Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/VQqNQSM2mwgN-xhAx3fZDBbwZn0.roa
File:                     VQqNQSM2mwgN-xhAx3fZDBbwZn0.roa (raw, json)
Hash identifier:          ftnohV81gCd3Hx3eZLFVjNxruU1/zAqERWXEwc6YAYs=
Subject key identifier:   55:0A:8D:41:23:36:9B:08:0D:FB:18:40:C7:77:D9:0C:16:F0:66:7D
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       018EF0DB9649213E995E919A9500332C8E9C
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/VQqNQSM2mwgN-xhAx3fZDBbwZn0.roa
Signing time:             Thu 18 Apr 2024 10:58:26 +0000
ROA not before:           Thu 18 Apr 2024 10:58:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141193
IP address blocks:        2001:b18:1015::/48 maxlen: 48
                          2a0d:82c7:3000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:db:96:49:21:3e:99:5e:91:9a:95:00:33:2c:8e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Apr 18 10:58:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550a8d4123369b080dfb1840c777d90c16f0667d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:92:eb:7e:78:d3:2b:46:d3:2e:07:b3:50:f6:
                    ad:f9:1c:2f:d7:12:f7:40:1e:10:bd:46:dc:10:b1:
                    1b:30:75:ea:20:4f:f6:6e:1b:b4:30:28:32:3a:64:
                    d6:12:d1:c2:cd:49:96:2f:98:0f:69:37:8f:73:c5:
                    d5:c4:d6:a8:78:78:3d:d6:42:30:93:f1:9f:41:73:
                    e7:3c:43:21:7a:99:cb:0b:88:26:33:b1:b8:40:bc:
                    26:09:50:14:d2:57:52:c8:7f:cd:95:37:72:38:29:
                    72:76:2e:bd:44:19:35:27:30:ab:6b:e0:fd:b4:ba:
                    9e:e8:4d:fd:d4:e9:7b:1f:af:cf:7b:a5:86:25:eb:
                    01:ce:ba:08:e3:bb:fa:77:cb:28:50:f4:6e:d0:28:
                    7c:21:a2:bd:fa:ac:37:29:cb:c5:16:d8:63:84:22:
                    6c:55:08:b4:1f:24:26:4b:36:83:71:e3:1b:42:77:
                    0c:44:07:69:f1:2f:8f:96:66:8f:c8:a5:1c:09:92:
                    18:12:cc:ff:3b:14:22:d9:43:4c:63:d7:9e:c2:44:
                    fb:8f:d2:02:12:27:d2:29:0f:60:ad:6d:d9:0d:0d:
                    1a:36:5e:5f:76:49:a7:b3:44:5e:4e:bd:92:b4:02:
                    18:b4:5d:b2:2f:67:21:e8:f3:38:a7:a7:e7:14:23:
                    72:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0A:8D:41:23:36:9B:08:0D:FB:18:40:C7:77:D9:0C:16:F0:66:7D
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/VQqNQSM2mwgN-xhAx3fZDBbwZn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:b18:1015::/48
                  2a0d:82c7:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9f:bd:fa:e8:4c:51:8f:a6:b7:a7:eb:8b:3f:c2:50:39:3d:dc:
         8b:81:5f:f6:8a:69:36:d8:70:b4:d9:3c:1f:30:ee:1a:b8:0d:
         e2:b8:04:e1:33:a2:86:aa:bb:44:df:90:97:e5:00:cf:4e:60:
         6e:23:48:23:c3:e8:d6:29:78:ff:73:de:b3:45:fe:55:1e:45:
         87:a7:b3:f4:5c:82:36:da:f3:72:c5:27:80:48:59:c1:fe:68:
         ec:42:42:81:fd:df:1d:13:4a:2b:6d:6c:85:b9:e6:3e:0a:14:
         50:c6:c1:6f:3d:74:e5:b3:0d:92:8f:07:83:a6:bb:08:11:d5:
         dc:ef:42:71:02:55:c5:db:e0:22:5a:52:38:5f:29:d7:47:d6:
         ac:c8:6f:08:1d:6d:8b:b5:eb:e6:60:5e:1d:f6:0c:27:6f:33:
         68:08:8a:0f:c4:19:f8:28:bd:5b:1e:15:8f:1d:b6:13:af:16:
         e8:cc:9c:4f:66:c5:ed:bd:d5:8a:81:cf:85:5d:5f:9e:de:78:
         ca:e1:fc:08:e9:35:9a:d4:ae:09:16:69:c6:73:89:a9:90:c2:
         9e:1d:a4:ed:d9:ef:86:45:cf:d3:27:a5:f5:ac:f8:6f:62:20:
         fa:01:f6:19:b8:c2:f1:0d:89:a0:da:2d:8f:bd:c8:ce:c0:97:
         2d:40:b8:db
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAY7w25ZJIT6ZXpGalQAzLI6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjQwNDE4MTA1ODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBhOGQ0MTIzMzY5YjA4MGRmYjE4NDBjNzc3ZDkwYzE2ZjA2NjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5LrfnjTK0bTLgezUPat+Rwv1xL3
QB4QvUbcELEbMHXqIE/2bhu0MCgyOmTWEtHCzUmWL5gPaTePc8XVxNaoeHg91kIw
k/GfQXPnPEMhepnLC4gmM7G4QLwmCVAU0ldSyH/NlTdyOClydi69RBk1JzCra+D9
tLqe6E391Ol7H6/Pe6WGJesBzroI47v6d8soUPRu0Ch8IaK9+qw3KcvFFthjhCJs
VQi0HyQmSzaDceMbQncMRAdp8S+PlmaPyKUcCZIYEsz/OxQi2UNMY9eewkT7j9IC
EifSKQ9grW3ZDQ0aNl5fdkmns0ReTr2StAIYtF2yL2ch6PM4p6fnFCNyKQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFFUKjUEjNpsIDfsYQMd32QwW8GZ9MB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvVlFxTlFTTTJtd2dOLXhoQXgzZlpEQmJ3Wm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAIAELGBAV
AwYEKg2CxzAwDQYJKoZIhvcNAQELBQADggEBAJ+9+uhMUY+mt6friz/CUDk93IuB
X/aKaTbYcLTZPB8w7hq4DeK4BOEzooaqu0TfkJflAM9OYG4jSCPD6NYpeP9z3rNF
/lUeRYens/Rcgjba83LFJ4BIWcH+aOxCQoH93x0TSittbIW55j4KFFDGwW89dOWz
DZKPB4OmuwgR1dzvQnECVcXb4CJaUjhfKddH1qzIbwgdbYu16+ZgXh32DCdvM2gI
ig/EGfgovVseFY8dthOvFujMnE9mxe291YqBz4VdX57eeMrh/AjpNZrUrgkWacZz
iamQwp4dpO3Z74ZFz9MnpfWs+G9iIPoB9hm4wvENiaDaLY+9yM7Aly1AuNs=
-----END CERTIFICATE-----