Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/qxVcU78zf1aX866hNEwYMfMwiqg.roa
File:                     qxVcU78zf1aX866hNEwYMfMwiqg.roa (raw, json)
Hash identifier:          p3u+qLzOEhqIK19AG7XuREkdvhyZpCVTb36rYSBzxO4=
Subject key identifier:   AB:15:5C:53:BF:33:7F:56:97:F3:AE:A1:34:4C:18:31:F3:30:8A:A8
Certificate issuer:       /CN=379d103b953071caa9e1a8973808904096e793d8
Certificate serial:       018CC26D05D3601A852A840AABCF92DC2A9C
Authority key identifier: 37:9D:10:3B:95:30:71:CA:A9:E1:A8:97:38:08:90:40:96:E7:93:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/qxVcU78zf1aX866hNEwYMfMwiqg.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        2a06:fcc0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:05:d3:60:1a:85:2a:84:0a:ab:cf:92:dc:2a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=379d103b953071caa9e1a8973808904096e793d8
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab155c53bf337f5697f3aea1344c1831f3308aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:21:77:4e:f5:53:d7:8a:c7:3b:d2:cd:c1:30:
                    bf:d2:44:85:4a:d9:4d:40:43:9a:e4:98:f3:97:b5:
                    28:b2:cb:0f:cf:da:88:38:96:f4:ee:bd:2d:cf:3e:
                    e6:79:dc:44:1e:90:1d:7c:22:7f:d6:cc:ca:e3:d2:
                    df:e1:e3:e1:42:8b:c9:15:c0:78:0f:5d:11:47:2f:
                    22:cd:e6:93:92:22:9b:40:0e:5c:e6:a7:d8:d4:4b:
                    03:50:3a:05:4e:d3:25:bd:f1:00:f5:0e:af:4e:74:
                    da:89:c1:74:de:02:b8:29:82:d6:cf:f3:c8:e2:cd:
                    24:77:da:75:56:f1:39:d9:7c:b1:a0:33:c5:1e:ff:
                    1b:4d:41:60:b6:63:d9:ba:a4:6f:88:0d:ff:4b:31:
                    0a:64:ea:3f:21:0e:fd:70:d2:46:0a:e6:71:26:c7:
                    d3:69:24:4d:a1:79:b0:11:a8:c8:a7:62:7d:1f:9d:
                    f5:ec:a5:8b:07:76:a3:0e:34:24:55:2f:88:f0:74:
                    11:ba:12:be:e1:71:3e:04:ee:4a:33:1e:26:79:2f:
                    d5:cc:a0:ba:f1:74:07:7b:55:2f:8b:f6:e2:93:27:
                    c5:c8:9a:4c:35:2b:89:6b:33:d9:da:2a:1a:a4:c6:
                    b2:88:4d:04:e5:09:d9:f9:e5:8c:97:64:6a:84:15:
                    c5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:15:5C:53:BF:33:7F:56:97:F3:AE:A1:34:4C:18:31:F3:30:8A:A8
            X509v3 Authority Key Identifier:
                keyid:37:9D:10:3B:95:30:71:CA:A9:E1:A8:97:38:08:90:40:96:E7:93:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N50QO5Uwccqp4aiXOAiQQJbnk9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/qxVcU78zf1aX866hNEwYMfMwiqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b18d38-9cf9-4519-911e-df2ac13cdb8b/1/N50QO5Uwccqp4aiXOAiQQJbnk9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fcc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:6f:b7:d3:f3:23:9e:b9:46:63:3b:34:6a:22:39:d8:41:8a:
