Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qd_B5EHX12KFdpT6SPCDchylQE8.roa
File:                     Qd_B5EHX12KFdpT6SPCDchylQE8.roa (raw, json)
Hash identifier:          +ccD5p6/2wvJzVqs43c+TQiWwS5USs33/h3rJMRwqr8=
Subject key identifier:   41:DF:C1:E4:41:D7:D7:62:85:76:94:FA:48:F0:83:72:1C:A5:40:4F
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018E856597C9E36F58F55071326BF9A57132
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qd_B5EHX12KFdpT6SPCDchylQE8.roa
Signing time:             Thu 28 Mar 2024 14:10:11 +0000
ROA not before:           Thu 28 Mar 2024 14:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        2a0d:3c46::/32 maxlen: 32
                          2a0f:3101::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:65:97:c9:e3:6f:58:f5:50:71:32:6b:f9:a5:71:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Mar 28 14:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41dfc1e441d7d762857694fa48f083721ca5404f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f2:ee:8f:11:24:73:5e:f9:de:a3:30:75:90:
                    21:00:07:d3:c1:d6:ef:2c:49:40:15:ed:34:b5:72:
                    59:56:97:e1:d2:67:34:2a:35:fd:52:f7:a1:12:d4:
                    63:13:f2:00:0e:03:12:c7:2e:f8:c4:77:83:d8:c8:
                    4d:69:9d:71:0a:5c:20:4d:cc:de:75:25:8c:ba:14:
                    c9:fe:de:62:48:a8:8b:19:dd:1c:21:72:ba:bd:db:
                    6b:0b:f5:07:93:3b:9a:bb:80:e9:b5:6f:b1:9e:5e:
                    3c:85:44:5b:e6:f0:22:e9:8d:db:72:df:43:fb:7f:
                    7f:10:8f:54:b2:4b:39:60:dc:fa:f4:eb:f7:20:54:
                    f7:9d:63:27:b3:4e:1d:e3:37:ec:a4:0c:45:ce:24:
                    50:1d:36:6e:2c:f4:27:76:f1:16:bb:20:8e:f5:41:
                    fc:4b:fe:b7:8b:01:8f:28:32:93:e9:70:0a:7b:52:
                    ef:5f:0e:5c:f3:a0:9d:32:d1:83:16:a5:0e:72:d6:
                    96:0f:97:9e:f4:cf:bb:6f:0d:73:01:40:1a:3d:ba:
                    a4:bd:cf:92:db:d4:40:bd:bd:aa:6b:68:4d:e7:1e:
                    d3:b5:90:25:ec:db:d0:f4:74:b3:0c:0e:e9:c5:46:
                    ed:94:48:f8:fd:00:a5:25:66:07:22:0b:ef:17:70:
                    b6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DF:C1:E4:41:D7:D7:62:85:76:94:FA:48:F0:83:72:1C:A5:40:4F
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qd_B5EHX12KFdpT6SPCDchylQE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3c46::/32
                  2a0f:3101::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:39:ef:47:5a:c7:33:d3:8f:4e:9f:d3:1a:31:bd:47:c1:50:
         f4:ad:28:24:db:d5:72:df:2c:d7:3c:ce:1a:eb:ad:1a:50:39:
         6e:ad:99:9d:2f:fc:f7:2f:58:b8:09:f9:f4:7e:cb:83:cf:d9:
         11:2c:f6:09:56:a7:c5:a9:d1:70:79:da:04:99:5b:7e:fb:f9:
         b4:ef:7f:33:e2:a6:cd:76:55:5f:46:ce:61:0b:14:a0:cb:27:
         bb:8e:f2:7d:be:ae:55:87:dd:73:e7:28:f7:97:89:50:fa:10:
         92:e0:02:e0:4b:51:09:4c:e8:af:43:e3:8b:d1:be:82:94:a2:
         2a:52:9f:43:52:16:45:0c:65:0d:84:8c:17:86:bb:c7:3f:e8:
         d2:f1:21:34:82:cb:f1:1d:84:63:b8:5b:43:2f:bc:40:02:6e:
         73:14:47:b4:07:80:4e:29:bc:6e:06:21:77:e9:23:4d:a8:5f:
         05:11:b0:a8:d5:35:bf:1a:c8:18:bb:ad:db:ee:c0:fe:6d:53:
         d1:21:fa:66:c1:23:b7:ee:9b:8f:2b:3d:3c:97:f9:08:ac:fb:
         13:b7:52:64:bb:63:74:d1:b3:10:8a:ff:50:72:2b:c4:f8:d3:
         4d:79:95:eb:5b:4b:b1:00:7a:40:d4:89:a3:db:99:78:8e:f9:
         68:de:0c:e5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY6FZZfJ429Y9VBxMmv5pXEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMzI4MTQxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWRmYzFlNDQxZDdkNzYyODU3Njk0ZmE0OGYwODM3MjFjYTU0MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fLujxEkc1753qMwdZAhAAfTwdbv
LElAFe00tXJZVpfh0mc0KjX9UvehEtRjE/IADgMSxy74xHeD2MhNaZ1xClwgTcze
dSWMuhTJ/t5iSKiLGd0cIXK6vdtrC/UHkzuau4DptW+xnl48hURb5vAi6Y3bct9D
+39/EI9Usks5YNz69Ov3IFT3nWMns04d4zfspAxFziRQHTZuLPQndvEWuyCO9UH8
S/63iwGPKDKT6XAKe1LvXw5c86CdMtGDFqUOctaWD5ee9M+7bw1zAUAaPbqkvc+S
29RAvb2qa2hN5x7TtZAl7NvQ9HSzDA7pxUbtlEj4/QClJWYHIgvvF3C2IwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEHfweRB19dihXaU+kjwg3IcpUBPMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvUWRfQjVFSFgxMktGZHBUNlNQQ0RjaHlsUUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg08RgMF
ACoPMQEwDQYJKoZIhvcNAQELBQADggEBACg570daxzPTj06f0xoxvUfBUPStKCTb
1XLfLNc8zhrrrRpQOW6tmZ0v/PcvWLgJ+fR+y4PP2REs9glWp8Wp0XB52gSZW377
+bTvfzPips12VV9GzmELFKDLJ7uO8n2+rlWH3XPnKPeXiVD6EJLgAuBLUQlM6K9D
44vRvoKUoipSn0NSFkUMZQ2EjBeGu8c/6NLxITSCy/EdhGO4W0MvvEACbnMUR7QH
gE4pvG4GIXfpI02oXwURsKjVNb8ayBi7rdvuwP5tU9Eh+mbBI7fum48rPTyX+Qis
+xO3UmS7Y3TRsxCK/1ByK8T40015letbS7EAekDUiaPbmXiO+WjeDOU=
-----END CERTIFICATE-----