Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/QNdPruQNNM3HKhpFkZQu7o8oe0I.roa
File:                     QNdPruQNNM3HKhpFkZQu7o8oe0I.roa (raw, json)
Hash identifier:          +TbD2c+3wsBiJUMCCjg03Ylxi1qzXbmyvXZ5b8YvNwU=
Subject key identifier:   40:D7:4F:AE:E4:0D:34:CD:C7:2A:1A:45:91:94:2E:EE:8F:28:7B:42
Certificate issuer:       /CN=81e3e697cdd6e225ac5b1161cdf704de9cfc2655
Certificate serial:       018CC348A1705B0823A335E6938CEF4AD82B
Authority key identifier: 81:E3:E6:97:CD:D6:E2:25:AC:5B:11:61:CD:F7:04:DE:9C:FC:26:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gePml83W4iWsWxFhzfcE3pz8JlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/QNdPruQNNM3HKhpFkZQu7o8oe0I.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205491
IP address blocks:        2001:67c:b7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/gePml83W4iWsWxFhzfcE3pz8JlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/gePml83W4iWsWxFhzfcE3pz8JlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gePml83W4iWsWxFhzfcE3pz8JlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a1:70:5b:08:23:a3:35:e6:93:8c:ef:4a:d8:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81e3e697cdd6e225ac5b1161cdf704de9cfc2655
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40d74faee40d34cdc72a1a4591942eee8f287b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0c:26:65:44:d5:24:29:df:fd:ba:1a:02:24:
                    b8:1f:4c:00:97:25:bd:f7:2f:52:8e:95:e4:91:76:
                    2e:07:5d:29:d6:1f:5a:88:6b:63:5e:d8:e4:d6:b0:
                    2c:fc:ee:ec:57:9c:a9:f1:41:47:4d:a7:01:67:70:
                    7e:5d:01:7d:2a:9c:50:60:63:c2:d2:ca:41:64:82:
                    29:d5:bf:54:31:f0:58:39:31:f6:15:0b:e8:69:66:
                    f1:11:53:84:72:df:d4:5b:50:73:ee:80:8a:e3:aa:
                    cc:56:95:f8:d9:cb:82:66:09:90:8f:39:a2:f5:9a:
                    c1:08:c2:b3:5e:59:23:72:05:31:48:85:e0:da:a3:
                    71:35:e4:bc:27:8d:10:45:2e:b5:b0:cd:2e:ec:29:
                    90:60:77:ef:12:84:4b:6a:59:ab:3b:91:17:65:87:
                    34:12:37:87:7d:d4:e4:69:8f:0f:ce:c6:d1:e6:3b:
                    e9:da:b1:40:eb:e0:86:dc:e2:16:4f:01:2a:9e:95:
                    82:17:c6:02:a4:c4:84:ec:63:a6:1c:ce:f0:2d:e0:
                    fc:98:fd:b1:46:cb:a4:4f:32:a7:fb:d4:b3:5d:b1:
                    39:65:4d:ff:9c:42:21:ce:c0:ab:e6:7b:07:9b:35:
                    6d:68:df:02:68:c8:d5:30:e2:0d:19:a6:c3:a5:26:
                    fb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D7:4F:AE:E4:0D:34:CD:C7:2A:1A:45:91:94:2E:EE:8F:28:7B:42
            X509v3 Authority Key Identifier:
