Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/QaPuRMvXJV--Fw9AVsI5ZPkc8hY.roa
File:                     QaPuRMvXJV--Fw9AVsI5ZPkc8hY.roa (raw, json)
Hash identifier:          TYXifRDvYSCNyCSvzG/CTgQtlnVhQgEvsEV2BNAGxx0=
Subject key identifier:   41:A3:EE:44:CB:D7:25:5F:BE:17:0F:40:56:C2:39:64:F9:1C:F2:16
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       018CC348A2AC88C8ACEAA1B70E636FBDD990
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/QaPuRMvXJV--Fw9AVsI5ZPkc8hY.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        2001:67c:4f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a2:ac:88:c8:ac:ea:a1:b7:0e:63:6f:bd:d9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41a3ee44cbd7255fbe170f4056c23964f91cf216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e0:4b:49:de:b4:84:15:f1:2d:5a:32:db:f5:
                    91:32:b6:03:ec:b0:41:52:e3:d0:45:ce:bb:36:70:
                    f6:87:b3:90:28:de:63:48:d3:a8:e4:e5:90:53:56:
                    82:8d:6a:8b:21:91:38:3e:42:f9:fb:81:e7:6e:01:
                    ff:bf:af:3e:e2:a5:fb:bc:df:02:68:16:ad:4f:dc:
                    cf:c9:af:f0:12:31:88:32:b2:f9:50:f9:e4:46:72:
                    ea:de:ae:bf:d1:31:7f:27:f4:2e:3f:3e:fb:35:b4:
                    2e:63:e2:39:1a:04:25:22:63:f3:02:59:8a:61:e9:
                    8b:38:b9:d1:c5:d0:d3:3c:9f:ba:c3:50:79:be:03:
                    31:d3:f3:43:07:29:51:99:24:9d:d1:7e:4c:f4:75:
                    cc:dc:58:59:ac:04:a0:13:32:d0:d5:f0:f7:b6:2c:
                    db:d6:f0:90:21:e8:0d:9d:0b:cb:77:68:bd:37:6d:
                    e4:1c:c5:e7:ad:8d:cc:00:e2:4f:45:d5:31:3d:a3:
                    2e:7c:23:cf:68:2b:fe:34:cd:29:a9:bf:14:e6:8e:
                    18:a7:08:58:5f:94:92:35:01:78:19:02:98:24:35:
                    83:b9:87:82:22:ba:05:2b:17:e7:46:c5:84:30:11:
                    fa:5a:6d:95:48:ec:cb:d9:9d:c3:27:ea:ec:c7:9b:
                    9d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A3:EE:44:CB:D7:25:5F:BE:17:0F:40:56:C2:39:64:F9:1C:F2:16
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/QaPuRMvXJV--Fw9AVsI5ZPkc8hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:3c:65:b4:d6:10:4a:37:a0:05:22:21:a5:cb:74:70:4f:
         48:7a:cf:82:2e:64:e2:35:08:94:6f:ce:b0:af:b3:53:36:3d:
         64:92:20:b0:7a:b3:82:72:8c:9f:14:67:cf:01:73:e8:14:b4:
         64:15:7a:c0:0c:5e:75:1f:02:00:85:4a:a7:aa:c2:71:e7:0d:
         75:bd:fb:2a:e9:ba:e0:77:ed:4b:f5:86:b2:60:52:4c:78:92:
         c9:61:51:dd:3d:97:a0:82:13:fa:74:8a:e5:9b:19:c9:d7:0b:
         43:ed:53:4d:c5:01:93:a1:9b:8b:bc:a8:44:0a:f4:59:4d:49:
         91:f0:bf:95:f0:71:e6:c9:5a:50:1e:a1:66:fc:af:d5:ff:bf:
         69:2f:c6:4c:ad:bf:26:41:6a:94:0a:95:44:15:5c:f0:2e:5b:
         98:75:87:30:fa:61:fb:cb:9a:81:34:b3:b3:92:97:a6:3a:4b:
         04:c4:bb:5e:0e:81:45:f7:62:1e:cd:92:6f:09:14:d4:57:35:
         2d:fc:fa:8d:ca:7f:f8:68:40:9f:2e:95:2e:3d:42:53:df:b2:
         65:50:d8:12:76:c6:71:aa:4a:b1:c1:39:c4:02:18:9e:35:5c:
         d4:73:47:7c:78:37:27:32:33:7b:54:e6:d8:4b:5e:13:18:26:
         d6:4c:89:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKKsiMis6qG3DmNvvdmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWEzZWU0NGNiZDcyNTVmYmUxNzBmNDA1NmMyMzk2NGY5MWNmMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveBLSd60hBXxLVoy2/WRMrYD7LBB
UuPQRc67NnD2h7OQKN5jSNOo5OWQU1aCjWqLIZE4PkL5+4HnbgH/v68+4qX7vN8C
aBatT9zPya/wEjGIMrL5UPnkRnLq3q6/0TF/J/QuPz77NbQuY+I5GgQlImPzAlmK
YemLOLnRxdDTPJ+6w1B5vgMx0/NDBylRmSSd0X5M9HXM3FhZrASgEzLQ1fD3tizb
1vCQIegNnQvLd2i9N23kHMXnrY3MAOJPRdUxPaMufCPPaCv+NM0pqb8U5o4YpwhY
X5SSNQF4GQKYJDWDuYeCIroFKxfnRsWEMBH6Wm2VSOzL2Z3DJ+rsx5udWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEGj7kTL1yVfvhcPQFbCOWT5HPIWMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvUWFQdVJNdlhKVi0tRnc5QVZzSTVaUGtjOGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATw
MA0GCSqGSIb3DQEBCwUAA4IBAQBbhjxltNYQSjegBSIhpct0cE9Ies+CLmTiNQiU
b86wr7NTNj1kkiCwerOCcoyfFGfPAXPoFLRkFXrADF51HwIAhUqnqsJx5w11vfsq
6brgd+1L9YayYFJMeJLJYVHdPZegghP6dIrlmxnJ1wtD7VNNxQGToZuLvKhECvRZ
TUmR8L+V8HHmyVpQHqFm/K/V/79pL8ZMrb8mQWqUCpVEFVzwLluYdYcw+mH7y5qB
NLOzkpemOksExLteDoFF92IezZJvCRTUVzUt/PqNyn/4aECfLpUuPUJT37JlUNgS
dsZxqkqxwTnEAhieNVzUc0d8eDcnMjN7VObYS14TGCbWTIl1
-----END CERTIFICATE-----