Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vvEa_L8gyOSIkK1b7pZs8kBs5vk.roa
File:                     vvEa_L8gyOSIkK1b7pZs8kBs5vk.roa (raw, json)
Hash identifier:          qdv4yhP7e80WZvLYaCGMH+0V5BPvh0wF1TtCzlyZCbY=
Subject key identifier:   BE:F1:1A:FC:BF:20:C8:E4:88:90:AD:5B:EE:96:6C:F2:40:6C:E6:F9
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0E57A402615554D958B92960DBD1
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vvEa_L8gyOSIkK1b7pZs8kBs5vk.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216223
IP address blocks:        2a0f:5707:ab40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0e:57:a4:02:61:55:54:d9:58:b9:29:60:db:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bef11afcbf20c8e48890ad5bee966cf2406ce6f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:50:6a:d4:b9:79:f3:6b:0d:bf:55:8e:89:73:
                    8c:26:08:0c:5d:40:0a:1f:fe:ba:9d:ea:7b:d4:aa:
                    0b:94:12:13:44:ac:17:39:9b:84:68:82:71:2a:68:
                    6d:06:cb:3a:82:a2:1e:f1:63:2b:bd:93:f2:fc:36:
                    be:c7:e3:13:60:ba:ac:c8:14:30:23:96:2f:87:eb:
                    ba:f6:d5:d2:91:80:be:bc:40:6f:b1:e9:c0:23:84:
                    c1:2e:8a:82:a9:44:e3:c7:aa:d7:c0:f3:36:c5:db:
                    0a:51:42:6c:fe:ff:7b:fa:9a:eb:a5:08:ec:24:6d:
                    9a:51:33:d6:46:84:f6:91:3e:19:7d:97:9f:4f:55:
                    30:b1:eb:e8:c1:5a:2c:17:c7:da:fa:e5:db:a5:9f:
                    b5:03:0f:69:e8:61:39:24:01:0c:c5:dd:c7:3c:0f:
                    f9:ea:a8:dd:3f:de:52:7d:4a:07:1c:13:a1:da:78:
                    45:5a:6f:c3:f2:ed:36:d6:cf:62:6d:1a:f8:b3:cb:
                    f3:e7:4f:be:60:c7:e5:95:ab:9f:c1:e6:97:11:a8:
                    61:5d:04:21:da:cc:3a:92:09:bd:e3:f5:59:57:18:
                    f9:41:39:08:66:ef:ca:80:23:cc:b8:b1:e0:e5:45:
                    1a:eb:17:24:05:52:29:3a:3d:04:e8:e8:7b:f3:7b:
                    56:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F1:1A:FC:BF:20:C8:E4:88:90:AD:5B:EE:96:6C:F2:40:6C:E6:F9
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vvEa_L8gyOSIkK1b7pZs8kBs5vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab40::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:d2:92:f0:67:a8:f7:31:de:45:3c:95:4b:30:52:b8:96:2d:
         58:31:e9:65:4a:3a:28:2b:6b:19:08:f8:45:84:7b:01:a4:fb:
         81:cf:c4:3d:95:f3:fb:15:dd:5e:ec:69:df:7b:41:74:db:ec:
         0d:5b:00:c1:63:14:ad:9b:ad:68:45:a8:98:d9:15:41:21:12:
         02:9c:2e:47:23:22:06:dc:ea:c7:ae:e9:78:51:4b:9a:8a:0e:
         5a:e2:1a:1d:a5:5b:f1:9a:d2:e6:7a:dd:76:81:c2:c4:04:55:
         bc:86:6b:8e:a8:3b:83:06:69:55:1e:9a:45:cb:d7:08:62:90:
         65:a5:05:f7:1d:e3:70:15:3a:d3:67:a5:c3:f9:36:b7:58:10:
         84:00:93:e9:72:f1:22:28:59:1c:b3:a3:8c:a3:85:e4:91:40:
         ec:95:a9:80:5c:dd:d3:a2:10:71:a4:0a:30:22:84:11:1b:36:
         e9:99:11:77:e3:3b:2b:31:19:43:03:a0:a2:fa:c9:36:73:f4:
         9d:59:bb:76:2b:b8:5e:56:8d:16:f4:16:03:1b:d3:8c:7f:b3:
         d7:d9:78:d9:3a:03:4e:98:62:9d:39:75:f7:14:22:c7:1a:fe:
         3b:eb:24:c5:34:36:32:5f:52:fe:f6:de:f1:d3:be:a5:90:11:
         16:13:6f:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2w5XpAJhVVTZWLkpYNvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWYxMWFmY2JmMjBjOGU0ODg5MGFkNWJlZTk2NmNmMjQwNmNlNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglBq1Ll582sNv1WOiXOMJggMXUAK
H/66nep71KoLlBITRKwXOZuEaIJxKmhtBss6gqIe8WMrvZPy/Da+x+MTYLqsyBQw
I5Yvh+u69tXSkYC+vEBvsenAI4TBLoqCqUTjx6rXwPM2xdsKUUJs/v97+prrpQjs
JG2aUTPWRoT2kT4ZfZefT1UwsevowVosF8fa+uXbpZ+1Aw9p6GE5JAEMxd3HPA/5
6qjdP95SfUoHHBOh2nhFWm/D8u021s9ibRr4s8vz50++YMfllaufweaXEahhXQQh
2sw6kgm94/VZVxj5QTkIZu/KgCPMuLHg5UUa6xckBVIpOj0E6Oh783tWhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL7xGvy/IMjkiJCtW+6WbPJAbOb5MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvdnZFYV9MOGd5T1NJa0sxYjdwWnM4a0JzNXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6tA
MA0GCSqGSIb3DQEBCwUAA4IBAQCD0pLwZ6j3Md5FPJVLMFK4li1YMellSjooK2sZ
CPhFhHsBpPuBz8Q9lfP7Fd1e7Gnfe0F02+wNWwDBYxStm61oRaiY2RVBIRICnC5H
IyIG3OrHrul4UUuaig5a4hodpVvxmtLmet12gcLEBFW8hmuOqDuDBmlVHppFy9cI
YpBlpQX3HeNwFTrTZ6XD+Ta3WBCEAJPpcvEiKFkcs6OMo4XkkUDslamAXN3TohBx
pAowIoQRGzbpmRF34zsrMRlDA6Ci+sk2c/SdWbt2K7heVo0W9BYDG9OMf7PX2XjZ
OgNOmGKdOXX3FCLHGv476yTFNDYyX1L+9t7x076lkBEWE2+P
-----END CERTIFICATE-----