                keyid:81:E3:E6:97:CD:D6:E2:25:AC:5B:11:61:CD:F7:04:DE:9C:FC:26:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gePml83W4iWsWxFhzfcE3pz8JlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/QNdPruQNNM3HKhpFkZQu7o8oe0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/fccc7e-b511-451f-b982-dc85864aea89/1/gePml83W4iWsWxFhzfcE3pz8JlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:2f:1d:cd:84:0a:7a:14:83:b7:ea:b1:44:e5:49:0c:65:1a:
         3b:59:64:72:1b:f3:0b:bb:ec:e8:16:e4:65:38:86:2e:22:df:
         14:4f:d0:6f:e8:9c:af:0d:c9:f3:2d:51:d5:3d:bb:cc:4b:81:
         ca:b5:12:8b:8e:7e:dc:42:08:a9:77:1a:80:ea:00:95:d5:a9:
         25:dc:b6:6e:20:0e:69:3d:fc:dc:e7:e6:4a:da:e6:91:8c:bc:
         7e:05:97:41:29:14:93:ff:df:95:53:fa:5b:26:95:0c:fa:1d:
         08:7f:96:6d:4b:5d:85:c1:35:0a:27:00:be:62:4a:6d:1b:e2:
         b0:8a:28:5d:3c:52:12:c9:0c:08:00:aa:42:e7:3d:d5:8b:99:
         d4:de:1d:59:ce:5e:26:f5:2f:60:ab:6d:d1:db:14:b2:13:1f:
         50:d8:fb:60:86:03:cc:f4:f3:26:29:c3:5a:6f:aa:a5:45:fe:
         3e:dd:9f:a5:f4:42:17:73:bb:60:56:f8:23:9e:a0:6d:0a:2f:
         82:5c:ae:3b:cb:0b:a3:10:b9:d8:cf:c8:8b:ce:b5:f1:12:a6:
         97:b8:42:09:8a:4b:41:d8:64:15:0b:67:5f:98:0a:37:61:03:
         9c:d0:cb:85:39:e2:3f:0a:a5:27:3e:7d:cb:d4:c2:f3:79:0a:
         dd:02:e6:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKFwWwgjozXmk4zvStgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZTNlNjk3Y2RkNmUyMjVhYzViMTE2MWNkZjcwNGRlOWNm
YzI2NTUwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ3NGZhZWU0MGQzNGNkYzcyYTFhNDU5MTk0MmVlZThmMjg3YjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQwmZUTVJCnf/boaAiS4H0wAlyW9
9y9SjpXkkXYuB10p1h9aiGtjXtjk1rAs/O7sV5yp8UFHTacBZ3B+XQF9KpxQYGPC
0spBZIIp1b9UMfBYOTH2FQvoaWbxEVOEct/UW1Bz7oCK46rMVpX42cuCZgmQjzmi
9ZrBCMKzXlkjcgUxSIXg2qNxNeS8J40QRS61sM0u7CmQYHfvEoRLalmrO5EXZYc0
EjeHfdTkaY8PzsbR5jvp2rFA6+CG3OIWTwEqnpWCF8YCpMSE7GOmHM7wLeD8mP2x
RsukTzKn+9SzXbE5ZU3/nEIhzsCr5nsHmzVtaN8CaMjVMOINGabDpSb73QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEDXT67kDTTNxyoaRZGULu6PKHtCMB8GA1UdIwQY
MBaAFIHj5pfN1uIlrFsRYc33BN6c/CZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2VQbWw4M1c0aVdzV3hGaHpmY0UzcHo4SmxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mY2NjN2UtYjUxMS00NTFmLWI5ODIt
ZGM4NTg2NGFlYTg5LzEvUU5kUHJ1UU5OTTNIS2hwRmtaUXU3bzhvZTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mY2NjN2UtYjUxMS00NTFmLWI5ODItZGM4NTg2NGFlYTg5
LzEvZ2VQbWw4M1c0aVdzV3hGaHpmY0UzcHo4SmxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAt8
MA0GCSqGSIb3DQEBCwUAA4IBAQAFLx3NhAp6FIO36rFE5UkMZRo7WWRyG/MLu+zo
FuRlOIYuIt8UT9Bv6JyvDcnzLVHVPbvMS4HKtRKLjn7cQgipdxqA6gCV1akl3LZu
IA5pPfzc5+ZK2uaRjLx+BZdBKRST/9+VU/pbJpUM+h0If5ZtS12FwTUKJwC+Ykpt
G+KwiihdPFISyQwIAKpC5z3Vi5nU3h1Zzl4m9S9gq23R2xSyEx9Q2PtghgPM9PMm
KcNab6qlRf4+3Z+l9EIXc7tgVvgjnqBtCi+CXK47ywujELnYz8iLzrXxEqaXuEIJ
iktB2GQVC2dfmAo3YQOc0MuFOeI/CqUnPn3L1MLzeQrdAuZM
-----END CERTIFICATE-----