         40:0c:22:7d:0b:14:71:cf:e1:21:36:7b:7e:25:c5:b9:06:49:
         b1:cf:00:7c:0d:4c:86:13:2c:72:ba:20:84:47:3f:e8:39:e7:
         92:49:eb:ac:44:ab:49:09:7d:2d:83:df:ff:04:9c:01:8c:55:
         af:ff:4a:4c:fe:de:11:d3:32:74:e0:fc:e9:26:78:32:89:2d:
         0f:10:63:23:45:53:ca:d3:7a:59:eb:5e:db:ee:73:5e:da:ae:
         1b:47:ea:54:29:f6:22:a9:23:1f:b3:98:a0:85:03:be:b5:13:
         74:0b:56:fe:a0:39:b0:7e:85:42:f8:91:b9:29:68:c2:74:29:
         a4:57:88:38:a3:36:c4:99:fc:44:22:b3:75:54:8d:5f:21:a4:
         b9:a0:9f:a2:91:6b:09:95:7e:48:80:91:1a:69:84:23:d4:de:
         9e:c9:32:6b:d8:d7:77:02:d9:28:a5:17:a6:2c:2a:8e:b0:92:
         d8:a3:3c:4a:f2:27:a9:9a:72:1e:ba:9b:3e:6b:3f:9c:29:10:
         15:5b:44:89:7d:8b:d9:0e:5c:e6:47:4f:72:38:02:f4:21:48:
         b7:66:8f:79:55:84:8a:e3:e0:e1:82:71:68:d9:98:c2:dd:ee:
         18:64:72:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbQXTYBqFKoQKq8+S3CqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OWQxMDNiOTUzMDcxY2FhOWUxYTg5NzM4MDg5MDQwOTZl
NzkzZDgwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjE1NWM1M2JmMzM3ZjU2OTdmM2FlYTEzNDRjMTgzMWYzMzA4YWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCF3TvVT14rHO9LNwTC/0kSFStlN
QEOa5Jjzl7UosssPz9qIOJb07r0tzz7medxEHpAdfCJ/1szK49Lf4ePhQovJFcB4
D10RRy8izeaTkiKbQA5c5qfY1EsDUDoFTtMlvfEA9Q6vTnTaicF03gK4KYLWz/PI
4s0kd9p1VvE52XyxoDPFHv8bTUFgtmPZuqRviA3/SzEKZOo/IQ79cNJGCuZxJsfT
aSRNoXmwEajIp2J9H5317KWLB3ajDjQkVS+I8HQRuhK+4XE+BO5KMx4meS/VzKC6
8XQHe1Uvi/bikyfFyJpMNSuJazPZ2ioapMayiE0E5QnZ+eWMl2RqhBXFbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKsVXFO/M39Wl/OuoTRMGDHzMIqoMB8GA1UdIwQY
MBaAFDedEDuVMHHKqeGolzgIkECW55PYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjUwUU81VXdjY3FwNGFpWE9BaVFRSmJuazlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iMThkMzgtOWNmOS00NTE5LTkxMWUt
ZGYyYWMxM2NkYjhiLzEvcXhWY1U3OHpmMWFYODY2aE5Fd1lNZk13aXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iMThkMzgtOWNmOS00NTE5LTkxMWUtZGYyYWMxM2NkYjhi
LzEvTjUwUU81VXdjY3FwNGFpWE9BaVFRSmJuazlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgb8wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBCb7fT8yOeuUZjOzRqIjnYQYpADCJ9CxRxz+Eh
Nnt+JcW5BkmxzwB8DUyGEyxyuiCERz/oOeeSSeusRKtJCX0tg9//BJwBjFWv/0pM
/t4R0zJ04PzpJngyiS0PEGMjRVPK03pZ617b7nNe2q4bR+pUKfYiqSMfs5ighQO+
tRN0C1b+oDmwfoVC+JG5KWjCdCmkV4g4ozbEmfxEIrN1VI1fIaS5oJ+ikWsJlX5I
gJEaaYQj1N6eyTJr2Nd3AtkopRemLCqOsJLYozxK8iepmnIeups+az+cKRAVW0SJ
fYvZDlzmR09yOAL0IUi3Zo95VYSK4+DhgnFo2ZjC3e4YZHIT
-----END CERTIFICATE-----