Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/w8c5id5uEJjiqIx2aDRzscYnh0Q.roa
File:                     w8c5id5uEJjiqIx2aDRzscYnh0Q.roa (raw, json)
Hash identifier:          ZGMlsSgEfGYXfUR4coXLOeJMzV0UYogvj5jLrD8d9YQ=
Subject key identifier:   C3:C7:39:89:DE:6E:10:98:E2:A8:8C:76:68:34:73:B1:C6:27:87:44
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0C6EE95FD55B29FB7E8917A54456
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/w8c5id5uEJjiqIx2aDRzscYnh0Q.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212592
IP address blocks:        2a0f:5707:aa90::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:6e:e9:5f:d5:5b:29:fb:7e:89:17:a5:44:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3c73989de6e1098e2a88c76683473b1c6278744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:8f:13:4d:8a:d7:50:e0:f8:eb:0d:71:09:
                    b7:84:af:31:83:ec:aa:15:62:50:5e:7c:eb:f5:ff:
                    b9:d0:50:34:75:90:6b:9e:f5:d0:25:81:1a:05:38:
                    05:63:63:b6:05:54:5e:c3:93:06:b3:91:50:e5:42:
                    94:9f:b6:06:0f:bc:75:bf:7c:1f:c9:35:5d:c1:12:
                    cc:ea:a0:6d:ff:ae:d0:66:da:74:c9:5e:ab:69:54:
                    d2:c1:27:b4:15:26:2d:bc:4d:08:9e:95:d6:d1:3a:
                    be:0e:dc:fa:7c:22:1a:3e:62:06:65:ac:20:e0:99:
                    dd:df:a6:8d:7a:b2:33:dc:66:b8:73:a9:0a:da:9b:
                    eb:f7:bb:1f:77:b8:d2:53:48:76:86:d6:b4:07:91:
                    53:bc:9b:5c:dc:d5:ed:43:c5:e8:24:40:0f:86:5e:
                    b1:4e:a5:e8:7f:7f:3f:e7:69:57:89:92:89:7f:e1:
                    2e:62:94:09:44:9b:e3:f0:d4:c4:21:b0:8b:04:21:
                    5c:1c:f0:98:1c:a9:ff:50:5c:40:41:fe:26:5d:3e:
                    e0:fd:31:c4:92:d4:b5:0d:c7:c6:ca:88:53:d6:4d:
                    c1:73:2f:17:91:8f:ff:3c:3c:cd:67:63:d6:98:20:
                    b4:05:07:01:bb:1a:5b:af:50:06:b5:31:5d:5c:c0:
                    77:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C7:39:89:DE:6E:10:98:E2:A8:8C:76:68:34:73:B1:C6:27:87:44
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/w8c5id5uEJjiqIx2aDRzscYnh0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa90::/44

    Signature Algorithm: sha256WithRSAEncryption
         46:4c:a3:fa:23:54:d6:40:0d:3d:74:da:72:42:04:f0:c4:d2:
         eb:b8:33:54:46:b2:a2:0d:02:37:f0:ea:47:bd:99:91:fd:1e:
         c3:61:b5:22:28:83:dd:b8:e2:aa:5f:6e:f3:13:ca:96:75:36:
         86:02:35:0f:56:bd:69:da:1c:9e:53:cb:2b:af:ca:dc:3a:d3:
         96:0d:d3:e5:c0:fd:a0:d0:e1:02:d0:92:e1:fc:ba:67:11:c0:
         07:00:79:00:30:3c:24:b7:4d:ca:08:a9:1e:88:85:9b:d4:c5:
         8d:cb:1b:84:6c:ea:d7:64:50:6f:8a:fc:c0:98:6b:ef:6c:a4:
         c5:ab:82:01:f5:4e:d4:37:d5:9f:93:a8:88:4d:55:1d:8f:08:
         ed:ad:85:5d:58:2c:d9:e1:75:35:04:dc:03:ce:e3:4a:4a:65:
         18:51:8f:67:ba:c1:6e:a2:5c:da:2b:b9:ae:12:01:62:0b:c0:
         ca:96:73:43:98:6d:2d:55:7a:4e:b6:93:62:55:a7:e2:a3:59:
         2c:5b:77:1e:45:07:94:93:a5:41:64:fc:50:d8:a6:61:68:76:
         6d:bb:ce:41:62:f9:51:b3:b9:53:d0:5d:bf:06:18:56:71:10:
         30:3f:90:7d:79:c7:d8:23:f5:a2:4a:03:04:f3:eb:ad:07:aa:
         6e:e1:48:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wxu6V/VWyn7fokXpURWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2M3Mzk4OWRlNmUxMDk4ZTJhODhjNzY2ODM0NzNiMWM2Mjc4NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocuPE02K11Dg+OsNcQm3hK8xg+yq
FWJQXnzr9f+50FA0dZBrnvXQJYEaBTgFY2O2BVRew5MGs5FQ5UKUn7YGD7x1v3wf
yTVdwRLM6qBt/67QZtp0yV6raVTSwSe0FSYtvE0InpXW0Tq+Dtz6fCIaPmIGZawg
4Jnd36aNerIz3Ga4c6kK2pvr97sfd7jSU0h2hta0B5FTvJtc3NXtQ8XoJEAPhl6x
TqXof38/52lXiZKJf+EuYpQJRJvj8NTEIbCLBCFcHPCYHKn/UFxAQf4mXT7g/THE
ktS1DcfGyohT1k3Bcy8XkY//PDzNZ2PWmCC0BQcBuxpbr1AGtTFdXMB3KQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMPHOYnebhCY4qiMdmg0c7HGJ4dEMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvdzhjNWlkNXVFSmppcUl4MmFEUnpzY1luaDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6qQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBGTKP6I1TWQA09dNpyQgTwxNLruDNURrKiDQI3
8OpHvZmR/R7DYbUiKIPduOKqX27zE8qWdTaGAjUPVr1p2hyeU8srr8rcOtOWDdPl
wP2g0OEC0JLh/LpnEcAHAHkAMDwkt03KCKkeiIWb1MWNyxuEbOrXZFBvivzAmGvv
bKTFq4IB9U7UN9Wfk6iITVUdjwjtrYVdWCzZ4XU1BNwDzuNKSmUYUY9nusFuolza
K7muEgFiC8DKlnNDmG0tVXpOtpNiVafio1ksW3ceRQeUk6VBZPxQ2KZhaHZtu85B
YvlRs7lT0F2/BhhWcRAwP5B9ecfYI/WiSgME8+utB6pu4Uje
-----END CERTIFICATE-----