Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ncGqL2NgQRoJOkbBpSfHtCL-mZQ.roa
File:                     ncGqL2NgQRoJOkbBpSfHtCL-mZQ.roa (raw, json)
Hash identifier:          c7J9EVAdz5b1ViOuMe9zT02oKHU6eqDps6yJjuuVXFE=
Subject key identifier:   9D:C1:AA:2F:63:60:41:1A:09:3A:46:C1:A5:27:C7:B4:22:FE:99:94
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0989A6C068C81014E1235615EB6D
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ncGqL2NgQRoJOkbBpSfHtCL-mZQ.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211301
IP address blocks:        2a0f:5707:aaf0::/44 maxlen: 48
                          2a0f:5707:aa60::/44 maxlen: 48
                          2a0f:5707:25::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:89:a6:c0:68:c8:10:14:e1:23:56:15:eb:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dc1aa2f6360411a093a46c1a527c7b422fe9994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f2:2f:fd:7e:16:23:69:d9:d9:5b:7d:c3:b9:
                    8b:04:20:b0:32:7b:48:6a:f3:fa:38:de:cf:07:56:
                    7a:14:0b:86:41:c1:a6:f3:ae:e1:4f:45:e0:db:f9:
                    00:83:42:50:aa:33:f1:f2:9a:f8:e5:d3:14:74:91:
                    1a:b3:52:ee:04:d9:07:7b:21:f7:fd:1e:80:b6:45:
                    a2:c7:35:b4:f6:7b:63:c5:fa:d9:a4:52:9e:f2:42:
                    ed:4a:a8:97:bd:95:5c:a0:cc:56:a1:d7:54:2f:f2:
                    03:3a:d6:c1:41:71:4c:81:42:9c:61:64:74:d2:d3:
                    df:3c:38:cf:ae:c7:bd:7a:98:a1:ac:34:5d:70:bc:
                    76:6f:f3:5d:a6:7e:bc:63:f9:13:7b:7e:6a:89:23:
                    ff:6e:3a:4a:04:0b:da:94:34:ea:4c:a2:60:e5:68:
                    11:ea:41:76:31:4b:80:fb:e9:ef:04:89:f6:5f:af:
                    78:9b:9b:25:e4:f0:e5:a3:eb:8d:5e:a1:80:7c:f1:
                    4b:5d:5b:69:b6:69:75:98:bc:3f:73:aa:10:99:3c:
                    67:96:01:de:69:0b:89:fc:9c:19:db:7e:cb:d6:8a:
                    a7:a2:3d:bc:12:42:8e:e8:50:6b:ed:ff:8d:eb:40:
                    8e:ef:c1:6b:c7:31:4f:23:0d:4e:37:9c:9c:07:29:
                    a0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C1:AA:2F:63:60:41:1A:09:3A:46:C1:A5:27:C7:B4:22:FE:99:94
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ncGqL2NgQRoJOkbBpSfHtCL-mZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:25::/48
                  2a0f:5707:aa60::/44
                  2a0f:5707:aaf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:3c:29:2b:e4:f2:d1:be:47:15:a6:91:9c:97:a1:fe:6d:e0:
         e9:af:90:5c:3f:22:af:96:8d:6e:16:80:52:91:3c:9e:5e:52:
         e6:8f:e5:17:2d:9b:64:d2:a9:40:8b:46:0d:fa:a9:a0:21:1c:
         80:1b:4a:38:26:c6:d5:0c:a9:65:9f:99:e1:8f:16:2c:15:2a:
         4e:ca:2f:cc:fe:fd:c7:67:d8:59:cc:8d:ab:25:5e:ea:df:09:
         db:03:e9:01:0c:c8:e0:d7:a2:8c:d4:90:8a:62:de:c8:c8:33:
         b8:6a:30:22:b1:ea:de:47:c1:92:98:d8:db:89:cd:b9:6e:a8:
         df:ab:84:44:51:28:be:02:87:aa:26:a8:53:71:6b:f5:4c:73:
         3e:e3:1b:18:91:2f:95:4f:b9:fc:31:8c:d4:8c:7e:b7:41:0a:
         e3:7a:f1:8b:35:18:51:c4:98:0a:34:5e:3f:1b:f8:31:7d:1e:
         43:67:dc:54:ae:b9:f7:37:01:1c:a0:a5:a5:4f:de:55:a7:d9:
         a8:e2:a2:f7:d7:10:78:c2:ca:7f:e2:20:a2:ff:8e:31:85:62:
         40:50:c2:cf:a3:61:da:99:10:5f:88:6f:b9:81:33:82:4a:67:
         13:72:ab:ec:62:ed:01:22:09:69:90:22:e9:84:36:88:3c:0a:
         5a:b1:a7:78
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2wmJpsBoyBAU4SNWFettMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMxYWEyZjYzNjA0MTFhMDkzYTQ2YzFhNTI3YzdiNDIyZmU5OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fIv/X4WI2nZ2Vt9w7mLBCCwMntI
avP6ON7PB1Z6FAuGQcGm867hT0Xg2/kAg0JQqjPx8pr45dMUdJEas1LuBNkHeyH3
/R6AtkWixzW09ntjxfrZpFKe8kLtSqiXvZVcoMxWoddUL/IDOtbBQXFMgUKcYWR0
0tPfPDjPrse9epihrDRdcLx2b/Ndpn68Y/kTe35qiSP/bjpKBAvalDTqTKJg5WgR
6kF2MUuA++nvBIn2X694m5sl5PDlo+uNXqGAfPFLXVtptml1mLw/c6oQmTxnlgHe
aQuJ/JwZ237L1oqnoj28EkKO6FBr7f+N60CO78FrxzFPIw1ON5ycBymgFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ3Bqi9jYEEaCTpGwaUnx7Qi/pmUMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvbmNHcUwyTmdRUm9KT2tiQnBTZkh0Q0wtbVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg9XBwAl
AwcEKg9XB6pgAwcEKg9XB6rwMA0GCSqGSIb3DQEBCwUAA4IBAQAoPCkr5PLRvkcV
ppGcl6H+beDpr5BcPyKvlo1uFoBSkTyeXlLmj+UXLZtk0qlAi0YN+qmgIRyAG0o4
JsbVDKlln5nhjxYsFSpOyi/M/v3HZ9hZzI2rJV7q3wnbA+kBDMjg16KM1JCKYt7I
yDO4ajAisereR8GSmNjbic25bqjfq4REUSi+AoeqJqhTcWv1THM+4xsYkS+VT7n8
MYzUjH63QQrjevGLNRhRxJgKNF4/G/gxfR5DZ9xUrrn3NwEcoKWlT95Vp9mo4qL3
1xB4wsp/4iCi/44xhWJAUMLPo2HamRBfiG+5gTOCSmcTcqvsYu0BIglpkCLphDaI
PApasad4
-----END CERTIFICATE-----