Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qRd2Ndl_DBbQG9aA0vABnH3xtcY.roa
File:                     qRd2Ndl_DBbQG9aA0vABnH3xtcY.roa (raw, json)
Hash identifier:          mq52GDMoGUjhalOmmLsClGmpouVMg4kjysoZvX+GODU=
Subject key identifier:   A9:17:76:35:D9:7F:0C:16:D0:1B:D6:80:D2:F0:01:9C:7D:F1:B5:C6
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2971C7D653E332944441DB1B781267
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qRd2Ndl_DBbQG9aA0vABnH3xtcY.roa
Signing time:             Tue 02 Jan 2024 12:32:42 +0000
ROA not before:           Tue 02 Jan 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212387
IP address blocks:        2a0e:8f02:f04a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:71:c7:d6:53:e3:32:94:44:41:db:1b:78:12:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9177635d97f0c16d01bd680d2f0019c7df1b5c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9c:aa:92:ae:aa:4d:17:0c:ab:36:1c:b5:d6:
                    31:f9:b3:b1:7c:d0:89:9f:01:83:8c:5b:21:f0:ba:
                    f8:dc:c4:d8:22:92:b2:a1:35:23:88:c2:52:28:e1:
                    cd:45:51:15:e6:09:a7:37:b7:35:a5:b0:31:31:5f:
                    8a:34:20:c7:ef:4a:e9:7e:7c:61:95:ee:1f:35:75:
                    84:de:79:8f:fe:1e:69:d2:5e:06:ff:29:40:b2:32:
                    8a:18:c9:6c:9b:4a:f5:57:c6:35:99:9c:c4:d8:c5:
                    b5:48:cf:9a:13:04:70:7c:8c:af:f8:d2:39:00:0c:
                    e8:de:6f:cf:98:11:47:1a:46:4e:a6:45:d7:1b:cc:
                    ac:ac:fa:77:9d:d3:1c:bc:37:d4:c6:71:74:38:f3:
                    a3:4d:ad:8d:37:0e:ac:61:6f:ee:94:e4:4a:9f:76:
                    6d:9f:a5:1e:a3:a3:82:e6:35:f0:57:33:ab:ef:15:
                    62:5b:22:82:dd:94:64:2d:22:c4:2a:3c:df:63:ae:
                    b3:25:4b:d3:6c:e0:44:01:03:64:db:57:df:06:32:
                    3f:81:30:f3:86:8a:4c:96:ad:b7:f9:35:7b:4d:a3:
                    05:20:ea:0d:d1:17:9e:de:b4:5e:09:bd:18:b3:10:
                    16:e0:36:76:0f:49:b1:23:20:d1:a0:3a:53:40:87:
                    e9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:17:76:35:D9:7F:0C:16:D0:1B:D6:80:D2:F0:01:9C:7D:F1:B5:C6
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qRd2Ndl_DBbQG9aA0vABnH3xtcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f04a::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:ef:e7:5f:1c:ce:4b:69:04:8f:58:7e:f1:3e:b1:69:35:40:
         a9:97:b8:e5:95:58:a3:cf:9c:fe:56:bf:c0:0c:cf:23:d6:d3:
         e3:e0:84:6b:ee:78:de:4f:53:ae:19:8b:74:27:bf:f8:bf:61:
         74:a9:c9:c4:e9:04:a6:35:b3:77:35:13:9a:ba:3c:05:82:89:
         0c:25:ec:23:d1:c5:75:6d:f3:3a:17:6b:5a:f7:80:2e:e4:7c:
         40:e0:50:b8:7e:da:74:4a:18:fb:2c:29:db:08:bd:a5:68:23:
         40:0d:db:23:20:0e:ec:e0:a4:0f:1e:ac:70:16:5b:55:fa:1a:
         9e:37:a3:7e:7e:c6:a1:a9:d4:a6:9b:87:59:be:43:6a:b3:3d:
         e9:e5:a7:90:e9:76:3a:8e:07:b1:6a:2b:9f:cd:3c:39:7d:97:
         48:84:bc:60:c3:17:36:81:bd:f6:e2:0e:21:71:8e:2d:58:fd:
         d8:d8:32:df:27:91:e9:35:2b:e0:b1:05:fc:29:a8:b5:11:24:
         1c:da:ff:37:ba:2a:fc:ed:a9:81:91:f0:5d:ff:98:e5:57:75:
         3f:49:e0:c5:60:d6:82:db:2e:40:b6:0a:85:f2:ee:13:d8:6a:
         a0:ef:3b:c6:82:44:eb:14:e8:59:8d:76:17:14:57:d4:db:d2:
         0b:83:e0:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXHH1lPjMpREQdsbeBJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTE3NzYzNWQ5N2YwYzE2ZDAxYmQ2ODBkMmYwMDE5YzdkZjFiNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpyqkq6qTRcMqzYctdYx+bOxfNCJ
nwGDjFsh8Lr43MTYIpKyoTUjiMJSKOHNRVEV5gmnN7c1pbAxMV+KNCDH70rpfnxh
le4fNXWE3nmP/h5p0l4G/ylAsjKKGMlsm0r1V8Y1mZzE2MW1SM+aEwRwfIyv+NI5
AAzo3m/PmBFHGkZOpkXXG8ysrPp3ndMcvDfUxnF0OPOjTa2NNw6sYW/ulORKn3Zt
n6Ueo6OC5jXwVzOr7xViWyKC3ZRkLSLEKjzfY66zJUvTbOBEAQNk21ffBjI/gTDz
hopMlq23+TV7TaMFIOoN0Ree3rReCb0YsxAW4DZ2D0mxIyDRoDpTQIfp4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKkXdjXZfwwW0BvWgNLwAZx98bXGMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvcVJkMk5kbF9EQmJRRzlhQTB2QUJuSDN4dGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBK
MA0GCSqGSIb3DQEBCwUAA4IBAQAR7+dfHM5LaQSPWH7xPrFpNUCpl7jllVijz5z+
Vr/ADM8j1tPj4IRr7njeT1OuGYt0J7/4v2F0qcnE6QSmNbN3NROaujwFgokMJewj
0cV1bfM6F2ta94Au5HxA4FC4ftp0Shj7LCnbCL2laCNADdsjIA7s4KQPHqxwFltV
+hqeN6N+fsahqdSmm4dZvkNqsz3p5aeQ6XY6jgexaiufzTw5fZdIhLxgwxc2gb32
4g4hcY4tWP3Y2DLfJ5HpNSvgsQX8Kai1ESQc2v83uir87amBkfBd/5jlV3U/SeDF
YNaC2y5AtgqF8u4T2Gqg7zvGgkTrFOhZjXYXFFfU29ILg+D+
-----END CERTIFICATE-----