Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qjNW91SsNymPNvUgF9Kw8lAnz-w.roa
File:                     qjNW91SsNymPNvUgF9Kw8lAnz-w.roa (raw, json)
Hash identifier:          5tfPpmbaX9wzQiJLX1JsbtpWzREBrPc0U3GvTZMoFrI=
Subject key identifier:   AA:33:56:F7:54:AC:37:29:8F:36:F5:20:17:D2:B0:F2:50:27:CF:EC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F41BA2A5D834D490E015CF320B158
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qjNW91SsNymPNvUgF9Kw8lAnz-w.roa
Signing time:             Tue 02 Jan 2024 04:29:43 +0000
ROA not before:           Tue 02 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56428
IP address blocks:        2a01:7120:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:41:ba:2a:5d:83:4d:49:0e:01:5c:f3:20:b1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa3356f754ac37298f36f52017d2b0f25027cfec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:47:7a:fd:78:ee:23:dc:03:18:f4:8b:e6:c1:
                    d3:32:7f:49:90:b8:4d:dc:dc:c4:52:6c:07:a7:bf:
                    1d:84:08:86:f3:68:48:ea:c0:3b:1a:f5:09:bd:ab:
                    ab:74:82:f2:66:81:bc:08:c8:46:79:9b:f9:6b:f9:
                    e0:2c:b1:2e:be:77:b0:8a:ef:d8:2b:e4:3c:a8:29:
                    0b:a6:a5:30:a2:2a:55:00:c8:63:9a:0d:89:71:2c:
                    f1:6f:16:3b:c3:2a:8b:4a:d6:c1:c1:ce:f5:46:31:
                    b4:58:97:f2:c0:88:54:ca:5d:d4:65:63:29:25:5b:
                    3f:a6:2a:30:b9:9a:dd:d8:35:52:f6:90:96:61:90:
                    c0:4c:7b:23:81:1b:f6:01:80:e5:ad:b0:e0:dd:77:
                    fc:98:13:8a:4d:cb:61:6c:d2:9b:e5:4d:00:f4:3d:
                    03:24:27:c6:b4:f6:b5:e3:8a:83:cd:ca:e9:48:e0:
                    9a:70:b3:00:84:21:45:b8:9b:c7:f6:95:9d:d6:68:
                    ff:41:b2:87:14:65:b0:e6:76:32:51:fe:2e:e5:2f:
                    e3:c5:18:f5:f8:78:f8:a6:6a:50:f2:b9:7e:4f:dd:
                    d8:53:9a:ca:42:75:1d:b7:70:de:62:d2:61:8d:5a:
                    a9:49:2f:01:b8:ab:47:02:40:71:b4:84:4c:c6:83:
                    f6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:33:56:F7:54:AC:37:29:8F:36:F5:20:17:D2:B0:F2:50:27:CF:EC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qjNW91SsNymPNvUgF9Kw8lAnz-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7120:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:8e:24:a3:b9:5c:61:aa:46:c5:7f:e7:ae:dd:7d:60:a6:ac:
         88:a3:78:7b:23:42:75:4b:ce:ec:75:b6:28:04:3c:91:09:10:
         3f:20:cc:98:59:7d:d6:be:c1:8e:a8:50:fd:78:46:7f:bd:ba:
         1e:9c:49:2d:bc:8a:9d:01:5f:3a:bc:24:0c:e0:cb:b4:01:f4:
         68:36:08:de:f4:fe:96:67:01:a9:ad:c5:d2:cc:f8:3d:97:02:
         67:89:f8:99:0f:f6:fd:a4:9e:c2:18:ad:68:c9:1d:4c:00:bb:
         dd:aa:3c:74:cf:89:89:69:0b:bd:2f:5a:9a:a3:12:1b:5e:29:
         70:59:50:71:7f:92:25:50:7f:8a:b6:3c:d1:62:91:15:d0:f7:
         ff:3e:f6:aa:06:f1:0b:c6:10:fe:79:96:99:41:15:b8:e1:c4:
         ad:3f:20:17:99:56:d9:be:95:79:c7:b3:27:6b:97:34:23:2e:
         73:03:6c:21:40:98:02:e7:fb:fc:d1:4d:7f:04:0b:71:5f:6e:
         ad:4d:ca:71:d8:34:cd:6c:32:5c:76:c5:59:03:11:4b:fe:07:
         48:72:7e:9f:ce:17:3d:4d:d1:1b:e8:93:1f:83:e4:6c:39:e2:
         3e:ec:48:6b:2e:86:f8:71:69:29:3c:9f:56:df:1b:f6:16:01:
         91:e1:7b:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb0G6Kl2DTUkOAVzzILFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMzNTZmNzU0YWMzNzI5OGYzNmY1MjAxN2QyYjBmMjUwMjdjZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEd6/XjuI9wDGPSL5sHTMn9JkLhN
3NzEUmwHp78dhAiG82hI6sA7GvUJvaurdILyZoG8CMhGeZv5a/ngLLEuvnewiu/Y
K+Q8qCkLpqUwoipVAMhjmg2JcSzxbxY7wyqLStbBwc71RjG0WJfywIhUyl3UZWMp
JVs/piowuZrd2DVS9pCWYZDATHsjgRv2AYDlrbDg3Xf8mBOKTcthbNKb5U0A9D0D
JCfGtPa144qDzcrpSOCacLMAhCFFuJvH9pWd1mj/QbKHFGWw5nYyUf4u5S/jxRj1
+Hj4pmpQ8rl+T93YU5rKQnUdt3DeYtJhjVqpSS8BuKtHAkBxtIRMxoP2PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKozVvdUrDcpjzb1IBfSsPJQJ8/sMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcWpOVzkxU3NOeW1QTnZVZ0Y5S3c4bEFuei13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFxIAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAGjiSjuVxhqkbFf+eu3X1gpqyIo3h7I0J1S87s
dbYoBDyRCRA/IMyYWX3WvsGOqFD9eEZ/vboenEktvIqdAV86vCQM4Mu0AfRoNgje
9P6WZwGprcXSzPg9lwJnifiZD/b9pJ7CGK1oyR1MALvdqjx0z4mJaQu9L1qaoxIb
XilwWVBxf5IlUH+KtjzRYpEV0Pf/PvaqBvELxhD+eZaZQRW44cStPyAXmVbZvpV5
x7Mna5c0Iy5zA2whQJgC5/v80U1/BAtxX26tTcpx2DTNbDJcdsVZAxFL/gdIcn6f
zhc9TdEb6JMfg+RsOeI+7EhrLob4cWkpPJ9W3xv2FgGR4XtB
-----END CERTIFICATE-----