Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/nqc-9YDKd79YsE90D6bPl2BpKgE.roa
File:                     nqc-9YDKd79YsE90D6bPl2BpKgE.roa (raw, json)
Hash identifier:          VLqSIZaMWc7sFSdSIdfn5EqqZNs2ezp2l6diOyM4sNY=
Subject key identifier:   9E:A7:3E:F5:80:CA:77:BF:58:B0:4F:74:0F:A6:CF:97:60:69:2A:01
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       019424B3BD05029BC20EEC57DB1BCA2CBFE4
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/nqc-9YDKd79YsE90D6bPl2BpKgE.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133846
IP address blocks:        2a09:b280:ff80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bd:05:02:9b:c2:0e:ec:57:db:1b:ca:2c:bf:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ea73ef580ca77bf58b04f740fa6cf9760692a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e2:c7:37:ce:62:c9:81:5b:37:cd:b5:40:36:
                    91:b9:aa:e2:f9:99:aa:37:29:6d:5e:f7:18:78:38:
                    11:82:2f:12:fd:65:64:ea:99:99:84:1c:83:96:ea:
                    8e:38:a7:28:bd:1c:30:cb:e5:72:74:36:82:7a:56:
                    7d:76:94:77:da:a2:c2:f4:5d:19:5f:19:41:fa:4a:
                    1d:54:65:a2:36:fa:fa:e7:c8:21:c3:5e:99:90:bd:
                    92:98:a9:8f:36:c2:36:17:0b:7f:ba:fd:b6:c6:ab:
                    5f:2f:52:22:2d:38:35:e1:71:2e:df:09:87:26:69:
                    d9:de:7c:d6:83:af:c0:04:ab:48:7c:01:9e:97:15:
                    34:08:82:67:0d:fc:bc:a2:5c:aa:e9:cc:93:ef:7f:
                    f2:f0:b8:de:29:5c:53:33:77:3a:32:dc:4c:e6:e9:
                    ae:a8:76:65:44:db:c3:d3:d1:be:a0:c3:cd:1c:54:
                    6e:9d:30:9d:de:95:13:47:67:f8:f9:18:db:43:5e:
                    e9:4f:28:68:57:5d:c4:83:3e:5b:fb:2b:8a:42:19:
                    6f:14:f7:c8:1e:b8:68:f8:bb:30:d7:4d:c7:03:c1:
                    86:e9:e2:d4:d7:a7:bf:b2:4a:7f:a8:61:6a:3d:28:
                    a7:7b:bb:0e:29:97:50:45:cd:d5:41:49:ef:e4:d0:
                    ab:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A7:3E:F5:80:CA:77:BF:58:B0:4F:74:0F:A6:CF:97:60:69:2A:01
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/nqc-9YDKd79YsE90D6bPl2BpKgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ff80::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:53:00:be:cc:e9:01:a9:37:92:d7:7c:de:93:82:4d:85:
         66:99:ab:1c:98:ad:27:09:c6:9c:6c:56:4a:fa:d4:d4:9d:13:
         ab:ed:41:64:ff:9d:15:39:ee:0c:53:4e:23:57:34:56:d3:4a:
         05:d7:60:90:95:88:ba:f9:25:c3:ba:16:2f:88:58:0f:25:71:
         81:39:42:7f:e4:16:22:39:e8:04:76:29:2d:8e:e5:73:b1:73:
         9f:2d:ba:ba:50:93:a6:30:b5:62:71:33:0f:cb:55:dc:9e:88:
         25:66:d8:de:49:8d:5b:53:70:68:2a:82:20:85:0e:5c:d7:ee:
         eb:6e:92:cf:17:3c:56:e9:94:e8:04:a4:5d:16:0a:17:91:18:
         db:29:40:ef:4e:06:b1:d4:af:b3:e3:30:5a:71:39:8e:74:8a:
         e5:76:95:e2:6f:7b:eb:d3:b7:64:67:7b:35:c9:ac:69:65:f4:
         57:94:98:cc:55:55:7b:fe:4c:b7:44:1e:c6:53:0a:d6:de:e9:
         39:55:05:fa:f9:f0:33:5b:51:b6:15:41:aa:0d:45:d0:c8:4a:
         fd:2b:27:8b:61:ef:d4:b8:0e:e4:b9:0a:fe:6e:77:be:5c:bc:
         33:df:08:36:96:03:e6:f7:5c:dc:54:79:3e:fd:af:51:0a:d3:
         e4:3f:87:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks70FApvCDuxX2xvKLL/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE3M2VmNTgwY2E3N2JmNThiMDRmNzQwZmE2Y2Y5NzYwNjkyYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreLHN85iyYFbN821QDaRuari+Zmq
NyltXvcYeDgRgi8S/WVk6pmZhByDluqOOKcovRwwy+VydDaCelZ9dpR32qLC9F0Z
XxlB+kodVGWiNvr658ghw16ZkL2SmKmPNsI2Fwt/uv22xqtfL1IiLTg14XEu3wmH
JmnZ3nzWg6/ABKtIfAGelxU0CIJnDfy8olyq6cyT73/y8LjeKVxTM3c6MtxM5umu
qHZlRNvD09G+oMPNHFRunTCd3pUTR2f4+RjbQ17pTyhoV13Egz5b+yuKQhlvFPfI
Hrho+Lsw103HA8GG6eLU16e/skp/qGFqPSine7sOKZdQRc3VQUnv5NCrQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ6nPvWAyne/WLBPdA+mz5dgaSoBMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvbnFjLTlZREtkNzlZc0U5MEQ2YlBsMkJwS2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgmygP+A
MA0GCSqGSIb3DQEBCwUAA4IBAQAE/FMAvszpAak3ktd83pOCTYVmmascmK0nCcac
bFZK+tTUnROr7UFk/50VOe4MU04jVzRW00oF12CQlYi6+SXDuhYviFgPJXGBOUJ/
5BYiOegEdiktjuVzsXOfLbq6UJOmMLVicTMPy1XcnoglZtjeSY1bU3BoKoIghQ5c
1+7rbpLPFzxW6ZToBKRdFgoXkRjbKUDvTgax1K+z4zBacTmOdIrldpXib3vr07dk
Z3s1yaxpZfRXlJjMVVV7/ky3RB7GUwrW3uk5VQX6+fAzW1G2FUGqDUXQyEr9KyeL
Ye/UuA7kuQr+bne+XLwz3wg2lgPm91zcVHk+/a9RCtPkP4da
-----END CERTIFICATE-----