Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/Q1TIyJpbXDc4qNPPE6NW6EFQQ1w.roa
File:                     Q1TIyJpbXDc4qNPPE6NW6EFQQ1w.roa (raw, json)
Hash identifier:          /ZxQ72JF3LrvgUS877Cb9ylOYpF8Pl/ZOWpKfZWqRFg=
Subject key identifier:   43:54:C8:C8:9A:5B:5C:37:38:A8:D3:CF:13:A3:56:E8:41:50:43:5C
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       018CC493943D733075CF895E33D595C071D0
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/Q1TIyJpbXDc4qNPPE6NW6EFQQ1w.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31056
IP address blocks:        2a00:8647::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:3d:73:30:75:cf:89:5e:33:d5:95:c0:71:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4354c8c89a5b5c3738a8d3cf13a356e84150435c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:87:c7:8c:f6:89:df:bf:f9:81:9c:cd:61:4b:
                    f2:76:ff:6f:1a:80:62:c2:33:f3:b5:bf:0f:b6:3b:
                    ab:ae:07:c1:f7:cf:c6:42:d4:6d:84:af:3e:98:67:
                    1a:d4:78:c8:75:f5:88:01:14:01:16:26:d8:45:e8:
                    10:0b:22:3e:0f:69:c9:ad:e0:76:df:c0:9c:a1:c0:
                    e8:ec:52:b4:39:55:1e:a0:0e:8d:20:c1:03:e7:5b:
                    8c:6e:3f:5b:a5:5b:c5:fc:c7:14:9d:4b:5d:35:e7:
                    05:28:0c:14:ac:da:c8:fb:c2:63:36:b8:8e:2e:89:
                    7d:87:9f:17:21:c0:91:e8:22:a2:f0:0c:90:c9:78:
                    ee:6e:68:34:8c:43:13:f7:6c:01:ba:a3:c6:5f:2d:
                    f8:6d:b8:a3:2f:14:c6:ae:80:e8:ab:1b:98:b1:2e:
                    6d:1e:ef:81:8b:1a:35:92:0f:bf:b0:e8:73:9f:8b:
                    25:68:eb:fb:fa:e2:74:73:ca:ba:b2:fe:c6:e0:81:
                    0b:8d:e4:cd:c6:0a:9d:de:65:51:d8:72:c2:89:a2:
                    17:d6:b2:62:57:76:b8:c2:60:7a:c9:42:6f:7e:7e:
                    72:41:1e:55:91:d4:aa:58:23:5f:2d:fc:57:49:e9:
                    04:91:81:ba:c3:00:ef:e4:90:a0:83:d4:d5:6b:43:
                    8c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:54:C8:C8:9A:5B:5C:37:38:A8:D3:CF:13:A3:56:E8:41:50:43:5C
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/Q1TIyJpbXDc4qNPPE6NW6EFQQ1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8647::/32

    Signature Algorithm: sha256WithRSAEncryption
         ca:c5:4f:f9:c1:3c:52:c4:38:88:92:1a:7c:a9:93:85:16:49:
         e4:d3:b3:56:0c:2a:e7:8f:05:37:e9:e7:e2:b1:c9:33:ec:85:
         ff:38:bc:87:cb:fb:74:eb:72:56:d0:3a:2b:32:db:b3:d8:f9:
         0f:7f:6b:0b:5b:2d:9f:6e:ae:f5:c0:8e:49:be:8e:ae:8b:3f:
         86:b8:02:c2:3c:e8:35:0c:78:ff:f8:3b:d4:d7:b5:4a:59:4b:
         2a:76:79:63:a2:c4:19:42:ff:7f:fc:35:07:a9:e2:9e:fe:7e:
         e2:62:24:da:89:34:11:59:14:0c:cd:8a:a9:c2:33:6d:de:05:
         1f:35:e2:62:36:f9:55:9a:ac:b0:61:19:e6:9d:bb:a0:95:fe:
         14:1a:dc:1b:fc:b6:63:c3:62:3c:50:33:26:d8:9e:0b:a2:a8:
         ed:75:6e:27:ca:2b:5b:5c:a6:13:56:6d:95:98:84:f2:4c:2a:
         35:ed:14:80:e2:c3:96:f0:00:09:ac:f8:c3:a0:bf:74:98:f3:
         2f:51:bd:b0:e4:ed:02:50:fa:29:9d:30:0d:97:b7:16:60:4c:
         b7:d1:5a:9d:cf:a1:1d:9b:4d:21:7a:71:d3:9e:7b:6a:9d:bc:
         c4:49:d5:ee:25:e4:4b:5f:98:6a:47:42:6e:13:d5:73:e0:c6:
         40:67:ae:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk5Q9czB1z4leM9WVwHHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzU0YzhjODlhNWI1YzM3MzhhOGQzY2YxM2EzNTZlODQxNTA0MzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4fHjPaJ37/5gZzNYUvydv9vGoBi
wjPztb8PtjurrgfB98/GQtRthK8+mGca1HjIdfWIARQBFibYRegQCyI+D2nJreB2
38CcocDo7FK0OVUeoA6NIMED51uMbj9bpVvF/McUnUtdNecFKAwUrNrI+8JjNriO
Lol9h58XIcCR6CKi8AyQyXjubmg0jEMT92wBuqPGXy34bbijLxTGroDoqxuYsS5t
Hu+Bixo1kg+/sOhzn4slaOv7+uJ0c8q6sv7G4IELjeTNxgqd3mVR2HLCiaIX1rJi
V3a4wmB6yUJvfn5yQR5VkdSqWCNfLfxXSekEkYG6wwDv5JCgg9TVa0OM3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFENUyMiaW1w3OKjTzxOjVuhBUENcMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvUTFUSXlKcGJYRGM0cU5QUEU2Tlc2RUZRUTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCGRzAN
BgkqhkiG9w0BAQsFAAOCAQEAysVP+cE8UsQ4iJIafKmThRZJ5NOzVgwq548FN+nn
4rHJM+yF/zi8h8v7dOtyVtA6KzLbs9j5D39rC1stn26u9cCOSb6Oros/hrgCwjzo
NQx4//g71Ne1SllLKnZ5Y6LEGUL/f/w1B6ninv5+4mIk2ok0EVkUDM2KqcIzbd4F
HzXiYjb5VZqssGEZ5p27oJX+FBrcG/y2Y8NiPFAzJtieC6Ko7XVuJ8orW1ymE1Zt
lZiE8kwqNe0UgOLDlvAACaz4w6C/dJjzL1G9sOTtAlD6KZ0wDZe3FmBMt9Fanc+h
HZtNIXpx0557ap28xEnV7iXkS1+YakdCbhPVc+DGQGeuxA==
-----END CERTIFICATE-----