Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/Q_xfBz_vmbmf04iLk1lp1dI9p0Y.roa
File:                     Q_xfBz_vmbmf04iLk1lp1dI9p0Y.roa (raw, json)
Hash identifier:          gVZTfmVJp4+73Io4Q8OHJ7aJztUz++T3QQqctnmqDKo=
Subject key identifier:   43:FC:5F:07:3F:EF:99:B9:9F:D3:88:8B:93:59:69:D5:D2:3D:A7:46
Certificate issuer:       /CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
Certificate serial:       018CC34947E6F13E94B417C8485A41AF3D8F
Authority key identifier: 0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/Q_xfBz_vmbmf04iLk1lp1dI9p0Y.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0e:48c4::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:47:e6:f1:3e:94:b4:17:c8:48:5a:41:af:3d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43fc5f073fef99b99fd3888b935969d5d23da746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:74:31:a1:63:a9:6a:14:a5:c6:c8:a8:95:9a:
                    c3:32:41:29:21:99:18:98:ee:be:6e:0e:cb:1a:e7:
                    e7:b9:f3:9f:43:65:1a:49:47:ed:98:05:40:a4:f3:
                    af:f0:72:7c:2b:38:81:dd:1e:d4:bd:55:6c:0e:e9:
                    b0:9a:6a:18:bd:14:27:01:a4:d0:72:30:27:a6:53:
                    d8:a9:f4:60:c6:23:a6:fa:6e:86:5c:a9:fe:3c:cc:
                    1b:2f:23:72:87:42:2b:cd:7c:62:46:ed:a6:df:67:
                    ca:ae:13:b3:46:ea:38:47:92:fb:39:87:b7:3d:2d:
                    49:c7:f8:64:80:c3:92:d4:b5:8e:3a:0f:e1:33:2c:
                    48:cb:2b:78:c3:e2:1e:aa:9e:5b:68:d5:f7:05:1e:
                    ef:88:4a:0a:0d:b2:8b:ba:63:d2:1e:8b:65:95:5e:
                    5f:a0:a8:a0:58:5d:fd:e5:df:0d:71:5b:3d:56:f6:
                    73:a5:8d:e9:bc:fb:2d:3f:33:95:c4:0d:95:20:e5:
                    25:9e:fb:95:8e:00:5e:43:79:46:5f:3c:77:4b:8d:
                    8f:b8:49:52:19:76:88:8d:bd:9c:8b:cf:24:9b:37:
                    dc:bc:2d:ae:60:80:e8:d4:48:9b:64:59:3e:c9:5e:
                    f8:9f:12:0c:7e:46:ee:ef:18:94:39:9f:8d:6a:ab:
                    26:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FC:5F:07:3F:EF:99:B9:9F:D3:88:8B:93:59:69:D5:D2:3D:A7:46
            X509v3 Authority Key Identifier:
                keyid:0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/Q_xfBz_vmbmf04iLk1lp1dI9p0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:48c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:10:65:83:36:9b:49:69:4a:78:c6:9d:4c:c5:1d:42:db:4d:
         c5:ec:07:ef:07:da:f3:72:b7:14:6e:c6:14:9e:64:bb:07:fc:
         24:85:2b:a7:db:fa:93:8d:fb:0e:c0:28:c5:86:38:a0:9f:11:
         df:92:2a:31:cf:27:1b:71:3d:66:4c:e8:38:6e:b7:1f:0c:9c:
         62:22:74:38:4e:3c:96:fd:51:48:fc:44:b4:6f:b5:96:dc:88:
         08:fa:3e:49:e9:d1:d5:a9:df:1c:f1:f6:bb:0b:f8:26:31:f0:
         4e:4b:da:1e:ad:51:d0:6e:a9:6f:e7:dd:e5:eb:18:f1:b7:1f:
         3a:1d:0d:55:60:0a:40:8e:df:b7:c1:f3:54:10:1f:9e:63:4a:
         ea:a9:e2:1a:84:27:10:9e:06:a8:f1:bf:c7:62:ba:5d:ba:63:
         96:d9:af:16:99:b0:91:12:e1:fa:a4:9e:ad:3b:9b:a5:8d:58:
         70:38:48:ba:18:03:1d:5b:d0:e1:8b:42:f8:6a:cb:9e:8d:42:
         96:9f:69:64:4f:5b:0f:83:23:90:43:f8:34:28:3e:3d:bc:25:
         2c:a7:2a:12:b3:db:b8:7b:ef:c0:8f:59:54:8e:f5:a7:8d:a8:
         bd:c9:a4:3f:83:15:67:bb:61:1a:7f:d3:9f:08:8a:7f:07:ae:
         26:0c:4d:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSUfm8T6UtBfISFpBrz2PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYjNlNzNhYThiN2YwYWYzYmQ4NDAwNTcyZGFlNzJiMGQ0
NmY1NWMwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ZjNWYwNzNmZWY5OWI5OWZkMzg4OGI5MzU5NjlkNWQyM2RhNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHQxoWOpahSlxsiolZrDMkEpIZkY
mO6+bg7LGufnufOfQ2UaSUftmAVApPOv8HJ8KziB3R7UvVVsDumwmmoYvRQnAaTQ
cjAnplPYqfRgxiOm+m6GXKn+PMwbLyNyh0IrzXxiRu2m32fKrhOzRuo4R5L7OYe3
PS1Jx/hkgMOS1LWOOg/hMyxIyyt4w+Ieqp5baNX3BR7viEoKDbKLumPSHotllV5f
oKigWF395d8NcVs9VvZzpY3pvPstPzOVxA2VIOUlnvuVjgBeQ3lGXzx3S42PuElS
GXaIjb2ci88kmzfcvC2uYIDo1EibZFk+yV74nxIMfkbu7xiUOZ+NaqsmyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEP8Xwc/75m5n9OIi5NZadXSPadGMB8GA1UdIwQY
MBaAFAuz5zqot/CvO9hABXLa5ysNRvVcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzIt
YWQyOGZhOTY2YjUxLzEvUV94ZkJ6X3ZtYm1mMDRpTGsxbHAxZEk5cDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzItYWQyOGZhOTY2YjUx
LzEvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5IxDAN
BgkqhkiG9w0BAQsFAAOCAQEAlxBlgzabSWlKeMadTMUdQttNxewH7wfa83K3FG7G
FJ5kuwf8JIUrp9v6k437DsAoxYY4oJ8R35IqMc8nG3E9ZkzoOG63HwycYiJ0OE48
lv1RSPxEtG+1ltyICPo+SenR1anfHPH2uwv4JjHwTkvaHq1R0G6pb+fd5esY8bcf
Oh0NVWAKQI7ft8HzVBAfnmNK6qniGoQnEJ4GqPG/x2K6XbpjltmvFpmwkRLh+qSe
rTubpY1YcDhIuhgDHVvQ4YtC+GrLno1Clp9pZE9bD4MjkEP4NCg+PbwlLKcqErPb
uHvvwI9ZVI71p42ovcmkP4MVZ7thGn/TnwiKfweuJgxNiQ==
-----END CERTIFICATE-----