Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/oslv9P-Wjco8f9v3aO8TbXXCNGo.roa
File:                     oslv9P-Wjco8f9v3aO8TbXXCNGo.roa (raw, json)
Hash identifier:          DNcW1oyBcHuF8zm5Jz3de3XemNGV/dUKb0YhdsfEOWM=
Subject key identifier:   A2:C9:6F:F4:FF:96:8D:CA:3C:7F:DB:F7:68:EF:13:6D:75:C2:34:6A
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFD6FE204533683FE901F46A2498E
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/oslv9P-Wjco8f9v3aO8TbXXCNGo.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131668
IP address blocks:        2a0f:5707:ffa4::/46 maxlen: 48
                          2a0f:5707:fff2::/48 maxlen: 48
                          2a0f:5707:ffa0::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fd:6f:e2:04:53:36:83:fe:90:1f:46:a2:49:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2c96ff4ff968dca3c7fdbf768ef136d75c2346a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8c:d4:b0:c3:7a:a9:9d:74:2e:3b:57:0b:0c:
                    2e:a6:45:e1:f2:2b:ee:48:70:d0:5c:0f:a5:cf:f8:
                    06:7b:45:25:52:56:62:27:81:e3:af:5e:e1:be:92:
                    eb:37:a5:41:5c:d4:8c:80:61:4d:85:65:59:30:2b:
                    8d:e8:97:4f:9b:87:52:b4:34:60:9b:21:28:c1:24:
                    0c:84:f4:6c:37:7f:1c:1d:b9:72:4a:95:8c:d8:4f:
                    b3:63:ca:30:a9:76:ca:99:9d:bf:79:19:b3:56:f5:
                    70:9b:87:12:1b:30:b7:4c:24:7d:1e:ef:72:e7:13:
                    b3:f8:fd:5b:07:05:49:f4:e0:80:5d:8e:dd:56:e0:
                    38:2a:6b:61:7c:32:5b:a9:9d:6e:a6:e9:30:13:3f:
                    a6:d0:e2:ae:cc:ab:ed:0d:44:d3:c5:60:97:9c:28:
                    5a:cf:7a:69:28:79:34:dc:e5:0a:cd:51:cf:9e:1f:
                    e9:31:7b:17:d5:60:40:0c:78:6a:b9:ac:08:72:c3:
                    0e:6b:d2:ff:b8:61:ab:33:65:30:09:a5:0f:5a:90:
                    b1:eb:f6:55:98:65:5c:7d:e9:89:03:b9:6a:77:e3:
                    a4:74:b5:0b:5a:f7:bd:17:74:fe:c7:88:e9:eb:37:
                    95:2c:9b:f1:fd:49:b2:8e:d0:dd:71:e9:fa:47:ca:
                    56:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C9:6F:F4:FF:96:8D:CA:3C:7F:DB:F7:68:EF:13:6D:75:C2:34:6A
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/oslv9P-Wjco8f9v3aO8TbXXCNGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ffa0::/45
                  2a0f:5707:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:12:d1:01:31:be:9a:d8:2a:01:90:76:cb:bd:dc:d5:f3:37:
         35:17:58:08:bb:d8:ee:d2:df:2d:bb:c5:40:25:40:7f:50:fb:
         14:35:ad:94:2c:b6:b6:c4:91:98:72:7a:5d:9a:16:b8:97:d6:
         f6:2b:44:3a:1a:df:cc:5d:50:e4:24:a8:3e:77:67:c3:cf:3d:
         a7:71:54:0d:31:be:14:f7:e3:19:ea:ad:41:d0:e8:74:45:c6:
         07:13:c5:92:4a:4c:d4:da:76:73:ef:e6:8d:5a:0f:dc:88:0b:
         98:10:5c:7b:7e:5f:b8:29:6b:1e:19:dc:15:24:3f:0f:f2:1a:
         f5:81:2b:ac:ef:77:86:2e:fa:b6:97:51:b4:e0:c4:9c:1c:3a:
         77:2f:94:8d:8d:9b:14:48:7e:e4:07:28:0a:d6:e8:ac:85:b8:
         f3:75:6b:f2:6a:01:a9:40:74:1b:de:84:b2:cf:dd:2b:d1:39:
         89:1a:a7:ce:dd:ed:ee:42:4e:cf:27:39:af:37:51:45:16:e3:
         fc:28:0c:b9:c0:9b:37:69:6a:d3:0d:66:98:35:02:8f:26:b6:
         b2:73:c8:c8:42:a4:ba:f8:ad:3e:af:37:28:3f:85:e0:72:0e:
         da:e0:c4:aa:38:45:9c:7b:61:ec:ef:be:d5:b2:21:6d:67:e3:
         92:39:a8:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2v1v4gRTNoP+kB9GokmOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM5NmZmNGZmOTY4ZGNhM2M3ZmRiZjc2OGVmMTM2ZDc1YzIzNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4zUsMN6qZ10LjtXCwwupkXh8ivu
SHDQXA+lz/gGe0UlUlZiJ4Hjr17hvpLrN6VBXNSMgGFNhWVZMCuN6JdPm4dStDRg
myEowSQMhPRsN38cHblySpWM2E+zY8owqXbKmZ2/eRmzVvVwm4cSGzC3TCR9Hu9y
5xOz+P1bBwVJ9OCAXY7dVuA4KmthfDJbqZ1upukwEz+m0OKuzKvtDUTTxWCXnCha
z3ppKHk03OUKzVHPnh/pMXsX1WBADHhquawIcsMOa9L/uGGrM2UwCaUPWpCx6/ZV
mGVcfemJA7lqd+OkdLULWve9F3T+x4jp6zeVLJvx/UmyjtDdcen6R8pWRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKLJb/T/lo3KPH/b92jvE211wjRqMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvb3NsdjlQLVdqY284Zjl2M2FPOFRiWFhDTkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcDKg9XB/+g
AwcAKg9XB//yMA0GCSqGSIb3DQEBCwUAA4IBAQBuEtEBMb6a2CoBkHbLvdzV8zc1
F1gIu9ju0t8tu8VAJUB/UPsUNa2ULLa2xJGYcnpdmha4l9b2K0Q6Gt/MXVDkJKg+
d2fDzz2ncVQNMb4U9+MZ6q1B0Oh0RcYHE8WSSkzU2nZz7+aNWg/ciAuYEFx7fl+4
KWseGdwVJD8P8hr1gSus73eGLvq2l1G04MScHDp3L5SNjZsUSH7kBygK1uishbjz
dWvyagGpQHQb3oSyz90r0TmJGqfO3e3uQk7PJzmvN1FFFuP8KAy5wJs3aWrTDWaY
NQKPJrayc8jIQqS6+K0+rzcoP4Xgcg7a4MSqOEWce2Hs777VsiFtZ+OSOagi
-----END CERTIFICATE-----