Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/qqUMQQrSsllOa0o6dQkKNnM3J-w.roa
File:                     qqUMQQrSsllOa0o6dQkKNnM3J-w.roa (raw, json)
Hash identifier:          ltLz1oTKJzOhQXIlkIaWZuFlWVMId1p31670FD76lN4=
Subject key identifier:   AA:A5:0C:41:0A:D2:B2:59:4E:6B:4A:3A:75:09:0A:36:73:37:27:EC
Certificate issuer:       /CN=246f9be783d73d95ab8aa54619e60f9011c04d67
Certificate serial:       018CC6B8E44456B03458FDF93C1A0ED26EFD
Authority key identifier: 24:6F:9B:E7:83:D7:3D:95:AB:8A:A5:46:19:E6:0F:90:11:C0:4D:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/qqUMQQrSsllOa0o6dQkKNnM3J-w.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197937
IP address blocks:        2a13:83c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e4:44:56:b0:34:58:fd:f9:3c:1a:0e:d2:6e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=246f9be783d73d95ab8aa54619e60f9011c04d67
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa50c410ad2b2594e6b4a3a75090a36733727ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f0:3a:3b:42:86:88:c0:0a:b0:7c:67:ef:a5:
                    9a:53:03:54:6a:3e:5b:7f:16:78:e0:21:53:6c:8a:
                    43:e1:1e:24:fd:ee:8a:ef:7c:d4:78:16:4a:b2:4a:
                    da:ed:a3:6f:39:a8:8c:8a:bf:3c:57:56:dd:f8:f4:
                    ca:85:60:b1:4e:21:dd:3a:6f:d9:86:48:23:25:77:
                    1a:c2:28:59:b2:92:d9:85:5e:93:77:43:0b:e0:44:
                    66:85:ce:bd:e0:9c:cf:bd:eb:32:86:d6:06:bf:54:
                    8b:a8:d4:eb:0e:ed:29:d2:55:57:b2:3f:0a:f2:78:
                    78:5d:9e:a1:98:2b:9b:86:b4:44:9e:5e:de:23:6d:
                    10:15:c8:27:36:14:6c:3e:50:3c:3f:54:78:c4:0b:
                    e6:7a:1b:7c:86:86:16:bd:cb:21:e2:ca:56:9f:2b:
                    0a:07:be:d1:c6:b8:27:60:3b:89:86:9a:65:de:88:
                    55:f1:54:d7:e9:18:46:9b:65:d5:c4:06:72:1f:3d:
                    49:dd:a3:94:ab:a6:1c:8a:e1:fd:3c:67:b2:1e:16:
                    e4:d4:36:9e:06:87:b4:fe:f9:72:18:a4:8a:85:1e:
                    18:c7:8d:15:db:f7:bc:e8:99:50:49:a7:02:57:22:
                    d7:44:1a:40:1d:79:6a:53:f9:df:9b:a4:4c:ef:6f:
                    3d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A5:0C:41:0A:D2:B2:59:4E:6B:4A:3A:75:09:0A:36:73:37:27:EC
            X509v3 Authority Key Identifier:
                keyid:24:6F:9B:E7:83:D7:3D:95:AB:8A:A5:46:19:E6:0F:90:11:C0:4D:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/qqUMQQrSsllOa0o6dQkKNnM3J-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:83c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:bf:71:01:15:d8:d8:08:1b:99:4f:87:54:e4:ab:77:84:77:
