Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/QdHm7On3zoGKrTv3CU4gY5CT5VU.roa
File:                     QdHm7On3zoGKrTv3CU4gY5CT5VU.roa (raw, json)
Hash identifier:          InPHpksy4nUT4Nu+mpJO4rs7QCEoVmiu6cReok/9aNc=
Subject key identifier:   41:D1:E6:EC:E9:F7:CE:81:8A:AD:3B:F7:09:4E:20:63:90:93:E5:55
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       018CCA99F71DB6DD8E99C5502A89DCC8EACE
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/QdHm7On3zoGKrTv3CU4gY5CT5VU.roa
Signing time:             Tue 02 Jan 2024 14:35:37 +0000
ROA not before:           Tue 02 Jan 2024 14:35:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12430
IP address blocks:        2a01:800::/32 maxlen: 32
                          2a01:807::/32 maxlen: 32
                          2a01:801::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f7:1d:b6:dd:8e:99:c5:50:2a:89:dc:c8:ea:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 14:35:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41d1e6ece9f7ce818aad3bf7094e20639093e555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5f:02:e0:1e:6c:b5:a3:16:63:68:f5:1f:a0:
                    7d:70:44:70:51:8d:80:bb:2e:df:9f:f3:f2:a2:68:
                    52:f2:a8:35:78:e7:59:d6:26:51:19:2d:43:a0:95:
                    c1:c8:39:61:40:24:c9:92:d9:58:c1:78:39:20:23:
                    bc:c4:49:c4:73:64:7f:2e:0f:4a:54:31:cf:96:08:
                    29:68:e0:0e:e7:58:68:8d:29:fe:f3:a1:aa:4a:56:
                    5b:f2:44:58:c0:b4:4e:d8:d1:1b:62:97:1d:6c:28:
                    7c:52:6a:b9:43:e6:32:43:5d:9d:75:02:d6:af:e1:
                    61:1b:82:51:fc:e5:d5:8d:3e:ad:42:f3:d0:ce:a6:
                    7b:17:d2:82:dd:94:96:a0:20:81:78:29:df:1c:3f:
                    ab:9b:18:a1:da:fc:bc:fc:c2:43:c2:cc:76:12:ab:
                    72:cc:cc:8a:45:40:79:13:2c:ce:69:9c:b4:ab:f0:
                    c5:b5:77:09:61:76:2f:b3:93:6d:05:4c:08:cc:b0:
                    e5:91:0b:8f:9e:f2:3c:a9:41:5b:31:8c:2b:4e:ce:
                    62:bd:77:27:bf:a6:81:f6:61:83:17:c8:30:e5:d5:
                    94:83:56:26:fe:8b:33:0d:ff:c5:e5:b4:19:f3:14:
                    86:5f:f8:a6:83:04:e6:c3:71:42:13:c3:b5:60:46:
                    da:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D1:E6:EC:E9:F7:CE:81:8A:AD:3B:F7:09:4E:20:63:90:93:E5:55
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/QdHm7On3zoGKrTv3CU4gY5CT5VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:800::/31
                  2a01:807::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:30:0a:78:b4:82:ca:d7:cd:8f:54:98:c0:d1:72:af:c3:c7:
         ec:27:37:29:6b:92:f5:97:0c:ae:37:af:9c:e1:1f:e8:24:9a:
         59:b4:a1:b7:d1:e8:8f:7b:9b:25:a3:6d:02:2b:c4:6b:01:7e:
         00:c6:ef:6e:5d:8b:1f:9d:e8:10:38:17:3c:54:ce:16:36:7a:
         6e:7c:bb:88:4f:cc:0f:83:e0:7f:e3:4e:fb:48:0f:80:bd:93:
         db:e9:ed:e6:7d:50:42:a0:dc:8b:e4:2b:54:32:e7:fa:04:b8:
         95:c9:cd:7a:20:6e:92:10:65:c3:47:f2:44:ff:ba:bc:3c:5b:
         cf:4d:20:a4:f2:a2:ee:97:90:fd:a1:e7:56:b9:55:5c:91:1e:
         81:61:21:0e:95:88:0c:5f:7e:b9:8a:c8:12:ea:46:23:21:de:
         dc:90:c8:52:42:7f:4b:fc:93:64:57:57:ef:1e:a1:67:54:31:
         68:e8:69:26:f9:03:35:4a:04:5f:76:b6:06:41:ac:1d:fd:e5:
         7f:91:72:f8:3b:01:95:1a:d9:52:2f:47:de:e0:3a:e5:3c:f4:
         1d:97:74:55:9e:9b:a4:82:2c:2d:12:24:3f:da:f1:80:3e:3a:
         59:26:eb:9e:e8:f7:cf:73:27:02:b6:86:c0:a1:50:e6:ee:78:
         36:c5:e0:0a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKmfcdtt2OmcVQKoncyOrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjQwMTAyMTQzNTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQxZTZlY2U5ZjdjZTgxOGFhZDNiZjcwOTRlMjA2MzkwOTNlNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF8C4B5staMWY2j1H6B9cERwUY2A
uy7fn/PyomhS8qg1eOdZ1iZRGS1DoJXByDlhQCTJktlYwXg5ICO8xEnEc2R/Lg9K
VDHPlggpaOAO51hojSn+86GqSlZb8kRYwLRO2NEbYpcdbCh8Umq5Q+YyQ12ddQLW
r+FhG4JR/OXVjT6tQvPQzqZ7F9KC3ZSWoCCBeCnfHD+rmxih2vy8/MJDwsx2Eqty
zMyKRUB5EyzOaZy0q/DFtXcJYXYvs5NtBUwIzLDlkQuPnvI8qUFbMYwrTs5ivXcn
v6aB9mGDF8gw5dWUg1Ym/oszDf/F5bQZ8xSGX/imgwTmw3FCE8O1YEbaiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEHR5uzp986Biq079wlOIGOQk+VVMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvUWRIbTdPbjN6b0dLclR2M0NVNGdZNUNUNVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUBKgEIAAMF
ACoBCAcwDQYJKoZIhvcNAQELBQADggEBAJ4wCni0gsrXzY9UmMDRcq/Dx+wnNylr
kvWXDK43r5zhH+gkmlm0obfR6I97myWjbQIrxGsBfgDG725dix+d6BA4FzxUzhY2
em58u4hPzA+D4H/jTvtID4C9k9vp7eZ9UEKg3IvkK1Qy5/oEuJXJzXogbpIQZcNH
8kT/urw8W89NIKTyou6XkP2h51a5VVyRHoFhIQ6ViAxffrmKyBLqRiMh3tyQyFJC
f0v8k2RXV+8eoWdUMWjoaSb5AzVKBF92tgZBrB395X+Rcvg7AZUa2VIvR97gOuU8
9B2XdFWem6SCLC0SJD/a8YA+Olkm657o989zJwK2hsChUObueDbF4Ao=
-----END CERTIFICATE-----