Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mMDxK0WxFJ6maCrg4OEHyDDdyRA.roa
File:                     mMDxK0WxFJ6maCrg4OEHyDDdyRA.roa (raw, json)
Hash identifier:          j/wglFh+8XuVLWXZyOV3IHQbOCogUlGy3GWIuKkD70o=
Subject key identifier:   98:C0:F1:2B:45:B1:14:9E:A6:68:2A:E0:E0:E1:07:C8:30:DD:C9:10
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BED8B7B9137BC6F42439A9E1DBFB5
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mMDxK0WxFJ6maCrg4OEHyDDdyRA.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208127
IP address blocks:        2a0f:5707:ac00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ed:8b:7b:91:37:bc:6f:42:43:9a:9e:1d:bf:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98c0f12b45b1149ea6682ae0e0e107c830ddc910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:35:a5:18:6f:a7:58:42:55:74:7e:d4:71:
                    44:71:a2:42:0f:e5:4f:9f:86:09:40:74:46:15:ab:
                    f6:d5:1a:16:3b:ce:45:82:50:e6:0b:43:63:ca:65:
                    92:b6:9d:1d:ab:08:98:8b:36:a1:e3:84:d8:18:45:
                    3e:c4:91:2c:5c:65:e9:b5:d3:c5:fa:00:da:c7:25:
                    72:21:aa:35:67:b4:ad:96:bd:17:9d:74:c5:8b:6f:
                    36:f3:5e:8e:2c:fa:64:93:cf:d5:c1:ab:65:30:a9:
                    35:de:e5:34:4d:43:e4:cc:16:7a:28:4c:46:e5:65:
                    e1:b1:4b:ec:b9:e7:2a:c1:53:25:dc:1b:94:20:ee:
                    38:1f:78:d0:08:8e:61:2d:3f:d3:a2:98:38:7f:2d:
                    48:ea:54:10:a6:38:bf:41:96:5b:c3:33:5c:02:02:
                    a3:14:c2:b4:fb:c9:cf:c9:60:91:6e:4f:43:15:07:
                    66:5f:13:f3:55:de:33:ae:d3:e4:9e:96:b6:e1:47:
                    3e:54:c9:57:40:75:a5:f4:f0:a1:d7:e5:da:92:b9:
                    90:86:f1:1d:eb:ed:0a:0f:17:58:e0:9e:f6:5d:fc:
                    c7:16:19:80:54:83:65:4a:aa:a4:d9:06:87:a4:72:
                    55:eb:9c:dc:6c:cd:64:a0:17:03:bb:fa:ef:05:a8:
                    30:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C0:F1:2B:45:B1:14:9E:A6:68:2A:E0:E0:E1:07:C8:30:DD:C9:10
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mMDxK0WxFJ6maCrg4OEHyDDdyRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ac00::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:62:a7:fe:1e:84:ed:09:02:ac:e1:94:a6:a5:f8:92:fc:87:
         4b:35:ce:d3:92:d3:5d:a0:4f:72:fc:bb:fa:79:4f:48:9d:4a:
         65:48:eb:b1:8c:d3:7a:0d:ff:aa:fc:cb:4e:52:d1:b6:3a:28:
         b8:24:fc:b3:21:5f:fa:07:5d:ad:8a:4e:9e:ba:cb:bb:61:06:
         1c:5c:eb:d3:7d:a7:9d:51:dc:68:9c:5a:5b:10:14:38:b7:f9:
         6c:b9:d5:f2:db:32:fb:ca:64:2d:ff:d9:7c:75:64:84:d3:0a:
         df:66:40:79:a9:ea:a1:b2:47:b7:26:e9:7e:a6:b0:4c:f9:2b:
         de:ad:6f:74:47:22:0c:89:7e:5d:eb:6a:2b:1d:a9:e7:8e:97:
         0b:b4:cc:a5:21:f9:b0:2b:af:f7:eb:84:c4:91:eb:68:08:df:
         97:9e:b5:46:22:48:9c:66:25:9a:b2:29:49:74:85:30:08:34:
         0c:c0:eb:ee:39:3f:1f:50:12:bc:f9:37:16:63:81:fe:0e:a3:
         84:09:93:ae:47:76:1e:bf:de:11:cb:00:33:11:2b:36:0f:3a:
         cd:65:3a:6a:7b:35:0e:6c:76:78:17:3e:e9:7c:31:98:1f:93:
         69:50:ac:24:a7:32:7f:24:64:22:dd:1f:c6:90:8d:fe:11:2b:
         43:b6:d4:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+2Le5E3vG9CQ5qeHb+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGMwZjEyYjQ1YjExNDllYTY2ODJhZTBlMGUxMDdjODMwZGRjOTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOo1pRhvp1hCVXR+1HFEcaJCD+VP
n4YJQHRGFav21RoWO85FglDmC0NjymWStp0dqwiYizah44TYGEU+xJEsXGXptdPF
+gDaxyVyIao1Z7Stlr0XnXTFi282816OLPpkk8/VwatlMKk13uU0TUPkzBZ6KExG
5WXhsUvsuecqwVMl3BuUIO44H3jQCI5hLT/Topg4fy1I6lQQpji/QZZbwzNcAgKj
FMK0+8nPyWCRbk9DFQdmXxPzVd4zrtPknpa24Uc+VMlXQHWl9PCh1+XakrmQhvEd
6+0KDxdY4J72XfzHFhmAVINlSqqk2QaHpHJV65zcbM1koBcDu/rvBagwpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJjA8StFsRSepmgq4ODhB8gw3ckQMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvbU1EeEswV3hGSjZtYUNyZzRPRUh5RERkeVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6wA
MA0GCSqGSIb3DQEBCwUAA4IBAQBcYqf+HoTtCQKs4ZSmpfiS/IdLNc7TktNdoE9y
/Lv6eU9InUplSOuxjNN6Df+q/MtOUtG2Oii4JPyzIV/6B12tik6eusu7YQYcXOvT
faedUdxonFpbEBQ4t/lsudXy2zL7ymQt/9l8dWSE0wrfZkB5qeqhske3Jul+prBM
+SverW90RyIMiX5d62orHannjpcLtMylIfmwK6/364TEketoCN+XnrVGIkicZiWa
silJdIUwCDQMwOvuOT8fUBK8+TcWY4H+DqOECZOuR3Yev94RywAzESs2DzrNZTpq
ezUObHZ4Fz7pfDGYH5NpUKwkpzJ/JGQi3R/GkI3+EStDttTi
-----END CERTIFICATE-----