Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/VQCBN8uurWtUQ5RZdJWg77YcRWg.roa
File:                     VQCBN8uurWtUQ5RZdJWg77YcRWg.roa (raw, json)
Hash identifier:          xi1XywUTIdxveyzoMyIdNUPPFcJ6kC1E4TbtPCZ/QGY=
Subject key identifier:   55:00:81:37:CB:AE:AD:6B:54:43:94:59:74:95:A0:EF:B6:1C:45:68
Certificate issuer:       /CN=712f9cb3c298b150beb79080376f74bdeac438ac
Certificate serial:       018CC64A8B61E9B69007071ED677CBDDB5B7
Authority key identifier: 71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/VQCBN8uurWtUQ5RZdJWg77YcRWg.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210118
IP address blocks:        2a00:6060:ff00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8b:61:e9:b6:90:07:07:1e:d6:77:cb:dd:b5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f9cb3c298b150beb79080376f74bdeac438ac
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55008137cbaead6b544394597495a0efb61c4568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:62:e0:3d:c8:9f:f3:2c:9e:d8:0c:40:b6:41:
                    fd:74:50:39:b0:b7:50:f2:6c:55:8a:8a:f2:c1:19:
                    ac:ff:01:57:4e:8d:df:52:8a:f6:88:4d:3a:dd:5b:
                    81:33:77:06:b9:43:22:44:2c:01:01:db:fa:97:0c:
                    a6:59:b5:40:7a:90:a2:78:1c:f2:fc:ce:72:4b:c4:
                    d7:dd:b6:8e:74:49:8f:f5:48:ac:37:4e:28:90:b0:
                    da:4b:29:60:58:50:8d:51:f8:69:f9:b2:f3:33:2b:
                    25:47:ac:19:b5:11:ff:17:3a:fe:73:6f:85:57:51:
                    d6:87:5d:a5:d1:83:74:ca:61:3d:40:0c:b8:de:67:
                    1a:4f:a2:d7:7d:48:67:2b:45:4c:d3:e0:e6:a3:53:
                    9d:4a:02:08:59:02:98:1b:b9:dc:d2:19:7f:e2:f5:
                    d1:48:6a:1b:ef:bf:bd:c7:4b:44:54:7b:6e:d1:b1:
                    60:e1:ec:36:51:f1:a5:c1:31:62:a2:6a:dc:24:86:
                    dc:9d:31:b1:8c:38:56:28:a1:5b:76:4b:d4:cf:31:
                    96:2b:2e:dd:c3:07:2c:0c:08:0b:b3:26:1d:a3:5e:
                    21:7f:70:a6:34:90:68:cd:f5:bc:d2:3f:b2:7e:0d:
                    a3:62:18:4d:8f:c8:6b:83:b5:d2:3f:65:7b:81:5d:
                    4a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:00:81:37:CB:AE:AD:6B:54:43:94:59:74:95:A0:EF:B6:1C:45:68
            X509v3 Authority Key Identifier:
                keyid:71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/VQCBN8uurWtUQ5RZdJWg77YcRWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:6060:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:a2:56:8d:9c:b8:c5:c5:f0:f5:08:4d:df:3e:f3:fb:65:b2:
         39:6a:48:27:b4:95:29:ad:67:e3:66:c0:f5:c3:0d:b3:5c:d9:
         f2:74:59:cb:b6:ff:2c:56:e0:8f:1b:51:e3:c5:e3:88:48:3c:
         62:6a:e9:b8:60:a2:54:bf:c9:6e:67:c6:f1:41:dc:e5:e9:e0:
         fb:18:d5:f9:0b:97:9d:25:53:10:72:41:c2:c8:bf:d7:bb:56:
         9c:77:a2:77:2d:25:13:8c:99:bf:0f:46:a7:18:bd:2a:12:6d:
         57:71:68:fb:37:df:90:47:ac:ed:5f:40:fd:3a:ae:df:dc:7f:
         3c:47:d0:88:38:a1:48:b5:7e:26:8b:a5:50:cd:a7:94:7c:fd:
         42:79:2e:af:ab:3e:43:2c:37:86:61:c6:63:9a:7e:32:1b:98:
         a4:e2:db:7a:cc:be:c7:3d:eb:a3:ea:aa:14:3e:5f:69:47:b4:
         15:b7:f5:35:0e:80:fa:d1:76:23:8e:25:c3:68:e4:7d:9b:c9:
         d5:fc:d0:11:bf:be:e6:cb:40:26:87:e3:1d:29:c7:99:b0:d2:
         62:d3:0c:79:9e:6c:9e:b8:dd:65:14:88:e5:25:cf:04:61:9a:
         35:32:ca:b1:6e:d9:bc:f6:7a:80:b6:6a:1e:4b:26:92:5d:f3:
         22:e6:ad:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSoth6baQBwce1nfL3bW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmY5Y2IzYzI5OGIxNTBiZWI3OTA4MDM3NmY3NGJkZWFj
NDM4YWMwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTAwODEzN2NiYWVhZDZiNTQ0Mzk0NTk3NDk1YTBlZmI2MWM0NTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WLgPcif8yye2AxAtkH9dFA5sLdQ
8mxViorywRms/wFXTo3fUor2iE063VuBM3cGuUMiRCwBAdv6lwymWbVAepCieBzy
/M5yS8TX3baOdEmP9UisN04okLDaSylgWFCNUfhp+bLzMyslR6wZtRH/Fzr+c2+F
V1HWh12l0YN0ymE9QAy43mcaT6LXfUhnK0VM0+Dmo1OdSgIIWQKYG7nc0hl/4vXR
SGob77+9x0tEVHtu0bFg4ew2UfGlwTFiomrcJIbcnTGxjDhWKKFbdkvUzzGWKy7d
wwcsDAgLsyYdo14hf3CmNJBozfW80j+yfg2jYhhNj8hrg7XSP2V7gV1K5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFUAgTfLrq1rVEOUWXSVoO+2HEVoMB8GA1UdIwQY
MBaAFHEvnLPCmLFQvreQgDdvdL3qxDisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEt
OTg3ZGE0MzkyMDU2LzEvVlFDQk44dXVyV3RVUTVSWmRKV2c3N1ljUldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEtOTg3ZGE0MzkyMDU2
LzEvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgBgYP8A
MA0GCSqGSIb3DQEBCwUAA4IBAQAAolaNnLjFxfD1CE3fPvP7ZbI5akgntJUprWfj
ZsD1ww2zXNnydFnLtv8sVuCPG1HjxeOISDxiaum4YKJUv8luZ8bxQdzl6eD7GNX5
C5edJVMQckHCyL/Xu1acd6J3LSUTjJm/D0anGL0qEm1XcWj7N9+QR6ztX0D9Oq7f
3H88R9CIOKFItX4mi6VQzaeUfP1CeS6vqz5DLDeGYcZjmn4yG5ik4tt6zL7HPeuj
6qoUPl9pR7QVt/U1DoD60XYjjiXDaOR9m8nV/NARv77my0Amh+MdKceZsNJi0wx5
nmyeuN1lFIjlJc8EYZo1Msqxbtm89nqAtmoeSyaSXfMi5q3w
-----END CERTIFICATE-----