         7f:a7:35:43:a1:9d:c5:b4:07:63:e2:4c:1d:4a:e6:84:51:8c:
         de:4f:49:f6:f9:fa:f1:c1:b0:45:5a:e3:e6:91:1f:6c:56:60:
         84:ee:e3:29:70:7a:27:4f:c1:7d:bb:37:f7:07:b6:b0:74:a9:
         03:7a:1f:15:57:89:94:a0:da:c9:54:49:cf:2b:59:61:a8:94:
         ea:88:ed:78:e8:90:58:58:90:d2:c9:d2:cd:ef:2c:c1:ce:ea:
         b7:2f:c6:08:0e:a1:17:35:b1:54:a3:9a:d9:fb:a9:2f:21:48:
         5c:89:e3:a1:5c:c6:d5:23:f7:3f:97:f7:74:c2:99:38:f3:54:
         fa:0d:42:8b:1d:8e:06:66:ec:5c:8e:06:4f:46:1e:8e:fe:89:
         d1:53:63:7d:d0:d1:ec:e0:ec:79:50:03:5b:fc:10:b7:e9:e3:
         1a:f9:4f:a5:c0:8d:5a:d5:82:ca:b1:df:c4:fc:69:0f:48:3b:
         bf:8f:f0:53:34:30:47:80:c0:e9:7e:c7:47:e8:11:a3:b1:4f:
         8f:9a:b6:a9:11:07:16:3d:ac:97:0c:88:d7:4f:4f:e8:f9:a2:
         bc:5e:54:18:17:91:a8:e2:73:72:e2:92:57:0a:52:c8:6e:05:
         d0:a9:58:53
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuOREVrA0WP35PBoO0m79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NmY5YmU3ODNkNzNkOTVhYjhhYTU0NjE5ZTYwZjkwMTFj
MDRkNjcwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWE1MGM0MTBhZDJiMjU5NGU2YjRhM2E3NTA5MGEzNjczMzcyN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPA6O0KGiMAKsHxn76WaUwNUaj5b
fxZ44CFTbIpD4R4k/e6K73zUeBZKskra7aNvOaiMir88V1bd+PTKhWCxTiHdOm/Z
hkgjJXcawihZspLZhV6Td0ML4ERmhc694JzPvesyhtYGv1SLqNTrDu0p0lVXsj8K
8nh4XZ6hmCubhrREnl7eI20QFcgnNhRsPlA8P1R4xAvmeht8hoYWvcsh4spWnysK
B77RxrgnYDuJhppl3ohV8VTX6RhGm2XVxAZyHz1J3aOUq6YciuH9PGeyHhbk1Dae
Boe0/vlyGKSKhR4Yx40V2/e86JlQSacCVyLXRBpAHXlqU/nfm6RM72891QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKqlDEEK0rJZTmtKOnUJCjZzNyfsMB8GA1UdIwQY
MBaAFCRvm+eD1z2Vq4qlRhnmD5ARwE1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkctYjU0UFhQWldyaXFWR0dlWVBrQkhBVFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iYWEzNzItODIzYi00YjA3LTlhYWIt
Y2JiZDAxZjJiOTFjLzEvcXFVTVFRclNzbGxPYTBvNmRRa0tObk0zSi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iYWEzNzItODIzYi00YjA3LTlhYWItY2JiZDAxZjJiOTFj
LzEvSkctYjU0UFhQWldyaXFWR0dlWVBrQkhBVFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhODwDAN
BgkqhkiG9w0BAQsFAAOCAQEAR79xARXY2AgbmU+HVOSrd4R3f6c1Q6GdxbQHY+JM
HUrmhFGM3k9J9vn68cGwRVrj5pEfbFZghO7jKXB6J0/Bfbs39we2sHSpA3ofFVeJ
lKDayVRJzytZYaiU6ojteOiQWFiQ0snSze8swc7qty/GCA6hFzWxVKOa2fupLyFI
XInjoVzG1SP3P5f3dMKZOPNU+g1Cix2OBmbsXI4GT0Yejv6J0VNjfdDR7ODseVAD
W/wQt+njGvlPpcCNWtWCyrHfxPxpD0g7v4/wUzQwR4DA6X7HR+gRo7FPj5q2qREH
Fj2slwyI109P6PmivF5UGBeRqOJzcuKSVwpSyG4F0KlYUw==
-----END CERTIFICATE-----