Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Q2C2K8lIxxiUdu5b7Z3pPxSlUA4.roa
File:                     Q2C2K8lIxxiUdu5b7Z3pPxSlUA4.roa (raw, json)
Hash identifier:          fF+89Xt5OrOfTEcdNIvr2GEA64huOuCskoUs/riTTbQ=
Subject key identifier:   43:60:B6:2B:C9:48:C7:18:94:76:EE:5B:ED:9D:E9:3F:14:A5:50:0E
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       01933B6CDE2B9CDBF6E8A781EEFEFF64052A
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Q2C2K8lIxxiUdu5b7Z3pPxSlUA4.roa
Signing time:             Sun 17 Nov 2024 18:40:10 +0000
ROA not before:           Sun 17 Nov 2024 18:40:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209861
IP address blocks:        2a01:ffc6:8000::/34 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3b:6c:de:2b:9c:db:f6:e8:a7:81:ee:fe:ff:64:05:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Nov 17 18:40:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4360b62bc948c7189476ee5bed9de93f14a5500e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:42:4e:02:ea:c3:1d:70:6b:8a:b4:4c:5b:23:
                    2e:9e:92:2e:23:08:a5:f2:92:88:73:ad:d0:e9:3f:
                    a3:ad:4d:32:cf:e9:39:1e:3f:e1:2e:33:9b:f6:62:
                    85:7c:7f:70:a0:8b:e2:91:b8:60:bc:3d:c8:ad:86:
                    a8:79:d3:de:3a:1b:0b:7c:49:77:dd:06:dc:95:8e:
                    9a:16:5a:e1:bb:31:8a:a0:68:ed:49:5a:a1:d5:7c:
                    c9:d1:45:d0:55:92:5f:b2:7f:64:a2:a7:f8:7e:b4:
                    50:05:70:d6:62:f7:02:38:6e:13:64:d7:cb:0e:95:
                    1e:bd:4e:5f:fc:8e:ed:74:ba:ad:e1:cc:c7:b0:3c:
                    ba:65:f5:2a:e4:6d:bd:ac:3a:22:8a:95:ed:46:74:
                    4e:ad:70:bd:fe:ff:61:b8:5b:18:3e:a6:21:24:cd:
                    0a:61:91:6f:f1:8b:c2:45:f8:51:74:02:87:4e:e0:
                    59:d7:71:1d:22:e6:e8:85:d2:70:cd:af:12:69:02:
                    5d:96:af:b8:6f:96:b7:fc:fb:04:d5:d3:e8:5f:f2:
                    3f:30:4a:86:55:92:cb:4b:65:73:5d:12:1f:9e:20:
                    2a:79:58:a8:74:50:de:72:ab:6e:1d:53:56:5e:94:
                    2f:14:3e:4e:4b:60:85:b5:85:0f:2a:21:6d:50:93:
                    e3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:60:B6:2B:C9:48:C7:18:94:76:EE:5B:ED:9D:E9:3F:14:A5:50:0E
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Q2C2K8lIxxiUdu5b7Z3pPxSlUA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc6:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         40:e6:c0:c1:5d:71:7a:73:53:8e:20:56:a3:81:de:03:21:26:
         64:ca:fd:b5:ad:7f:76:52:cd:2f:a4:7a:fc:f9:05:6a:6f:c4:
         ce:ee:3b:13:1c:c7:21:7f:dd:0a:e6:22:0c:aa:14:27:f8:39:
         04:da:31:2e:cb:fe:7c:a6:a9:e8:87:05:9a:ae:41:28:80:04:
         84:c6:c1:14:14:51:ee:10:7c:73:1b:66:15:66:80:74:11:7d:
         16:de:55:f7:06:17:0f:c5:3e:15:22:d1:a3:1c:b5:d1:f7:cc:
         85:14:89:28:34:a5:f4:bd:23:bc:78:ff:5b:7e:43:d5:45:a5:
         f0:4d:9e:3d:be:1e:14:d4:1d:03:75:70:39:9d:cf:ea:5c:8e:
         5f:ed:5d:6e:a5:29:9b:f2:2e:2c:20:23:a5:ce:07:61:b8:79:
         8b:9a:71:0c:0b:46:57:c9:d9:fe:09:2d:a7:ac:e0:25:3b:f7:
         67:7f:ad:80:fd:a3:4c:f3:bb:f5:c9:d2:fa:47:a7:04:1e:cb:
         47:ea:bd:70:1e:98:c2:54:ca:7c:7e:3b:0a:9a:c2:12:4b:bf:
         da:bb:48:fc:77:7c:f0:81:71:36:01:ec:86:4f:51:cd:ae:3a:
         1e:6d:a3:c9:dd:01:cd:a5:af:7f:e3:e7:eb:27:f6:cf:7d:eb:
         d2:be:b3:08
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZM7bN4rnNv26KeB7v7/ZAUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjQxMTE3MTg0MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzYwYjYyYmM5NDhjNzE4OTQ3NmVlNWJlZDlkZTkzZjE0YTU1MDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EJOAurDHXBrirRMWyMunpIuIwil
8pKIc63Q6T+jrU0yz+k5Hj/hLjOb9mKFfH9woIvikbhgvD3IrYaoedPeOhsLfEl3
3QbclY6aFlrhuzGKoGjtSVqh1XzJ0UXQVZJfsn9koqf4frRQBXDWYvcCOG4TZNfL
DpUevU5f/I7tdLqt4czHsDy6ZfUq5G29rDoiipXtRnROrXC9/v9huFsYPqYhJM0K
YZFv8YvCRfhRdAKHTuBZ13EdIubohdJwza8SaQJdlq+4b5a3/PsE1dPoX/I/MEqG
VZLLS2VzXRIfniAqeViodFDecqtuHVNWXpQvFD5OS2CFtYUPKiFtUJPjXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFENgtivJSMcYlHbuW+2d6T8UpVAOMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvUTJDMks4bEl4eGlVZHU1YjdaM3BQeFNsVUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgH/xoAw
DQYJKoZIhvcNAQELBQADggEBAEDmwMFdcXpzU44gVqOB3gMhJmTK/bWtf3ZSzS+k
evz5BWpvxM7uOxMcxyF/3QrmIgyqFCf4OQTaMS7L/nymqeiHBZquQSiABITGwRQU
Ue4QfHMbZhVmgHQRfRbeVfcGFw/FPhUi0aMctdH3zIUUiSg0pfS9I7x4/1t+Q9VF
pfBNnj2+HhTUHQN1cDmdz+pcjl/tXW6lKZvyLiwgI6XOB2G4eYuacQwLRlfJ2f4J
Laes4CU792d/rYD9o0zzu/XJ0vpHpwQey0fqvXAemMJUynx+OwqawhJLv9q7SPx3
fPCBcTYB7IZPUc2uOh5to8ndAc2lr3/j5+sn9s9969K+swg=
-----END CERTIFICATE-----