Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Q7Kremg5Fgj0SfkKKXdi8FJc68I.roa
File:                     Q7Kremg5Fgj0SfkKKXdi8FJc68I.roa (raw, json)
Hash identifier:          wwhqLnVWip/tEomt2waPsqqsK0Xf41SfYznp1QkJ0BM=
Subject key identifier:   43:B2:AB:7A:68:39:16:08:F4:49:F9:0A:29:77:62:F0:52:5C:EB:C2
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       019426D9C9CCA4ACA60CCA89480CD1E81E0B
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Q7Kremg5Fgj0SfkKKXdi8FJc68I.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202818
IP address blocks:        2001:4cd0:dc00::/48 maxlen: 48
                          2001:4cd0:dc00:1200::/56 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c9:cc:a4:ac:a6:0c:ca:89:48:0c:d1:e8:1e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43b2ab7a68391608f449f90a297762f0525cebc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:65:68:71:0e:78:d8:d4:ef:2a:dd:af:c4:f3:
                    1f:c5:5b:81:54:7d:a5:0a:a9:c5:81:31:84:99:3e:
                    ef:73:ef:28:91:07:d3:7b:20:02:36:20:fe:b1:d0:
                    28:8c:2a:04:bc:29:13:2d:e3:91:c9:1d:4c:7e:2a:
                    8a:d0:6d:98:a2:5a:70:67:a7:01:8f:1c:ca:35:77:
                    b0:e3:25:c7:d3:bb:79:50:8a:41:f6:7f:82:00:b0:
                    f1:67:4a:25:6c:79:30:53:eb:f6:09:a2:bc:68:23:
                    f9:e5:4f:ad:29:cb:b8:b0:a1:88:43:46:3a:6f:0a:
                    ed:37:fc:7c:42:a5:72:3a:55:13:7f:ed:be:b3:62:
                    6d:aa:bd:d0:22:4f:d7:43:3a:13:27:c7:f5:0d:3d:
                    5b:54:13:5e:ab:fb:7a:7d:a9:db:ef:20:84:57:57:
                    49:84:06:d8:2c:fb:68:44:f2:d0:3e:47:db:7f:44:
                    85:0a:c4:5e:96:14:c6:38:c8:6d:bd:9a:d6:1e:25:
                    38:88:3d:fb:eb:42:00:c1:56:be:48:fa:ed:38:9a:
                    c5:e6:6c:d8:6c:72:70:5e:1f:39:0b:12:27:88:dd:
                    71:11:13:89:5c:ab:2c:fb:ff:ec:c6:3b:1c:86:10:
                    79:6b:f0:9a:b1:d3:3a:ed:b2:26:8d:c2:b8:b4:dd:
                    3a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B2:AB:7A:68:39:16:08:F4:49:F9:0A:29:77:62:F0:52:5C:EB:C2
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Q7Kremg5Fgj0SfkKKXdi8FJc68I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4cd0:dc00::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:2c:66:26:e6:b8:8a:b8:bc:0c:b2:dd:5f:97:61:04:9e:2c:
         aa:94:29:53:77:24:65:0e:46:13:65:22:c4:3d:72:ae:0f:2c:
         d5:a4:a0:a6:df:76:32:86:57:d0:ff:3f:22:44:e4:7a:66:0e:
         57:84:f1:ff:a7:21:6c:e1:17:ef:11:2e:dd:a2:89:0f:2b:b7:
         e6:ab:c5:73:6b:c9:bc:9d:ef:2b:8d:7d:2e:b4:10:69:ae:10:
         71:27:4f:cc:39:a6:c5:e5:c2:8c:0d:72:3f:f7:0d:79:5f:3c:
         3c:81:26:3f:58:ed:66:fa:45:6e:bb:6c:82:9c:96:c2:47:8d:
         0b:8f:fd:65:5f:d9:88:94:00:c1:27:42:f7:7e:97:2d:29:3e:
         fb:2d:b4:37:ce:2c:0f:a2:d0:58:00:8c:70:92:7d:bf:91:8d:
         c1:45:7b:b9:f3:43:68:2d:a7:a3:1a:7f:99:91:c3:38:04:dd:
         48:6b:59:1b:6e:63:89:b2:2b:de:be:69:0c:42:c3:2c:37:b1:
         52:32:e0:a2:80:df:1a:c3:04:52:51:b8:87:5c:92:5c:4d:80:
         6d:18:15:02:cc:df:21:c9:1e:b3:41:72:cb:da:64:51:3d:71:
         12:cd:5a:60:6c:eb:40:49:c5:74:c3:a6:99:3d:3d:c4:b8:fd:
         d8:ff:d3:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2cnMpKymDMqJSAzR6B4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2IyYWI3YTY4MzkxNjA4ZjQ0OWY5MGEyOTc3NjJmMDUyNWNlYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGVocQ542NTvKt2vxPMfxVuBVH2l
CqnFgTGEmT7vc+8okQfTeyACNiD+sdAojCoEvCkTLeORyR1MfiqK0G2YolpwZ6cB
jxzKNXew4yXH07t5UIpB9n+CALDxZ0olbHkwU+v2CaK8aCP55U+tKcu4sKGIQ0Y6
bwrtN/x8QqVyOlUTf+2+s2Jtqr3QIk/XQzoTJ8f1DT1bVBNeq/t6fanb7yCEV1dJ
hAbYLPtoRPLQPkfbf0SFCsRelhTGOMhtvZrWHiU4iD3760IAwVa+SPrtOJrF5mzY
bHJwXh85CxIniN1xEROJXKss+//sxjschhB5a/CasdM67bImjcK4tN06RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEOyq3poORYI9En5Cil3YvBSXOvCMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvUTdLcmVtZzVGZ2owU2ZrS0tYZGk4RkpjNjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFM0NwA
MA0GCSqGSIb3DQEBCwUAA4IBAQCFLGYm5riKuLwMst1fl2EEniyqlClTdyRlDkYT
ZSLEPXKuDyzVpKCm33YyhlfQ/z8iROR6Zg5XhPH/pyFs4RfvES7dookPK7fmq8Vz
a8m8ne8rjX0utBBprhBxJ0/MOabF5cKMDXI/9w15Xzw8gSY/WO1m+kVuu2yCnJbC
R40Lj/1lX9mIlADBJ0L3fpctKT77LbQ3ziwPotBYAIxwkn2/kY3BRXu580NoLaej
Gn+ZkcM4BN1Ia1kbbmOJsivevmkMQsMsN7FSMuCigN8awwRSUbiHXJJcTYBtGBUC
zN8hyR6zQXLL2mRRPXESzVpgbOtAScV0w6aZPT3EuP3Y/9PJ
-----END CERTIFICATE-----