Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/pRlo-BkJq8pkHifSnXgtDdnt94o.roa
File:                     pRlo-BkJq8pkHifSnXgtDdnt94o.roa (raw, json)
Hash identifier:          NPOdZ2G6FulIOG4Lt75YMcax5ptrALAtJpAds0EUZlE=
Subject key identifier:   A5:19:68:F8:19:09:AB:CA:64:1E:27:D2:9D:78:2D:0D:D9:ED:F7:8A
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0B4B0EFBC234FA2E81B038615DAB
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/pRlo-BkJq8pkHifSnXgtDdnt94o.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212000
IP address blocks:        2a0f:5707:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0b:4b:0e:fb:c2:34:fa:2e:81:b0:38:61:5d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a51968f81909abca641e27d29d782d0dd9edf78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:44:ef:1a:15:8a:aa:ca:14:fe:55:03:ad:c8:
                    9f:2a:3a:9a:6c:fa:22:be:d9:a9:3c:13:47:e5:05:
                    b6:52:df:a0:fa:45:6f:42:e3:64:9d:df:5b:74:99:
                    01:fa:d1:fc:d2:8c:7e:fc:6b:2a:25:db:fc:ed:cc:
                    2d:bf:1b:63:58:ce:b8:6c:98:09:6d:07:68:46:e1:
                    bf:2f:34:4d:a4:f3:f8:2d:59:82:61:f5:ae:60:e7:
                    fb:8e:96:a3:9e:07:9d:ad:5e:0c:a5:8c:e3:b9:3b:
                    83:90:c9:0d:50:e1:5e:2d:2d:b6:1a:28:61:f5:c6:
                    99:6c:2e:76:b5:de:a3:49:8c:5f:88:9a:cb:1e:47:
                    62:5c:9a:47:84:05:ec:a5:9d:6d:67:1a:37:ab:8a:
                    ac:9f:f7:4c:c7:55:f6:fa:02:24:04:eb:61:7b:02:
                    16:d7:94:5a:98:53:fb:b3:f6:54:a8:b0:ab:a7:a8:
                    bd:99:cd:2c:48:f6:d0:aa:31:37:dc:4b:7d:4e:34:
                    cc:38:50:5b:a9:d0:d3:e7:87:80:32:cf:e1:fa:e4:
                    ed:68:36:7b:2d:71:fe:e1:7a:02:1c:8e:d7:4a:3a:
                    40:3d:6a:53:77:a4:7b:bd:81:ff:91:ca:95:46:7e:
                    da:fa:7f:3f:40:d9:ef:0f:83:f5:f8:90:7f:60:e5:
                    9f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:19:68:F8:19:09:AB:CA:64:1E:27:D2:9D:78:2D:0D:D9:ED:F7:8A
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/pRlo-BkJq8pkHifSnXgtDdnt94o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:69:1a:d6:f7:c1:01:11:98:41:83:f2:77:58:99:74:05:63:
         0c:f9:4d:19:79:1e:fc:57:46:93:c8:35:38:7a:45:a8:e8:46:
         5e:ac:23:8f:fd:97:de:ba:40:0a:b9:9c:d7:83:49:7c:1d:f2:
         c3:63:5e:a2:4f:34:7c:e8:1c:e6:28:4e:c5:68:4c:24:c6:cd:
         03:f5:64:e3:ba:26:d0:07:e4:21:fa:14:59:c1:4b:a9:ab:3c:
         a1:12:4d:42:44:2b:41:d8:4c:e1:5e:c5:04:3e:3a:5f:36:f4:
         fe:50:9b:a7:b4:b6:f7:59:2c:04:33:3f:ba:47:60:58:e9:62:
         f5:30:71:ca:19:c7:85:4a:b1:1e:f9:1e:ee:d5:6b:50:63:1c:
         a1:72:77:da:1c:c9:e4:1e:37:94:bb:8b:6f:58:c8:9a:d6:74:
         38:70:4a:4f:b5:a7:8f:89:59:bc:04:8f:59:67:0e:59:39:b8:
         af:30:90:ab:ee:5b:0c:3a:06:92:d0:ee:c3:c9:d3:4b:b2:16:
         78:45:6a:0f:a3:22:9d:3e:f6:ed:11:9f:48:39:f8:44:e8:86:
         b9:f9:43:fc:ad:88:59:b1:e3:0c:05:c4:5b:76:a8:86:16:cd:
         33:e6:ed:2e:ad:bd:b9:75:bc:e7:1c:2b:dd:7f:29:87:59:ad:
         19:6f:e6:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wtLDvvCNPougbA4YV2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTE5NjhmODE5MDlhYmNhNjQxZTI3ZDI5ZDc4MmQwZGQ5ZWRmNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnETvGhWKqsoU/lUDrcifKjqabPoi
vtmpPBNH5QW2Ut+g+kVvQuNknd9bdJkB+tH80ox+/GsqJdv87cwtvxtjWM64bJgJ
bQdoRuG/LzRNpPP4LVmCYfWuYOf7jpajngedrV4MpYzjuTuDkMkNUOFeLS22Gihh
9caZbC52td6jSYxfiJrLHkdiXJpHhAXspZ1tZxo3q4qsn/dMx1X2+gIkBOthewIW
15RamFP7s/ZUqLCrp6i9mc0sSPbQqjE33Et9TjTMOFBbqdDT54eAMs/h+uTtaDZ7
LXH+4XoCHI7XSjpAPWpTd6R7vYH/kcqVRn7a+n8/QNnvD4P1+JB/YOWfxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKUZaPgZCavKZB4n0p14LQ3Z7feKMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvcFJsby1Ca0pxOHBrSGlmU25YZ3REZG50OTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XBwAg
MA0GCSqGSIb3DQEBCwUAA4IBAQA5aRrW98EBEZhBg/J3WJl0BWMM+U0ZeR78V0aT
yDU4ekWo6EZerCOP/ZfeukAKuZzXg0l8HfLDY16iTzR86BzmKE7FaEwkxs0D9WTj
uibQB+Qh+hRZwUupqzyhEk1CRCtB2EzhXsUEPjpfNvT+UJuntLb3WSwEMz+6R2BY
6WL1MHHKGceFSrEe+R7u1WtQYxyhcnfaHMnkHjeUu4tvWMia1nQ4cEpPtaePiVm8
BI9ZZw5ZObivMJCr7lsMOgaS0O7DydNLshZ4RWoPoyKdPvbtEZ9IOfhE6Ia5+UP8
rYhZseMMBcRbdqiGFs0z5u0urb25dbznHCvdfymHWa0Zb+bI
-----END CERTIFICATE-----