Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/qqFZya-4Om8kTLI3LBVG600-yJw.roa
File:                     qqFZya-4Om8kTLI3LBVG600-yJw.roa (raw, json)
Hash identifier:          xSZQRAd4mA02ZDM9cjXNhjDDtL+7HkcCMD3Lfg/bYKs=
Subject key identifier:   AA:A1:59:C9:AF:B8:3A:6F:24:4C:B2:37:2C:15:46:EB:4D:3E:C8:9C
Certificate issuer:       /CN=ea22ab6bbe42ed9cf367bb0317df7e640e2836dc
Certificate serial:       018CC4933DDE2FA2C7462CBD379413530A1B
Authority key identifier: EA:22:AB:6B:BE:42:ED:9C:F3:67:BB:03:17:DF:7E:64:0E:28:36:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6iKra75C7ZzzZ7sDF99-ZA4oNtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/qqFZya-4Om8kTLI3LBVG600-yJw.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        2001:67c:420::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/6iKra75C7ZzzZ7sDF99-ZA4oNtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/6iKra75C7ZzzZ7sDF99-ZA4oNtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6iKra75C7ZzzZ7sDF99-ZA4oNtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3d:de:2f:a2:c7:46:2c:bd:37:94:13:53:0a:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea22ab6bbe42ed9cf367bb0317df7e640e2836dc
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa159c9afb83a6f244cb2372c1546eb4d3ec89c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3b:cf:fe:d9:86:83:fe:34:86:90:14:6d:5f:
                    41:96:46:b0:ec:18:6d:dd:00:5a:7d:75:61:32:13:
                    64:f5:61:4d:0d:6c:6b:f4:7a:5e:b9:8b:0c:65:36:
                    b1:8d:ca:90:92:16:66:94:59:c2:aa:59:aa:a6:7e:
                    47:a7:14:e3:11:91:56:e4:7a:94:e6:5e:32:99:dd:
                    79:90:f5:81:47:26:2f:75:af:22:0d:27:f0:e0:83:
                    90:7a:3d:73:c5:dc:68:82:4e:a7:08:15:26:2f:d8:
                    e6:b6:f6:ec:74:d4:f7:c8:75:34:76:10:c0:17:40:
                    c3:5e:b4:03:3c:3b:33:39:24:af:c7:2e:2e:b0:b2:
                    10:16:15:3f:34:3f:52:79:fc:3a:6a:70:18:ba:ac:
                    1d:b5:0b:7c:bb:b8:62:37:07:51:8c:b7:0f:36:ae:
                    e0:2d:06:91:cd:99:b5:8f:e7:59:04:e5:c6:7a:e8:
                    4a:63:c1:83:a2:52:81:bf:bc:75:07:23:61:ff:32:
                    68:aa:3e:60:14:b7:e7:f0:65:9a:99:b0:65:f7:2d:
                    7b:7d:38:58:3a:39:83:0d:5e:53:8b:06:56:03:e6:
                    a8:e9:c9:96:67:ed:1b:f3:a8:0c:1b:d3:76:c2:fc:
                    15:a3:91:e0:64:3f:e3:1f:06:f1:ed:e9:c2:a2:b3:
                    72:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A1:59:C9:AF:B8:3A:6F:24:4C:B2:37:2C:15:46:EB:4D:3E:C8:9C
            X509v3 Authority Key Identifier:
                keyid:EA:22:AB:6B:BE:42:ED:9C:F3:67:BB:03:17:DF:7E:64:0E:28:36:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6iKra75C7ZzzZ7sDF99-ZA4oNtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/qqFZya-4Om8kTLI3LBVG600-yJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/a5a3a2-ad53-46a5-8fd5-065ed4d8441f/1/6iKra75C7ZzzZ7sDF99-ZA4oNtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:420::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:12:3d:05:25:85:46:3a:ba:36:11:dc:01:3f:6d:9e:e3:6b:
         48:d7:f0:ff:b3:51:51:b2:7a:4f:5b:ea:4b:b1:fa:3c:0c:01:
         54:c3:e9:d5:37:e0:b8:4f:d3:95:8c:77:7c:67:d3:0a:b8:ce:
         35:7d:70:df:90:c2:0f:fa:a1:2e:cd:cd:61:dc:5f:0f:f2:5a:
         e6:52:98:b5:1f:a0:48:de:f4:d0:1b:24:26:c2:39:c0:bc:98:
         fa:75:8d:03:00:91:82:f3:48:41:c5:b6:3f:03:5e:0d:77:a9:
         eb:1b:dd:8f:25:9f:1f:db:8e:2e:08:99:2b:81:c2:9d:58:4c:
         2d:f0:42:ac:90:3d:24:7b:b5:3b:e2:12:6b:e2:d6:50:7d:03:
         19:dc:61:30:63:ca:08:83:bd:46:2e:46:aa:2f:e4:01:3a:ae:
         ab:a9:3d:4e:12:01:9c:1b:fa:6c:57:a3:95:b8:bc:74:06:4c:
         a8:bc:5d:31:84:d5:fc:0f:f6:58:ac:94:8a:de:bf:2a:d0:da:
         d7:02:66:99:a0:8e:f9:fd:04:e0:c2:4c:48:e8:ee:a1:cc:c8:
         16:4e:35:77:05:ac:7a:ea:16:05:11:95:65:f4:85:f2:0f:25:
         0c:3e:d6:b9:34:1a:3b:86:3e:a7:d8:49:e6:ef:1a:e2:a5:f3:
         35:c8:f8:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkz3eL6LHRiy9N5QTUwobMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMjJhYjZiYmU0MmVkOWNmMzY3YmIwMzE3ZGY3ZTY0MGUy
ODM2ZGMwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWExNTljOWFmYjgzYTZmMjQ0Y2IyMzcyYzE1NDZlYjRkM2VjODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTvP/tmGg/40hpAUbV9Blkaw7Bht
3QBafXVhMhNk9WFNDWxr9HpeuYsMZTaxjcqQkhZmlFnCqlmqpn5HpxTjEZFW5HqU
5l4ymd15kPWBRyYvda8iDSfw4IOQej1zxdxogk6nCBUmL9jmtvbsdNT3yHU0dhDA
F0DDXrQDPDszOSSvxy4usLIQFhU/ND9Sefw6anAYuqwdtQt8u7hiNwdRjLcPNq7g
LQaRzZm1j+dZBOXGeuhKY8GDolKBv7x1ByNh/zJoqj5gFLfn8GWambBl9y17fThY
OjmDDV5TiwZWA+ao6cmWZ+0b86gMG9N2wvwVo5HgZD/jHwbx7enCorNyUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKqhWcmvuDpvJEyyNywVRutNPsicMB8GA1UdIwQY
MBaAFOoiq2u+Qu2c82e7AxfffmQOKDbcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmlLcmE3NUM3Wnp6WjdzREY5OS1aQTRvTnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9hNWEzYTItYWQ1My00NmE1LThmZDUt
MDY1ZWQ0ZDg0NDFmLzEvcXFGWnlhLTRPbThrVExJM0xCVkc2MDAteUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9hNWEzYTItYWQ1My00NmE1LThmZDUtMDY1ZWQ0ZDg0NDFm
LzEvNmlLcmE3NUM3Wnp6WjdzREY5OS1aQTRvTnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAQg
MA0GCSqGSIb3DQEBCwUAA4IBAQAeEj0FJYVGOro2EdwBP22e42tI1/D/s1FRsnpP
W+pLsfo8DAFUw+nVN+C4T9OVjHd8Z9MKuM41fXDfkMIP+qEuzc1h3F8P8lrmUpi1
H6BI3vTQGyQmwjnAvJj6dY0DAJGC80hBxbY/A14Nd6nrG92PJZ8f244uCJkrgcKd
WEwt8EKskD0ke7U74hJr4tZQfQMZ3GEwY8oIg71GLkaqL+QBOq6rqT1OEgGcG/ps
V6OVuLx0BkyovF0xhNX8D/ZYrJSK3r8q0NrXAmaZoI75/QTgwkxI6O6hzMgWTjV3
Bax66hYFEZVl9IXyDyUMPta5NBo7hj6n2Enm7xripfM1yPhu
-----END CERTIFICATE-----