Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/qPfR7RG57f18LNEfOXECDUWuxuU.roa
File:                     qPfR7RG57f18LNEfOXECDUWuxuU.roa (raw, json)
Hash identifier:          QgXqOHY45cNI3RJ9Yex5GhM6/GX8GPU2S0Ij2p9Y640=
Subject key identifier:   A8:F7:D1:ED:11:B9:ED:FD:7C:2C:D1:1F:39:71:02:0D:45:AE:C6:E5
Certificate issuer:       /CN=f1003d2c71ab076991fb03ed6600bf1d48b72be5
Certificate serial:       01942143BE7627C617F25FEAEAC480D96EB2
Authority key identifier: F1:00:3D:2C:71:AB:07:69:91:FB:03:ED:66:00:BF:1D:48:B7:2B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QA9LHGrB2mR-wPtZgC_HUi3K-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/qPfR7RG57f18LNEfOXECDUWuxuU.roa
Signing time:             Wed 01 Jan 2025 09:47:55 +0000
ROA not before:           Wed 01 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56951
IP address blocks:        2001:678:fd4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/8QA9LHGrB2mR-wPtZgC_HUi3K-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/8QA9LHGrB2mR-wPtZgC_HUi3K-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QA9LHGrB2mR-wPtZgC_HUi3K-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:be:76:27:c6:17:f2:5f:ea:ea:c4:80:d9:6e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1003d2c71ab076991fb03ed6600bf1d48b72be5
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8f7d1ed11b9edfd7c2cd11f3971020d45aec6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:72:9e:b5:14:87:e5:8e:21:6a:b9:04:8a:29:
                    62:49:f0:35:e1:0c:20:e9:83:de:c6:3e:46:85:58:
                    a0:b3:3d:a6:58:ed:34:fd:ba:9b:ac:fd:f3:53:dc:
                    56:b7:41:97:43:08:41:a9:51:27:c9:cd:1d:85:20:
                    66:d3:43:c3:02:7e:9a:e7:1f:10:79:3b:e7:69:fa:
                    18:ad:4d:fd:9a:04:79:3a:a0:bb:81:62:64:8b:c5:
                    9e:5d:79:59:93:72:2e:c0:ca:49:1d:ba:55:83:8b:
                    0c:ca:47:17:54:27:33:16:12:1e:e8:0d:53:4a:78:
                    a7:9b:86:37:e5:b5:17:d6:85:2e:d2:6f:d6:36:73:
                    2d:cd:4c:d9:f3:3b:bb:52:38:61:8d:08:f7:43:92:
                    1f:49:41:a6:44:bc:0d:ac:8f:e9:95:99:cb:e2:c3:
                    27:80:2a:4f:3d:f6:9f:9a:bd:d3:ff:35:45:88:e1:
                    75:2d:86:99:6b:3f:d0:61:f2:9d:ee:90:96:fe:98:
                    bc:4d:6d:95:57:e5:0c:e6:4b:e7:ce:e4:7c:44:4b:
                    c1:2d:e8:8e:8c:e8:1f:2a:2b:b8:68:4c:8f:22:f2:
                    7d:86:23:93:02:51:ef:73:c5:06:2f:08:eb:81:cc:
                    f8:a8:d9:6a:06:26:91:11:2c:a2:c2:00:43:8b:24:
                    ef:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F7:D1:ED:11:B9:ED:FD:7C:2C:D1:1F:39:71:02:0D:45:AE:C6:E5
            X509v3 Authority Key Identifier:
