Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/r9VJb-XjQTvjnFdTNfdJdQVBR_A.roa
File:                     r9VJb-XjQTvjnFdTNfdJdQVBR_A.roa (raw, json)
Hash identifier:          oR5CBL5S8aGmDGCLXccnxDbp4au8AeeBuiBUJlUlMK4=
Subject key identifier:   AF:D5:49:6F:E5:E3:41:3B:E3:9C:57:53:35:F7:49:75:05:41:47:F0
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB07D506AF49E14224198B0AA9BBD4
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/r9VJb-XjQTvjnFdTNfdJdQVBR_A.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210590
IP address blocks:        2a0f:5707:111::/48 maxlen: 48
                          2a0f:5707:1000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:d5:06:af:49:e1:42:24:19:8b:0a:a9:bb:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afd5496fe5e3413be39c575335f74975054147f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3f:5c:6f:d1:02:ff:bb:3b:b2:d4:2e:c4:24:
                    db:8a:7e:c6:69:46:27:8e:7c:12:80:19:be:cb:ac:
                    80:5d:6b:37:05:e1:32:5d:98:66:c0:3b:9d:48:c1:
                    2e:e3:84:3f:2e:8b:de:6d:ed:c4:ae:03:0b:50:e9:
                    24:b3:43:6e:8c:c3:88:53:87:70:79:bb:31:20:5e:
                    b7:d6:32:53:6d:fc:d0:b2:48:18:0e:8c:65:ff:a7:
                    6a:8d:b4:3a:94:71:6c:70:da:eb:f6:ce:87:c1:81:
                    bb:71:f9:73:8e:d1:a7:d2:52:0c:14:e6:7a:75:b0:
                    92:94:a3:10:ae:c3:96:6d:5b:72:f1:a1:3f:37:9d:
                    58:04:4e:39:58:db:ed:b2:46:7b:7e:48:87:a5:70:
                    79:97:f2:39:18:fc:d5:9b:96:af:25:87:a8:8b:a8:
                    17:04:47:e6:85:51:bb:bb:a3:80:75:9c:30:b2:15:
                    07:57:1a:84:9d:14:18:0d:06:73:bb:64:fd:76:a6:
                    f7:88:c2:e7:99:cb:4d:3e:2b:a6:07:a8:99:00:ed:
                    a8:4b:70:6b:ea:e7:14:43:32:1b:2a:e5:17:28:b4:
                    39:80:09:07:c9:a5:7d:77:58:27:43:2d:d1:69:a5:
                    85:51:a8:26:2b:20:30:1d:1a:62:72:5c:16:17:1c:
                    81:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D5:49:6F:E5:E3:41:3B:E3:9C:57:53:35:F7:49:75:05:41:47:F0
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/r9VJb-XjQTvjnFdTNfdJdQVBR_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:111::/48
                  2a0f:5707:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:93:0a:d1:06:e5:25:56:1e:96:b5:a5:eb:10:41:c1:a8:d2:
         65:eb:dd:ed:b1:57:3f:7f:57:09:cb:a7:95:9f:39:e2:a7:e3:
         85:64:2b:da:a7:d6:06:86:81:b1:8d:ee:10:1b:e3:55:2f:1f:
         82:94:ac:5c:52:2a:81:d2:ea:dd:0e:a9:67:84:a9:7c:35:1f:
         73:79:2c:24:9a:c6:ca:36:86:e5:f6:64:8c:b3:a0:d1:05:7d:
         ae:87:e5:17:f2:50:17:5e:de:a7:80:bb:75:4c:1f:f0:16:a3:
         ea:9c:d3:a4:02:07:ca:e6:5e:75:f3:d7:53:c6:97:49:e2:58:
         ca:b7:00:fe:bf:7d:b5:bd:55:a5:35:a4:0d:88:3a:cb:0d:d0:
         7d:be:40:e0:93:4b:dc:4e:51:f7:62:06:b2:d5:6d:37:0e:e4:
         80:f8:84:b5:dd:1c:a0:4b:70:4d:b0:1e:99:ed:68:6f:7b:3f:
         ab:2e:fd:ac:c7:c5:c8:93:c1:78:c4:ec:8e:27:7c:3c:ff:00:
         32:d0:3b:19:eb:d8:62:bc:a8:0f:8c:2b:0c:13:ef:4d:ca:e0:
         20:11:71:4b:31:20:f0:c8:18:72:ad:99:87:fd:4f:cf:0a:c1:
         54:56:4d:08:fe:ab:e9:30:d3:8f:4c:34:ae:fa:6a:50:9b:4c:
         2b:fd:4d:8e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2wfVBq9J4UIkGYsKqbvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQ1NDk2ZmU1ZTM0MTNiZTM5YzU3NTMzNWY3NDk3NTA1NDE0N2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkz9cb9EC/7s7stQuxCTbin7GaUYn
jnwSgBm+y6yAXWs3BeEyXZhmwDudSMEu44Q/Lovebe3ErgMLUOkks0NujMOIU4dw
ebsxIF631jJTbfzQskgYDoxl/6dqjbQ6lHFscNrr9s6HwYG7cflzjtGn0lIMFOZ6
dbCSlKMQrsOWbVty8aE/N51YBE45WNvtskZ7fkiHpXB5l/I5GPzVm5avJYeoi6gX
BEfmhVG7u6OAdZwwshUHVxqEnRQYDQZzu2T9dqb3iMLnmctNPiumB6iZAO2oS3Br
6ucUQzIbKuUXKLQ5gAkHyaV9d1gnQy3RaaWFUagmKyAwHRpiclwWFxyB1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK/VSW/l40E745xXUzX3SXUFQUfwMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvcjlWSmItWGpRVHZqbkZkVE5mZEpkUVZCUl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg9XBwER
AwcEKg9XBxAAMA0GCSqGSIb3DQEBCwUAA4IBAQBNkwrRBuUlVh6WtaXrEEHBqNJl
693tsVc/f1cJy6eVnznip+OFZCvap9YGhoGxje4QG+NVLx+ClKxcUiqB0urdDqln
hKl8NR9zeSwkmsbKNobl9mSMs6DRBX2uh+UX8lAXXt6ngLt1TB/wFqPqnNOkAgfK
5l5189dTxpdJ4ljKtwD+v321vVWlNaQNiDrLDdB9vkDgk0vcTlH3Ygay1W03DuSA
+IS13RygS3BNsB6Z7Whvez+rLv2sx8XIk8F4xOyOJ3w8/wAy0DsZ69hivKgPjCsM
E+9NyuAgEXFLMSDwyBhyrZmH/U/PCsFUVk0I/qvpMNOPTDSu+mpQm0wr/U2O
-----END CERTIFICATE-----