Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/qlY6buwvfS8BnPFLAQXRyVhx_l4.roa
File:                     qlY6buwvfS8BnPFLAQXRyVhx_l4.roa (raw, json)
Hash identifier:          bx/hWa3x57JwzWRJdOeX096KavRo16EGex+VEF6HwmQ=
Subject key identifier:   AA:56:3A:6E:EC:2F:7D:2F:01:9C:F1:4B:01:05:D1:C9:58:71:FE:5E
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BF291887B6FB7432D61A8F7138EE3
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/qlY6buwvfS8BnPFLAQXRyVhx_l4.roa
Signing time:             Thu 02 Jan 2025 09:49:56 +0000
ROA not before:           Thu 02 Jan 2025 09:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211684
IP address blocks:        2a0f:5707:b100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f2:91:88:7b:6f:b7:43:2d:61:a8:f7:13:8e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa563a6eec2f7d2f019cf14b0105d1c95871fe5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:1c:cd:cc:3d:43:f3:88:6b:70:a6:02:11:
                    70:a5:4b:ba:80:7e:c8:6b:9f:63:03:4e:a9:8e:79:
                    86:62:0b:5e:c2:83:93:a2:18:60:b9:be:2e:78:b0:
                    58:35:de:e4:1d:21:4f:1c:31:6d:72:82:bf:ea:5d:
                    35:f8:29:be:cc:36:7a:f1:8f:e9:a8:d3:2e:a4:f8:
                    eb:6d:ac:a5:da:b7:37:3b:3a:5f:54:80:65:a9:16:
                    ed:1c:07:b7:cb:3d:24:5e:69:36:7d:4f:ac:14:4b:
                    70:5f:43:9c:ce:96:20:94:2d:c0:29:12:e1:6f:65:
                    9b:f9:da:18:ed:8e:61:6a:6b:7e:0b:c8:a6:3e:ef:
                    6d:60:f9:89:7b:1f:47:8a:cc:75:fc:8e:b6:1d:c1:
                    ea:fc:b2:bd:92:45:83:ba:ba:91:c4:87:23:54:09:
                    46:61:26:23:d8:30:86:3c:dd:2e:ab:1e:9a:7b:02:
                    83:19:b5:8f:69:76:77:51:2a:6c:05:39:f9:66:3b:
                    8c:0a:17:04:42:e7:c0:86:8f:c1:63:eb:23:7c:06:
                    f5:a5:50:df:64:37:fd:66:8f:20:31:2f:6c:c7:eb:
                    df:71:fd:d8:ab:0e:4a:83:bf:f1:a7:04:7b:2b:f4:
                    96:d9:5a:fd:d4:ea:77:74:57:cc:06:fc:9b:f3:11:
                    5f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:56:3A:6E:EC:2F:7D:2F:01:9C:F1:4B:01:05:D1:C9:58:71:FE:5E
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/qlY6buwvfS8BnPFLAQXRyVhx_l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:b100::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:d7:55:14:ae:33:e0:6f:bd:fe:2a:13:b4:8f:ab:8a:d1:77:
         09:7d:df:0f:53:a2:f1:28:0f:e0:e7:c0:cd:f7:50:78:c2:26:
         6e:22:28:15:b4:3e:6d:23:69:f5:9d:b6:a1:31:7e:2b:49:30:
         6d:60:48:7f:53:46:00:bf:37:8b:c6:4e:08:25:cb:79:8f:3c:
         c0:60:52:a9:5d:0a:1e:e7:e0:4f:3d:e8:4a:20:f8:e2:6d:c2:
         46:c0:7c:8e:1e:27:a1:98:bd:ac:8a:33:d1:30:b7:29:de:36:
         50:81:aa:ed:8e:d2:1d:ce:12:59:fb:1f:ee:9c:87:4d:71:15:
         67:e5:e4:4c:d8:7a:2b:48:ea:75:39:7d:b7:4f:42:95:1e:ed:
         ca:3e:c6:70:4e:ab:7d:6c:61:b9:7d:d7:8f:94:7f:f6:a2:35:
         de:67:ac:13:9f:fa:53:e0:2d:5e:04:e1:55:0b:b1:08:2d:0b:
         b1:3b:8c:b2:e8:2c:43:f8:f4:07:d4:af:b0:2e:39:3d:8a:e0:
         27:d9:40:48:21:c0:1c:75:cd:e2:01:5c:db:b0:c5:a7:5b:dd:
         7d:8a:d8:6a:cf:a0:24:42:2e:83:48:e8:c3:2b:50:bd:93:94:
         29:f5:dd:a7:1a:f3:fc:b3:da:86:94:e8:3f:f4:7d:f0:94:86:
         66:2b:34:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma/KRiHtvt0MtYaj3E47jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU2M2E2ZWVjMmY3ZDJmMDE5Y2YxNGIwMTA1ZDFjOTU4NzFmZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtioczcw9Q/OIa3CmAhFwpUu6gH7I
a59jA06pjnmGYgtewoOTohhgub4ueLBYNd7kHSFPHDFtcoK/6l01+Cm+zDZ68Y/p
qNMupPjrbayl2rc3OzpfVIBlqRbtHAe3yz0kXmk2fU+sFEtwX0OczpYglC3AKRLh
b2Wb+doY7Y5hamt+C8imPu9tYPmJex9Hisx1/I62HcHq/LK9kkWDurqRxIcjVAlG
YSYj2DCGPN0uqx6aewKDGbWPaXZ3USpsBTn5ZjuMChcEQufAho/BY+sjfAb1pVDf
ZDf9Zo8gMS9sx+vfcf3Yqw5Kg7/xpwR7K/SW2Vr91Op3dFfMBvyb8xFfkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKpWOm7sL30vAZzxSwEF0clYcf5eMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvcWxZNmJ1d3ZmUzhCblBGTEFRWFJ5Vmh4X2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB7EA
MA0GCSqGSIb3DQEBCwUAA4IBAQCe11UUrjPgb73+KhO0j6uK0XcJfd8PU6LxKA/g
58DN91B4wiZuIigVtD5tI2n1nbahMX4rSTBtYEh/U0YAvzeLxk4IJct5jzzAYFKp
XQoe5+BPPehKIPjibcJGwHyOHiehmL2sijPRMLcp3jZQgartjtIdzhJZ+x/unIdN
cRVn5eRM2HorSOp1OX23T0KVHu3KPsZwTqt9bGG5fdePlH/2ojXeZ6wTn/pT4C1e
BOFVC7EILQuxO4yy6CxD+PQH1K+wLjk9iuAn2UBIIcAcdc3iAVzbsMWnW919ithq
z6AkQi6DSOjDK1C9k5Qp9d2nGvP8s9qGlOg/9H3wlIZmKzSg
-----END CERTIFICATE-----