Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/rau2ucUSWEBufqR7hL7NfF49PQI.roa
File:                     rau2ucUSWEBufqR7hL7NfF49PQI.roa (raw, json)
Hash identifier:          l2NtGqxO+fZ1cz6CPNVtFRvhlJoMF0NOTn48ptV1hp4=
Subject key identifier:   AD:AB:B6:B9:C5:12:58:40:6E:7E:A4:7B:84:BE:CD:7C:5E:3D:3D:02
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB065744556EDC4459A16ABBB4DE85
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/rau2ucUSWEBufqR7hL7NfF49PQI.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208814
IP address blocks:        2a0f:5707:aa10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:57:44:55:6e:dc:44:59:a1:6a:bb:b4:de:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adabb6b9c51258406e7ea47b84becd7c5e3d3d02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9f:27:70:6d:a3:23:51:bb:b0:4c:46:be:97:
                    8c:c1:42:4d:f3:6a:c6:db:96:33:3e:28:37:12:49:
                    9b:41:86:2b:a8:4b:2e:08:e3:01:6b:68:b7:90:34:
                    82:8e:70:1e:ac:f0:37:35:1d:9c:39:2a:d1:a3:13:
                    b2:4b:0f:d9:73:42:e6:90:18:ce:d9:85:a7:54:39:
                    8b:82:e1:92:1f:1a:f2:61:eb:7d:b6:56:65:98:9b:
                    e3:e9:cf:f5:73:2f:17:3a:f1:fc:68:c8:2f:43:ac:
                    80:1f:11:7a:3f:56:32:79:8b:4d:92:a6:12:b1:08:
                    fa:26:ad:fc:79:4f:94:1f:96:18:b9:23:3a:b5:66:
                    d0:55:90:4e:4e:eb:64:fb:3a:b1:a8:e3:29:51:bc:
                    3e:8b:86:2c:15:a0:b2:cf:01:d3:a1:c7:10:a2:79:
                    dc:52:8a:40:97:e2:f0:17:ec:98:c7:97:0a:49:62:
                    10:30:0f:49:31:d8:67:36:eb:ee:aa:bd:35:c0:9b:
                    fe:80:d7:91:41:25:35:e8:ca:44:41:cb:be:8f:b4:
                    b9:1b:45:01:3e:e4:8f:e8:b6:63:f2:e8:3a:c9:09:
                    c4:32:58:15:e2:bb:a5:21:3d:95:f1:79:35:68:16:
                    6b:5d:e4:22:74:c3:47:a6:d2:74:59:c5:6e:ec:3c:
                    61:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:AB:B6:B9:C5:12:58:40:6E:7E:A4:7B:84:BE:CD:7C:5E:3D:3D:02
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/rau2ucUSWEBufqR7hL7NfF49PQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa10::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:3b:3e:06:e4:34:0f:07:05:29:9c:08:02:5d:71:e3:4c:a4:
         37:b9:62:9f:81:ff:ee:4a:54:b6:cd:78:c5:58:0a:49:6d:52:
         c7:e4:1e:5d:b4:97:55:34:fd:bc:22:72:14:16:55:d6:87:9b:
         df:57:d5:9c:01:9e:41:ef:c7:58:15:68:f3:d5:89:6b:bd:86:
         33:98:01:fb:fb:75:30:0d:be:9b:52:40:d0:d9:11:18:30:af:
         b8:54:54:5e:ab:49:1f:b2:3e:34:3d:77:0c:06:d3:2f:1c:01:
         9e:59:1e:d1:51:5a:0e:5c:41:b5:ab:41:83:48:33:e7:29:d2:
         d7:c3:d9:7a:9b:c5:09:99:d7:f9:fe:94:77:1e:1f:91:e8:33:
         e2:23:87:f3:2a:69:be:00:81:98:67:c4:fe:90:d2:ae:6b:f6:
         bd:c2:9d:ce:f6:8d:f5:a0:26:b2:ca:21:0c:55:b7:9c:a0:11:
         2c:a7:29:7a:de:eb:ba:83:52:9f:6a:df:d7:ef:4f:8b:6f:6b:
         be:60:24:55:20:3d:16:a3:2e:7a:06:7c:05:8d:43:86:cf:2b:
         8c:89:a5:ac:40:f0:b7:28:7d:79:1f:c6:cd:bf:71:f3:20:90:
         d0:10:49:c9:ff:3f:ce:0e:4f:02:0e:cd:68:52:e9:e2:b3:f2:
         ad:ca:b6:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wZXRFVu3ERZoWq7tN6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGFiYjZiOWM1MTI1ODQwNmU3ZWE0N2I4NGJlY2Q3YzVlM2QzZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup8ncG2jI1G7sExGvpeMwUJN82rG
25YzPig3EkmbQYYrqEsuCOMBa2i3kDSCjnAerPA3NR2cOSrRoxOySw/Zc0LmkBjO
2YWnVDmLguGSHxryYet9tlZlmJvj6c/1cy8XOvH8aMgvQ6yAHxF6P1YyeYtNkqYS
sQj6Jq38eU+UH5YYuSM6tWbQVZBOTutk+zqxqOMpUbw+i4YsFaCyzwHToccQonnc
UopAl+LwF+yYx5cKSWIQMA9JMdhnNuvuqr01wJv+gNeRQSU16MpEQcu+j7S5G0UB
PuSP6LZj8ug6yQnEMlgV4rulIT2V8Xk1aBZrXeQidMNHptJ0WcVu7DxhqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2rtrnFElhAbn6ke4S+zXxePT0CMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvcmF1MnVjVVNXRUJ1ZnFSN2hMN05mRjQ5UFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6oQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCkOz4G5DQPBwUpnAgCXXHjTKQ3uWKfgf/uSlS2
zXjFWApJbVLH5B5dtJdVNP28InIUFlXWh5vfV9WcAZ5B78dYFWjz1YlrvYYzmAH7
+3UwDb6bUkDQ2REYMK+4VFReq0kfsj40PXcMBtMvHAGeWR7RUVoOXEG1q0GDSDPn
KdLXw9l6m8UJmdf5/pR3Hh+R6DPiI4fzKmm+AIGYZ8T+kNKua/a9wp3O9o31oCay
yiEMVbecoBEspyl63uu6g1Kfat/X70+Lb2u+YCRVID0Woy56BnwFjUOGzyuMiaWs
QPC3KH15H8bNv3HzIJDQEEnJ/z/ODk8CDs1oUunis/KtyrZb
-----END CERTIFICATE-----