Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/qRGjLQntvBAqN_Xt7aIS90yUBHc.roa
File:                     qRGjLQntvBAqN_Xt7aIS90yUBHc.roa (raw, json)
Hash identifier:          2bXJCM8WwuebfGJQ/9C7eiLENqlhXscF/6cLG5KAEvE=
Subject key identifier:   A9:11:A3:2D:09:ED:BC:10:2A:37:F5:ED:ED:A2:12:F7:4C:94:04:77
Certificate issuer:       /CN=d301991fc343f358c0f2eebae55cf2da34521c7a
Certificate serial:       019420D64F85D61FA788513344487528BDDE
Authority key identifier: D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/qRGjLQntvBAqN_Xt7aIS90yUBHc.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15703
IP address blocks:        2a00:a7c0:1026::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4f:85:d6:1f:a7:88:51:33:44:48:75:28:bd:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d301991fc343f358c0f2eebae55cf2da34521c7a
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a911a32d09edbc102a37f5ededa212f74c940477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:48:0d:9b:f3:4b:84:36:7a:17:5c:dd:b0:bd:
                    6c:2d:9d:a3:79:7c:b0:d2:3c:4e:ea:ed:49:2e:ed:
                    2c:96:ed:69:9a:5a:7c:8a:68:26:16:6b:e8:c9:18:
                    66:62:17:4a:43:70:95:1b:45:59:4e:3c:25:17:25:
                    9a:cd:c0:d5:05:02:08:ff:c5:87:c0:85:2e:4f:b7:
                    2b:05:4b:10:50:47:2f:60:61:74:e4:7a:45:09:25:
                    4f:0a:fe:9d:ff:e6:92:a5:27:5c:eb:d8:85:dc:fe:
                    c1:77:19:62:75:14:83:60:2e:d1:96:33:f8:83:83:
                    55:2d:02:b1:44:1e:ac:f4:89:26:02:b9:9d:a1:d4:
                    93:80:cb:16:51:cd:1c:87:77:77:50:bf:aa:b6:f5:
                    77:d3:65:4d:e5:8d:34:ee:f3:37:9c:79:37:61:8b:
                    3a:3f:4d:4e:3c:25:cf:0c:f2:79:6c:58:11:8a:65:
                    94:84:0e:21:e2:7f:2b:c2:46:72:69:05:f9:00:cc:
                    e2:51:bb:32:80:c3:70:4c:f4:1c:b3:04:f6:97:e0:
                    b5:95:f7:c9:e3:4f:da:0d:c1:39:22:f3:7a:97:ce:
                    ea:e8:a9:78:92:7f:fc:6a:2b:70:c8:fe:ed:f3:fc:
                    d4:d7:6a:a6:39:1b:56:eb:59:01:35:a1:e3:11:3d:
                    da:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:11:A3:2D:09:ED:BC:10:2A:37:F5:ED:ED:A2:12:F7:4C:94:04:77
            X509v3 Authority Key Identifier:
                keyid:D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/qRGjLQntvBAqN_Xt7aIS90yUBHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:a7c0:1026::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:4d:18:aa:41:b0:95:1b:8a:2f:d0:7b:9d:9b:76:ef:87:de:
         05:27:80:d8:ea:c3:1a:98:8b:f2:9b:28:59:d3:a7:f6:b5:84:
         52:4c:b4:71:fb:a6:68:71:01:ce:86:96:2e:fb:7c:1f:5f:b8:
         29:d3:70:49:b1:31:22:0e:15:7b:1a:2b:99:d8:7b:44:3e:90:
         57:34:fb:b7:e5:7d:3b:44:32:e2:60:ef:e9:8d:dc:9e:dc:01:
         ba:62:d0:bd:69:b3:41:8c:44:64:60:b8:ea:e3:17:5f:b1:2d:
         34:de:40:70:e8:d7:38:e6:e2:f5:7d:7c:f0:45:71:90:1c:2c:
         3b:11:18:cd:04:3d:22:a6:4b:c1:57:77:f6:31:06:fa:c8:89:
         9a:e5:db:92:2e:cd:22:31:e3:69:98:03:ca:c0:12:94:91:9c:
         01:09:79:d9:bd:4d:64:06:79:1a:10:2f:f7:1c:d7:b7:a0:38:
         8b:5e:ad:14:f4:15:c0:91:be:4b:e9:bb:4c:ef:1b:ec:6a:e0:
         bb:03:ca:6a:33:a6:08:b9:6a:e5:6a:ba:39:61:14:30:47:17:
         4d:33:3a:4e:7f:d7:f6:67:ee:ae:ed:30:59:e4:2a:cb:8e:33:
         3b:5b:84:5c:42:65:02:af:8a:9b:38:ea:5e:93:c4:61:7f:ea:
         2f:18:cf:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1k+F1h+niFEzREh1KL3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMDE5OTFmYzM0M2YzNThjMGYyZWViYWU1NWNmMmRhMzQ1
MjFjN2EwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTExYTMyZDA5ZWRiYzEwMmEzN2Y1ZWRlZGEyMTJmNzRjOTQwNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUgNm/NLhDZ6F1zdsL1sLZ2jeXyw
0jxO6u1JLu0slu1pmlp8imgmFmvoyRhmYhdKQ3CVG0VZTjwlFyWazcDVBQII/8WH
wIUuT7crBUsQUEcvYGF05HpFCSVPCv6d/+aSpSdc69iF3P7BdxlidRSDYC7RljP4
g4NVLQKxRB6s9IkmArmdodSTgMsWUc0ch3d3UL+qtvV302VN5Y007vM3nHk3YYs6
P01OPCXPDPJ5bFgRimWUhA4h4n8rwkZyaQX5AMziUbsygMNwTPQcswT2l+C1lffJ
40/aDcE5IvN6l87q6Kl4kn/8aitwyP7t8/zU12qmORtW61kBNaHjET3aEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKkRoy0J7bwQKjf17e2iEvdMlAR3MB8GA1UdIwQY
MBaAFNMBmR/DQ/NYwPLuuuVc8to0Uhx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQt
Zjk4YzQ4MzAxNWQ3LzEvcVJHakxRbnR2QkFxTl9YdDdhSVM5MHlVQkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQtZjk4YzQ4MzAxNWQ3
LzEvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgCnwBAm
MA0GCSqGSIb3DQEBCwUAA4IBAQCXTRiqQbCVG4ov0Hudm3bvh94FJ4DY6sMamIvy
myhZ06f2tYRSTLRx+6ZocQHOhpYu+3wfX7gp03BJsTEiDhV7GiuZ2HtEPpBXNPu3
5X07RDLiYO/pjdye3AG6YtC9abNBjERkYLjq4xdfsS003kBw6Nc45uL1fXzwRXGQ
HCw7ERjNBD0ipkvBV3f2MQb6yIma5duSLs0iMeNpmAPKwBKUkZwBCXnZvU1kBnka
EC/3HNe3oDiLXq0U9BXAkb5L6btM7xvsauC7A8pqM6YIuWrlaro5YRQwRxdNMzpO
f9f2Z+6u7TBZ5CrLjjM7W4RcQmUCr4qbOOpek8Rhf+ovGM+6
-----END CERTIFICATE-----