Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mu9JCC8dYA6ODtXdxl-5c3KBEl8.roa
File:                     mu9JCC8dYA6ODtXdxl-5c3KBEl8.roa (raw, json)
Hash identifier:          QWtmrFnV4y9wFGkDupiVfiwu9JTVL9tSe6YSht+IGUE=
Subject key identifier:   9A:EF:49:08:2F:1D:60:0E:8E:0E:D5:DD:C6:5F:B9:73:72:81:12:5F
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0A196CB9C2AA3F75819E5AB219E3
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mu9JCC8dYA6ODtXdxl-5c3KBEl8.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211620
IP address blocks:        2a0f:5707:abb0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0a:19:6c:b9:c2:aa:3f:75:81:9e:5a:b2:19:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aef49082f1d600e8e0ed5ddc65fb9737281125f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:de:80:f7:9d:98:ef:74:b9:cd:9f:db:21:da:
                    9d:de:01:a2:13:da:f8:2f:c1:e6:d9:e9:d4:e3:5f:
                    ee:83:e0:72:ef:f9:38:8a:31:aa:f5:86:e6:2d:dc:
                    d7:76:eb:ed:5b:36:3d:40:48:0b:8a:1a:e3:33:09:
                    ed:e7:ff:bf:97:36:c4:0e:c0:31:9c:8c:bf:db:db:
                    44:0e:b9:d3:2c:53:93:dc:7d:b4:2f:96:16:79:87:
                    12:b0:5d:96:33:39:ba:d5:eb:f0:43:dd:6e:1e:71:
                    29:59:f2:92:70:ec:b2:6b:89:27:8a:22:63:d7:1e:
                    ca:08:fe:72:d5:63:bb:e3:62:cc:8d:58:bd:6c:dc:
                    f4:5d:52:98:a9:55:f6:b3:bc:8f:1e:97:0f:b8:76:
                    16:7b:d6:8d:20:d6:ec:8d:ee:92:cc:87:52:bc:dd:
                    fa:0a:ad:90:7e:62:d9:d8:75:fe:d0:d9:0d:3b:6b:
                    05:46:f4:ff:63:d0:df:bb:6a:99:4a:f7:a5:ee:1b:
                    e2:6f:9e:4d:f4:68:1e:65:c7:5f:c0:74:23:dc:eb:
                    5d:86:2a:fd:c1:27:59:f5:1b:8f:dd:b0:d5:a3:c4:
                    cd:bb:47:fb:1c:b5:20:22:d5:09:33:57:71:5d:19:
                    a3:39:c0:43:e9:a9:e9:57:e4:0f:32:db:9d:7a:cc:
                    95:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EF:49:08:2F:1D:60:0E:8E:0E:D5:DD:C6:5F:B9:73:72:81:12:5F
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/mu9JCC8dYA6ODtXdxl-5c3KBEl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:8f:41:74:19:10:ec:ed:bd:fb:cc:56:6d:26:7c:96:3b:48:
         a8:11:8d:73:13:aa:c1:41:ce:8c:46:81:09:14:20:87:db:7f:
         de:06:37:57:06:db:e6:41:fc:a9:92:c6:c4:bd:19:17:0d:a3:
         d3:f4:f7:96:11:69:9d:22:81:37:c7:9f:cf:a7:ea:cb:1e:e6:
         7f:a7:38:85:e0:09:d1:f4:7d:df:96:4a:c6:bc:9e:29:19:7a:
         de:c0:c8:2c:e4:15:55:6e:f9:53:bf:9f:57:9f:3b:cb:2c:92:
         bd:03:85:fb:9a:cb:52:40:2e:2a:88:94:68:1b:a9:60:c2:68:
         18:a7:c8:59:51:0f:ab:75:57:0b:31:0a:4d:42:f3:e8:d8:3f:
         1f:07:01:38:ca:53:3f:5c:37:19:1c:15:21:b5:f3:93:e5:f7:
         dd:41:07:da:ba:e1:38:8a:b3:38:09:a8:0e:b8:f8:41:4f:86:
         e7:67:10:42:15:91:04:2e:58:15:9b:56:c6:ba:1b:39:cf:f1:
         7e:e4:fa:6f:9a:0f:12:19:1a:42:43:96:f7:bc:e7:b0:10:99:
         e2:05:df:f5:82:98:dc:77:66:a4:27:2a:51:5c:21:d3:df:e3:
         2d:fc:cc:e5:ec:5c:35:3d:89:d2:4d:78:99:64:1a:99:40:b0:
         cc:83:6c:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2woZbLnCqj91gZ5ashnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWVmNDkwODJmMWQ2MDBlOGUwZWQ1ZGRjNjVmYjk3MzcyODExMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt6A952Y73S5zZ/bIdqd3gGiE9r4
L8Hm2enU41/ug+By7/k4ijGq9YbmLdzXduvtWzY9QEgLihrjMwnt5/+/lzbEDsAx
nIy/29tEDrnTLFOT3H20L5YWeYcSsF2WMzm61evwQ91uHnEpWfKScOyya4kniiJj
1x7KCP5y1WO742LMjVi9bNz0XVKYqVX2s7yPHpcPuHYWe9aNINbsje6SzIdSvN36
Cq2QfmLZ2HX+0NkNO2sFRvT/Y9Dfu2qZSvel7hvib55N9GgeZcdfwHQj3Otdhir9
wSdZ9RuP3bDVo8TNu0f7HLUgItUJM1dxXRmjOcBD6anpV+QPMtudesyVbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJrvSQgvHWAOjg7V3cZfuXNygRJfMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvbXU5SkNDOGRZQTZPRHRYZHhsLTVjM0tCRWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6uw
MA0GCSqGSIb3DQEBCwUAA4IBAQATj0F0GRDs7b37zFZtJnyWO0ioEY1zE6rBQc6M
RoEJFCCH23/eBjdXBtvmQfypksbEvRkXDaPT9PeWEWmdIoE3x5/Pp+rLHuZ/pziF
4AnR9H3flkrGvJ4pGXrewMgs5BVVbvlTv59XnzvLLJK9A4X7mstSQC4qiJRoG6lg
wmgYp8hZUQ+rdVcLMQpNQvPo2D8fBwE4ylM/XDcZHBUhtfOT5ffdQQfauuE4irM4
CagOuPhBT4bnZxBCFZEELlgVm1bGuhs5z/F+5Ppvmg8SGRpCQ5b3vOewEJniBd/1
gpjcd2akJypRXCHT3+Mt/Mzl7Fw1PYnSTXiZZBqZQLDMg2wB
-----END CERTIFICATE-----