Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/QNUdrvwe6lyFAsywdVJfIRLAKlY.roa
File:                     QNUdrvwe6lyFAsywdVJfIRLAKlY.roa (raw, json)
Hash identifier:          r5d8TXirwEC36NvrWyANl8uE9Nb8babrGApX6K62/5s=
Subject key identifier:   40:D5:1D:AE:FC:1E:EA:5C:85:02:CC:B0:75:52:5F:21:12:C0:2A:56
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       0194258F7253D18ADD42AFEB3EC9B1076D63
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/QNUdrvwe6lyFAsywdVJfIRLAKlY.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207530
IP address blocks:        2a09:d2c1:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:72:53:d1:8a:dd:42:af:eb:3e:c9:b1:07:6d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40d51daefc1eea5c8502ccb075525f2112c02a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ca:d7:bd:2e:5e:11:e6:ec:3f:f2:be:83:d8:
                    e7:24:08:7f:d6:b7:7e:7d:b8:01:de:a7:d4:a9:5c:
                    44:25:ba:a1:37:4f:30:51:18:98:79:4f:59:ce:57:
                    a0:9e:bb:46:e2:6b:23:63:ca:ce:55:bb:f8:4c:79:
                    23:f2:93:f8:ed:9a:5c:a3:30:9a:0b:44:e3:23:42:
                    ec:0b:c6:2e:f9:ec:d4:b1:a3:c4:91:c4:7f:44:1c:
                    b8:c3:0f:04:32:75:1f:e6:ab:d4:b3:70:2e:78:02:
                    e4:32:cd:14:13:25:28:52:dd:02:46:3e:27:67:9c:
                    1d:fc:9e:0c:27:bc:aa:9f:f1:60:05:3e:ec:8e:e3:
                    b6:20:0f:a8:3f:4f:5d:41:73:1e:91:92:1e:09:fe:
                    ac:1b:be:6b:87:b7:de:78:da:1f:36:b2:48:dd:25:
                    b1:76:ad:4d:97:fc:45:de:e4:e9:cd:57:20:bf:69:
                    0c:84:2c:f2:61:85:a9:c9:d5:ae:a4:12:b4:86:df:
                    97:5e:da:72:a1:2e:a8:bf:b0:29:ef:04:fe:83:c2:
                    04:33:03:99:e0:d6:dc:2c:be:24:83:28:a0:d1:80:
                    1a:22:97:48:ee:e0:b5:b4:21:16:2d:e3:d8:01:a5:
                    6e:c1:3b:38:f9:81:a2:34:f4:ce:e2:29:13:1c:2d:
                    4c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D5:1D:AE:FC:1E:EA:5C:85:02:CC:B0:75:52:5F:21:12:C0:2A:56
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/QNUdrvwe6lyFAsywdVJfIRLAKlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:c2:a6:c1:41:c8:e4:c5:ad:16:08:97:9f:9e:e3:89:3a:00:
         ac:8a:fc:ed:e1:f1:5c:d2:0d:80:ad:e6:69:d1:4d:28:9a:d7:
         2a:38:37:5f:6c:cf:86:7c:32:ec:01:54:62:f2:bf:f0:01:20:
         63:b7:74:83:59:98:76:5f:a9:73:c0:2f:53:2f:41:37:78:f1:
         c8:fe:0d:35:51:f8:e0:ca:76:33:08:59:76:0c:87:e3:15:01:
         e5:a3:50:31:69:1b:50:9d:37:6d:fd:92:3c:f2:b1:d0:80:ed:
         fe:11:b4:69:83:5c:5d:1a:9e:47:42:79:d8:db:58:60:ce:44:
         33:a4:69:07:f8:4f:92:be:47:5f:64:10:ab:46:b2:42:fa:cc:
         22:35:ae:3d:67:53:1d:78:55:4d:76:76:5e:77:0a:14:20:0d:
         90:e3:68:f0:30:b0:95:b9:4e:4c:a2:ad:3e:8b:f5:44:87:98:
         e9:48:07:2c:c1:85:32:55:51:fd:cd:7b:8b:09:0f:13:29:0e:
         cf:19:82:5c:11:6a:ef:68:41:60:01:ce:19:e2:67:67:0a:e8:
         67:7f:bc:e1:f0:a7:f2:68:3a:f7:69:41:08:c9:0b:30:62:c8:
         a1:21:7d:ae:8b:eb:0f:fb:91:36:e1:71:38:74:ea:7b:eb:b6:
         32:dd:f1:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj3JT0YrdQq/rPsmxB21jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ1MWRhZWZjMWVlYTVjODUwMmNjYjA3NTUyNWYyMTEyYzAyYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncrXvS5eEebsP/K+g9jnJAh/1rd+
fbgB3qfUqVxEJbqhN08wURiYeU9ZzlegnrtG4msjY8rOVbv4THkj8pP47ZpcozCa
C0TjI0LsC8Yu+ezUsaPEkcR/RBy4ww8EMnUf5qvUs3AueALkMs0UEyUoUt0CRj4n
Z5wd/J4MJ7yqn/FgBT7sjuO2IA+oP09dQXMekZIeCf6sG75rh7feeNofNrJI3SWx
dq1Nl/xF3uTpzVcgv2kMhCzyYYWpydWupBK0ht+XXtpyoS6ov7Ap7wT+g8IEMwOZ
4NbcLL4kgyig0YAaIpdI7uC1tCEWLePYAaVuwTs4+YGiNPTO4ikTHC1M0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEDVHa78HupchQLMsHVSXyESwCpWMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvUU5VZHJ2d2U2bHlGQXN5d2RWSmZJUkxBS2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQB2wqbBQcjkxa0WCJefnuOJOgCsivzt4fFc0g2A
reZp0U0omtcqODdfbM+GfDLsAVRi8r/wASBjt3SDWZh2X6lzwC9TL0E3ePHI/g01
UfjgynYzCFl2DIfjFQHlo1AxaRtQnTdt/ZI88rHQgO3+EbRpg1xdGp5HQnnY21hg
zkQzpGkH+E+SvkdfZBCrRrJC+swiNa49Z1MdeFVNdnZedwoUIA2Q42jwMLCVuU5M
oq0+i/VEh5jpSAcswYUyVVH9zXuLCQ8TKQ7PGYJcEWrvaEFgAc4Z4mdnCuhnf7zh
8KfyaDr3aUEIyQswYsihIX2ui+sP+5E24XE4dOp767Yy3fGb
-----END CERTIFICATE-----