Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QVb6CUu6_X16MIuOE_TFbn6Z12g.roa
File:                     QVb6CUu6_X16MIuOE_TFbn6Z12g.roa (raw, json)
Hash identifier:          eXd9Z+4uAIHm883h/HGnXhRWqXAMvhGu3uEoaQGnlsI=
Subject key identifier:   41:56:FA:09:4B:BA:FD:7D:7A:30:8B:8E:13:F4:C5:6E:7E:99:D7:68
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42561BFD264D1BB9F041F9E5802C01C
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QVb6CUu6_X16MIuOE_TFbn6Z12g.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59417
IP address blocks:        2a0b:b87:ffb7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:bf:d2:64:d1:bb:9f:04:1f:9e:58:02:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4156fa094bbafd7d7a308b8e13f4c56e7e99d768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:46:82:12:a4:67:f3:36:c2:84:f0:a9:f3:11:
                    01:de:7d:4e:57:62:db:bf:7b:2f:fa:a0:a6:b0:8f:
                    91:74:76:9c:de:88:39:66:07:93:44:17:0d:da:62:
                    79:cf:3f:b7:a2:3e:4c:f7:3a:4d:79:db:5c:6d:6e:
                    d1:cd:88:74:d6:6c:fa:f8:3a:30:77:78:4b:9a:00:
                    c3:88:64:0f:9b:47:9e:e3:59:0e:64:0a:a5:69:6b:
                    3f:6f:20:61:5e:52:aa:ec:6f:c8:76:f2:7c:51:86:
                    ce:f5:ca:bb:af:68:f6:b5:b2:c2:33:94:ad:19:b4:
                    b6:c1:2d:bc:e0:76:19:59:2e:6d:56:d7:80:c1:2d:
                    85:98:1c:bb:a1:ca:e4:4f:fe:ac:35:c2:b5:bb:2f:
                    31:93:6d:c4:be:fd:a9:85:92:72:c7:4d:77:3e:73:
                    38:d3:f1:f0:dd:f6:1a:cd:df:f3:97:86:3d:ec:9a:
                    57:db:1c:cf:00:8e:0e:79:e0:69:4c:58:af:a8:fc:
                    23:2e:c0:f8:ee:07:aa:b9:32:af:40:de:a9:65:ce:
                    79:cb:32:c4:5d:f7:05:3a:0b:18:2f:1c:a5:73:c7:
                    55:34:0c:fc:59:79:13:eb:f8:13:6c:96:0c:10:32:
                    92:85:95:3a:71:3b:5e:b7:6b:a1:63:25:16:1f:a8:
                    b6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:56:FA:09:4B:BA:FD:7D:7A:30:8B:8E:13:F4:C5:6E:7E:99:D7:68
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QVb6CUu6_X16MIuOE_TFbn6Z12g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb7::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:ab:c4:b8:e2:77:58:bd:b7:c3:47:fa:71:33:34:d3:84:b7:
         c6:49:bb:cc:38:83:79:cc:dd:5f:2f:c0:ca:d7:12:64:95:ed:
         6c:f3:e1:e1:cb:ea:7b:53:dc:c8:fa:dc:a1:79:6a:99:d1:ef:
         52:35:36:86:6d:69:63:87:86:5a:77:ac:8b:49:fb:b5:3e:82:
         ac:18:47:72:46:62:76:f2:c5:25:9c:95:0b:41:f1:61:1e:90:
         6c:8e:df:e2:7f:5d:37:6d:6b:8d:6e:50:74:d7:fd:48:39:c0:
         41:5c:94:70:50:53:cc:e1:ba:9b:4b:7f:aa:2e:24:c1:8e:f1:
         b9:ed:27:09:36:69:5a:80:8e:3a:2c:c1:39:4f:d8:07:c2:7d:
         71:5f:7e:09:be:67:20:63:10:ea:77:76:3a:a1:d5:9b:7d:d4:
         ae:bc:0d:a6:37:72:fe:e7:25:fd:4a:c1:3a:70:ee:55:70:a8:
         c8:6a:a4:f9:50:ff:40:53:6b:96:c8:7e:d1:9e:f3:18:2b:fd:
         bd:a6:c9:16:19:9c:62:8d:9e:8c:94:59:52:94:f7:45:63:79:
         28:75:30:40:98:ff:df:ac:56:9c:d9:32:77:eb:1b:48:e7:db:
         eb:16:b3:65:9d:11:c5:a5:61:fd:e1:54:e3:05:f6:20:03:86:
         e0:9e:9a:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWG/0mTRu58EH55YAsAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU2ZmEwOTRiYmFmZDdkN2EzMDhiOGUxM2Y0YzU2ZTdlOTlkNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUaCEqRn8zbChPCp8xEB3n1OV2Lb
v3sv+qCmsI+RdHac3og5ZgeTRBcN2mJ5zz+3oj5M9zpNedtcbW7RzYh01mz6+Dow
d3hLmgDDiGQPm0ee41kOZAqlaWs/byBhXlKq7G/IdvJ8UYbO9cq7r2j2tbLCM5St
GbS2wS284HYZWS5tVteAwS2FmBy7ocrkT/6sNcK1uy8xk23Evv2phZJyx013PnM4
0/Hw3fYazd/zl4Y97JpX2xzPAI4OeeBpTFivqPwjLsD47gequTKvQN6pZc55yzLE
XfcFOgsYLxylc8dVNAz8WXkT6/gTbJYMEDKShZU6cTtet2uhYyUWH6i2UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEFW+glLuv19ejCLjhP0xW5+mddoMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUVZiNkNVdTZfWDE2TUl1T0VfVEZibjZaMTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+3
MA0GCSqGSIb3DQEBCwUAA4IBAQAYq8S44ndYvbfDR/pxMzTThLfGSbvMOIN5zN1f
L8DK1xJkle1s8+Hhy+p7U9zI+tyheWqZ0e9SNTaGbWljh4Zad6yLSfu1PoKsGEdy
RmJ28sUlnJULQfFhHpBsjt/if103bWuNblB01/1IOcBBXJRwUFPM4bqbS3+qLiTB
jvG57ScJNmlagI46LME5T9gHwn1xX34JvmcgYxDqd3Y6odWbfdSuvA2mN3L+5yX9
SsE6cO5VcKjIaqT5UP9AU2uWyH7RnvMYK/29pskWGZxijZ6MlFlSlPdFY3kodTBA
mP/frFac2TJ36xtI59vrFrNlnRHFpWH94VTjBfYgA4bgnprL
-----END CERTIFICATE-----