Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/pqlbIbNJ9fb6HI0B5-w4UgSYcbY.roa
File:                     pqlbIbNJ9fb6HI0B5-w4UgSYcbY.roa (raw, json)
Hash identifier:          mcYLCtbaBwaS/xS6dmXpUntAVPZrHZ1andB/RjcjVcA=
Subject key identifier:   A6:A9:5B:21:B3:49:F5:F6:FA:1C:8D:01:E7:EC:38:52:04:98:71:B6
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       019426D9DBE0988E64EF79527D56789B58B5
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/pqlbIbNJ9fb6HI0B5-w4UgSYcbY.roa
Signing time:             Thu 02 Jan 2025 11:49:59 +0000
ROA not before:           Thu 02 Jan 2025 11:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147049
IP address blocks:        2a13:240::/48 maxlen: 48
                          2a13:240:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:db:e0:98:8e:64:ef:79:52:7d:56:78:9b:58:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jan  2 11:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6a95b21b349f5f6fa1c8d01e7ec3852049871b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:d0:63:af:39:e3:89:f0:30:eb:da:07:a2:
                    bc:cf:6d:97:81:24:6e:c8:bd:a3:e5:23:e3:39:9f:
                    3b:a0:c0:a1:40:a7:6c:9e:20:24:3f:4c:95:45:43:
                    69:d4:63:ca:01:11:c9:dc:94:52:c2:7e:a8:20:c0:
                    b9:59:77:19:7c:d8:2f:85:74:f1:e8:32:66:85:3b:
                    c3:b9:7a:4d:5a:4f:82:67:90:2d:31:b2:83:91:01:
                    a2:88:b2:d5:ac:7c:05:b2:25:67:31:a0:25:4c:e0:
                    32:3a:40:b3:77:bf:83:bb:40:ca:fb:3f:87:4e:e7:
                    3b:c6:95:7c:d2:2e:b1:11:e5:80:97:76:3b:b1:e3:
                    1a:0a:54:55:6f:06:33:70:3a:6c:67:cb:84:7a:e9:
                    42:12:4f:6d:2e:25:8a:92:14:51:53:12:01:41:a5:
                    e6:bc:47:00:4b:21:34:f0:05:f6:30:da:e1:6e:7d:
                    8d:6a:a6:a1:51:fd:93:ec:5d:2b:52:37:82:21:bf:
                    df:1f:5c:50:09:ee:1c:c4:e6:fd:04:68:08:1a:d1:
                    44:4b:52:7e:19:8f:96:1a:8e:2e:9b:b2:92:68:4e:
                    b2:53:9e:f7:f3:e8:49:15:94:52:d9:30:9c:b9:72:
                    e5:75:1c:be:da:cf:55:f1:f0:bc:22:5e:f5:b8:87:
                    10:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A9:5B:21:B3:49:F5:F6:FA:1C:8D:01:E7:EC:38:52:04:98:71:B6
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/pqlbIbNJ9fb6HI0B5-w4UgSYcbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::/48
                  2a13:240:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         da:13:55:f7:7c:ac:a1:25:2d:97:d6:a3:91:64:8b:22:c9:95:
         b7:ff:15:f4:40:af:5d:b7:dc:23:5c:14:98:68:7b:af:3b:53:
         ce:b4:b8:d9:c4:6c:9e:23:6b:a9:18:91:33:2b:2a:96:a6:13:
         ec:a0:2b:37:2c:14:fd:9d:bd:72:2d:56:0f:31:1c:d3:50:9b:
         c4:1e:b0:ae:38:6d:21:c8:38:50:25:c6:c3:df:e3:75:45:90:
         4f:7d:89:7e:d4:74:c3:73:93:02:fb:ba:e3:0f:98:e8:df:c7:
         c8:02:18:9a:58:da:4a:7f:83:05:b2:f9:71:7c:cb:d5:e9:58:
         ac:11:7a:61:f0:28:f4:88:ef:d2:aa:68:91:70:f0:57:aa:b4:
         3a:43:a6:78:de:ec:3b:11:88:d1:c3:a1:64:72:05:7b:ec:53:
         cf:97:36:4e:0f:ed:c3:42:2a:02:40:51:00:e4:6d:29:63:0c:
         84:66:f3:e3:e4:c0:1c:59:4f:c0:ce:2e:c5:d5:71:65:bc:64:
         f5:f8:22:84:d2:39:7e:e3:3c:f9:75:a8:52:1d:66:d9:fc:e9:
         34:eb:cc:13:e7:0d:82:bf:d8:f4:7d:9e:7a:55:0a:79:b2:ed:
         03:c3:e4:05:e2:81:0a:9a:3b:a2:da:8f:30:90:d3:aa:16:c7:
         ca:54:ee:4b
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQm2dvgmI5k73lSfVZ4m1i1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwMTAyMTE0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE5NWIyMWIzNDlmNWY2ZmExYzhkMDFlN2VjMzg1MjA0OTg3MWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PDQY68544nwMOvaB6K8z22XgSRu
yL2j5SPjOZ87oMChQKdsniAkP0yVRUNp1GPKARHJ3JRSwn6oIMC5WXcZfNgvhXTx
6DJmhTvDuXpNWk+CZ5AtMbKDkQGiiLLVrHwFsiVnMaAlTOAyOkCzd7+Du0DK+z+H
Tuc7xpV80i6xEeWAl3Y7seMaClRVbwYzcDpsZ8uEeulCEk9tLiWKkhRRUxIBQaXm
vEcASyE08AX2MNrhbn2NaqahUf2T7F0rUjeCIb/fH1xQCe4cxOb9BGgIGtFES1J+
GY+WGo4um7KSaE6yU5738+hJFZRS2TCcuXLldRy+2s9V8fC8Il71uIcQQwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFKapWyGzSfX2+hyNAefsOFIEmHG2MB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvcHFsYkliTko5ZmI2SEkwQjUtdzRVZ1NZY2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhMCQAAA
AwYAKhMCQEAwDQYJKoZIhvcNAQELBQADggEBANoTVfd8rKElLZfWo5FkiyLJlbf/
FfRAr1233CNcFJhoe687U860uNnEbJ4ja6kYkTMrKpamE+ygKzcsFP2dvXItVg8x
HNNQm8QesK44bSHIOFAlxsPf43VFkE99iX7UdMNzkwL7uuMPmOjfx8gCGJpY2kp/
gwWy+XF8y9XpWKwRemHwKPSI79KqaJFw8FeqtDpDpnje7DsRiNHDoWRyBXvsU8+X
Nk4P7cNCKgJAUQDkbSljDIRm8+PkwBxZT8DOLsXVcWW8ZPX4IoTSOX7jPPl1qFId
Ztn86TTrzBPnDYK/2PR9nnpVCnmy7QPD5AXigQqaO6LajzCQ06oWx8pU7ks=
-----END CERTIFICATE-----