0JNr7EDDiUTaYdulELzRq/YrgmUi80CDCAHyn1NeDP3Gnw
dK5hKj0Wu99Wuz05Doeyaprvl1L7YzbulsqRsAaVpmrs23EBJP/TNJt3FLfhkjdE
QO05idxBrYvhC7NnOHd8w2mEIYm1AB5edPlke348L4qQYzVOsKPa8RSD/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJh45LXLiaqHwBWdzMrVIDHfX6mwMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvbUhqa3RjdUpxb2ZBRlozTXl0VWdNZDlmcWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XAf4G
MA0GCSqGSIb3DQEBCwUAA4IBAQAaX81TYlAQ636PYG3WU96pnMuhItru95Rp1DqN
7bQAs+suv/DptYlrsRYWfyeVI3F47mdx94IT+BuosE+lOHHStsqLZjov6MrqSJDB
fLxJP/BiR0N2KGOQTfz2qvIpVfGODI2+dTIFTlEcSFkhwxoysBe1HxemKQiTWbvd
Bsp8BA/Iy1MzGtb2I9/cPEvrC7Q/pqlPHBMNp8TBMe8bvZG4L5ALHwIEutVeFNM3
s0Ts/fugfyY6PRuV4rfMASSJ2isvfdyduKjdhGAH6LwlrqQGas8oVcEwDYFD7Dvy
F1yGqlslQQceK8Q2rjy3q7pHpqcB8Zvq4WP45t7PK9JEkobb
-----END CERTIFICATE-----