                keyid:F1:00:3D:2C:71:AB:07:69:91:FB:03:ED:66:00:BF:1D:48:B7:2B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QA9LHGrB2mR-wPtZgC_HUi3K-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/qPfR7RG57f18LNEfOXECDUWuxuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/846a03-de24-485b-b9b7-c4bc803d893f/1/8QA9LHGrB2mR-wPtZgC_HUi3K-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fd4::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:99:9a:18:72:27:3d:f2:f7:23:bf:77:81:fe:74:ca:17:e3:
         80:9d:f9:7a:24:77:5f:35:98:2d:21:fb:2e:ed:14:f9:f3:4c:
         12:10:14:30:9a:98:ed:b8:b1:82:bc:f1:71:c9:25:ad:2b:c5:
         0c:5e:68:ea:36:0b:ad:9c:d7:e5:ce:95:73:ab:df:c4:2c:eb:
         4a:ed:f8:8b:15:11:bf:bd:ff:3c:a8:64:a6:af:e9:af:21:4c:
         a9:04:c8:58:06:8a:1b:44:d0:c9:ec:70:82:a0:31:c2:c2:28:
         97:c7:50:02:70:02:7f:d6:fb:98:1e:b5:ff:36:13:41:db:d4:
         77:c5:c7:04:a4:38:e1:b4:e5:0c:d5:8e:ba:6b:2b:24:f6:fb:
         6a:26:0a:17:e1:67:a9:a3:cf:c6:4b:e6:78:e2:08:bb:db:68:
         36:ec:e6:4d:a5:cd:d9:81:51:e4:ca:55:6b:2d:51:34:09:32:
         03:47:4e:34:77:66:56:cd:0b:eb:7f:f7:4d:64:62:62:4f:0c:
         1e:b4:3f:68:ca:bc:5e:7e:a0:63:8b:38:7b:c5:8f:1f:8c:d1:
         25:b2:df:8e:2c:fa:fa:4d:88:51:97:4a:93:18:f0:7c:e6:0b:
         4f:ce:8e:4f:79:dc:5f:98:2a:c6:ba:d9:62:f7:0e:ec:e8:01:
         9b:75:68:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ752J8YX8l/q6sSA2W6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMDAzZDJjNzFhYjA3Njk5MWZiMDNlZDY2MDBiZjFkNDhi
NzJiZTUwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGY3ZDFlZDExYjllZGZkN2MyY2QxMWYzOTcxMDIwZDQ1YWVjNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnKetRSH5Y4harkEiiliSfA14Qwg
6YPexj5GhVigsz2mWO00/bqbrP3zU9xWt0GXQwhBqVEnyc0dhSBm00PDAn6a5x8Q
eTvnafoYrU39mgR5OqC7gWJki8WeXXlZk3IuwMpJHbpVg4sMykcXVCczFhIe6A1T
Sninm4Y35bUX1oUu0m/WNnMtzUzZ8zu7UjhhjQj3Q5IfSUGmRLwNrI/plZnL4sMn
gCpPPfafmr3T/zVFiOF1LYaZaz/QYfKd7pCW/pi8TW2VV+UM5kvnzuR8REvBLeiO
jOgfKiu4aEyPIvJ9hiOTAlHvc8UGLwjrgcz4qNlqBiaRESyiwgBDiyTvvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKj30e0Rue39fCzRHzlxAg1FrsblMB8GA1UdIwQY
MBaAFPEAPSxxqwdpkfsD7WYAvx1ItyvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFFBOUxIR3JCMm1SLXdQdFpnQ19IVWkzSy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84NDZhMDMtZGUyNC00ODViLWI5Yjct
YzRiYzgwM2Q4OTNmLzEvcVBmUjdSRzU3ZjE4TE5FZk9YRUNEVVd1eHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84NDZhMDMtZGUyNC00ODViLWI5YjctYzRiYzgwM2Q4OTNm
LzEvOFFBOUxIR3JCMm1SLXdQdFpnQ19IVWkzSy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA/U
MA0GCSqGSIb3DQEBCwUAA4IBAQAJmZoYcic98vcjv3eB/nTKF+OAnfl6JHdfNZgt
Ifsu7RT580wSEBQwmpjtuLGCvPFxySWtK8UMXmjqNgutnNflzpVzq9/ELOtK7fiL
FRG/vf88qGSmr+mvIUypBMhYBoobRNDJ7HCCoDHCwiiXx1ACcAJ/1vuYHrX/NhNB
29R3xccEpDjhtOUM1Y66aysk9vtqJgoX4Wepo8/GS+Z44gi722g27OZNpc3ZgVHk
ylVrLVE0CTIDR040d2ZWzQvrf/dNZGJiTwwetD9oyrxefqBjizh7xY8fjNElst+O
LPr6TYhRl0qTGPB85gtPzo5PedxfmCrGutli9w7s6AGbdWiw
-----END CERTIFICATE-----