Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/4qGlWMF50FNdUg0gd-CMSB7neVM.roa
File:                     4qGlWMF50FNdUg0gd-CMSB7neVM.roa (raw, json)
Hash identifier:          KArMdiVnhECewdqNwtW2dbfWYgxrWdLR86F3EaelgdY=
Subject key identifier:   E2:A1:A5:58:C1:79:D0:53:5D:52:0D:20:77:E0:8C:48:1E:E7:79:53
Certificate issuer:       /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial:       018CC56EFEDB2B72849802B3CFD795611775
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/4qGlWMF50FNdUg0gd-CMSB7neVM.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62359
IP address blocks:        2a01:4a0:5::/48 maxlen: 48
                          2a01:4a0:15::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fe:db:2b:72:84:98:02:b3:cf:d7:95:61:17:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a1a558c179d0535d520d2077e08c481ee77953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:c8:6d:74:ae:5d:35:0e:c6:01:b3:5a:41:21:
                    0e:82:59:53:7d:72:27:9e:a5:cb:4a:82:2d:e5:a7:
                    12:74:ed:a8:75:66:19:d0:4c:00:fb:ab:9c:30:12:
                    30:54:d1:63:3d:d2:e9:93:50:6c:8a:65:f0:4c:35:
                    1e:ed:8b:20:58:9a:7f:ae:0a:19:6e:df:55:11:29:
                    31:1e:06:df:b3:b1:2a:ec:7c:9f:53:da:bc:d0:fc:
                    5f:5f:52:9e:7e:90:a1:35:5c:bf:63:6c:79:e3:ce:
                    14:71:a2:cd:66:b8:1a:ed:38:b7:c9:ac:70:28:e5:
                    63:1a:17:fb:d6:c1:04:c7:7f:0c:7b:43:f5:6d:ee:
                    4f:dc:98:e2:fd:4f:da:0c:c3:50:ae:21:27:b0:66:
                    aa:1f:2d:ef:37:be:4e:83:a5:08:25:17:8f:74:2b:
                    ec:0a:74:73:67:ba:f4:38:aa:b3:b7:b5:8d:e4:fb:
                    23:c1:ed:f7:dc:e6:d6:c7:ff:85:c9:44:d3:16:49:
                    b1:9f:75:08:05:3d:d7:12:2d:0f:1f:6b:27:6a:b3:
                    8d:4f:05:85:63:dc:2a:56:6a:2d:70:8c:c1:25:1c:
                    b4:d3:11:00:e6:3f:fe:d5:cd:36:4d:92:b2:83:9c:
                    77:b9:9e:f2:c1:38:33:ee:8e:ae:57:88:59:7d:59:
                    36:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A1:A5:58:C1:79:D0:53:5D:52:0D:20:77:E0:8C:48:1E:E7:79:53
            X509v3 Authority Key Identifier:
                keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/4qGlWMF50FNdUg0gd-CMSB7neVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:4a0:5::/48
                  2a01:4a0:15::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:57:a1:f3:43:57:2c:88:83:9a:ce:af:f9:a9:70:fa:c2:57:
         e8:32:72:b5:cf:b2:03:a6:4e:2a:60:57:16:8c:f8:bb:41:c9:
         c3:ac:c4:71:9f:cb:10:31:6b:69:9c:92:92:d6:19:62:b1:f4:
         5e:71:65:02:79:d6:22:d4:f0:d0:97:d4:0e:9e:1f:a6:b9:7a:
         5f:b3:79:f8:df:1e:ea:7e:59:f0:96:95:ad:6e:8c:71:aa:5e:
         62:d8:fc:47:0d:bb:f8:72:b0:88:29:26:06:d8:9b:d3:14:ce:
         27:b2:40:4b:07:ef:f9:de:fe:2a:40:a8:ce:a9:7d:17:c1:50:
         8d:e3:f6:24:a1:17:b2:75:88:e4:5c:de:5f:de:d5:d9:5b:d3:
         1d:fe:d6:3e:d3:80:0d:6c:f2:a4:fc:9c:39:a8:cf:55:4b:87:
         ff:8d:0a:e5:f6:e7:5e:c1:a2:7a:a4:c3:20:f9:1a:10:9e:54:
         9e:e3:3c:b6:1b:32:ff:7c:63:94:55:c4:ec:27:21:fd:20:70:
         ef:1a:52:64:7a:a7:9b:9b:94:4c:1c:db:12:6e:77:ea:21:ad:
         34:77:59:82:b6:65:00:d8:12:4e:02:2c:e6:25:de:3b:c2:fb:
         b4:31:83:f7:81:26:4d:60:d1:8e:cb:fc:7b:c8:5c:75:02:c5:
         25:18:58:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbv7bK3KEmAKzz9eVYRd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmExYTU1OGMxNzlkMDUzNWQ1MjBkMjA3N2UwOGM0ODFlZTc3OTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8shtdK5dNQ7GAbNaQSEOgllTfXIn
nqXLSoIt5acSdO2odWYZ0EwA+6ucMBIwVNFjPdLpk1BsimXwTDUe7YsgWJp/rgoZ
bt9VESkxHgbfs7Eq7HyfU9q80PxfX1KefpChNVy/Y2x5484UcaLNZrga7Ti3yaxw
KOVjGhf71sEEx38Me0P1be5P3Jji/U/aDMNQriEnsGaqHy3vN75Og6UIJRePdCvs
CnRzZ7r0OKqzt7WN5Psjwe333ObWx/+FyUTTFkmxn3UIBT3XEi0PH2snarONTwWF
Y9wqVmotcIzBJRy00xEA5j/+1c02TZKyg5x3uZ7ywTgz7o6uV4hZfVk2ywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOKhpVjBedBTXVINIHfgjEge53lTMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvNHFHbFdNRjUwRk5kVWcwZ2QtQ01TQjduZVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgEEoAAF
AwcAKgEEoAAVMA0GCSqGSIb3DQEBCwUAA4IBAQCgV6HzQ1csiIOazq/5qXD6wlfo
MnK1z7IDpk4qYFcWjPi7QcnDrMRxn8sQMWtpnJKS1hlisfRecWUCedYi1PDQl9QO
nh+muXpfs3n43x7qflnwlpWtboxxql5i2PxHDbv4crCIKSYG2JvTFM4nskBLB+/5
3v4qQKjOqX0XwVCN4/YkoReydYjkXN5f3tXZW9Md/tY+04ANbPKk/Jw5qM9VS4f/
jQrl9udewaJ6pMMg+RoQnlSe4zy2GzL/fGOUVcTsJyH9IHDvGlJkeqebm5RMHNsS
bnfqIa00d1mCtmUA2BJOAizmJd47wvu0MYP3gSZNYNGOy/x7yFx1AsUlGFiu
-----END CERTIFICATE-----