Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/PQGDAa5Ff-9v5H-X_hhk3izvlBE.roa
File:                     PQGDAa5Ff-9v5H-X_hhk3izvlBE.roa (raw, json)
Hash identifier:          jA2Ulpp0ZgdG5iBjaDEiKR3xTP6NtzfSXgBXAFXYw1A=
Subject key identifier:   3D:01:83:01:AE:45:7F:EF:6F:E4:7F:97:FE:18:64:DE:2C:EF:94:11
Certificate issuer:       /CN=8cfdefeced5cee8f1a6c93798e5a34b621f6dc0b
Certificate serial:       01917F0F1D4CB56F6244694CF69170E9B690
Authority key identifier: 8C:FD:EF:EC:ED:5C:EE:8F:1A:6C:93:79:8E:5A:34:B6:21:F6:DC:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jP3v7O1c7o8abJN5jlo0tiH23As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/PQGDAa5Ff-9v5H-X_hhk3izvlBE.roa
Signing time:             Fri 23 Aug 2024 11:46:22 +0000
ROA not before:           Fri 23 Aug 2024 11:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204003
IP address blocks:        2001:67c:20ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/jP3v7O1c7o8abJN5jlo0tiH23As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/jP3v7O1c7o8abJN5jlo0tiH23As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jP3v7O1c7o8abJN5jlo0tiH23As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:0f:1d:4c:b5:6f:62:44:69:4c:f6:91:70:e9:b6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cfdefeced5cee8f1a6c93798e5a34b621f6dc0b
        Validity
            Not Before: Aug 23 11:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d018301ae457fef6fe47f97fe1864de2cef9411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:99:c1:d9:fb:38:f8:58:03:53:55:92:fe:c4:
                    ec:15:80:5a:71:97:74:78:0c:a4:08:93:34:e2:04:
                    df:6c:0f:de:e8:b5:ad:88:fd:d0:ab:26:f8:c9:5e:
                    a7:dc:04:cd:e5:07:0d:7a:51:f8:df:d2:83:5d:8a:
                    d9:46:d1:48:c5:2f:37:b9:87:ee:e3:5b:7e:47:9a:
                    6e:3c:8d:15:56:2d:82:73:c2:d8:9b:94:76:cc:ee:
                    75:2e:0b:e5:2b:32:71:2e:19:46:b0:71:d4:99:61:
                    33:fa:af:f4:b4:9c:0a:43:a2:24:dc:5d:c2:94:59:
                    a1:0f:c2:a0:49:88:d2:2e:cf:db:11:19:ef:41:1c:
                    6b:03:e4:87:02:c1:3e:e9:3d:bb:72:59:ed:02:f4:
                    2b:96:c5:3c:31:92:e4:74:7f:28:5f:75:6e:17:5b:
                    e9:eb:cc:35:1e:5e:96:66:ae:5b:a3:68:4f:85:48:
                    15:2d:61:ef:23:67:a8:8d:a3:ef:a0:8f:9c:93:c1:
                    17:e1:da:98:d1:15:cc:cd:2b:46:7b:44:9c:ac:80:
                    e0:5f:ae:6e:e2:55:12:24:c4:4c:df:8a:26:04:06:
                    03:f6:55:4e:6a:a3:9c:a6:e0:55:01:4c:e3:d2:0b:
                    09:20:9a:44:ac:62:26:56:1b:89:dc:14:a7:cf:89:
                    8c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:01:83:01:AE:45:7F:EF:6F:E4:7F:97:FE:18:64:DE:2C:EF:94:11
            X509v3 Authority Key Identifier:
                keyid:8C:FD:EF:EC:ED:5C:EE:8F:1A:6C:93:79:8E:5A:34:B6:21:F6:DC:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jP3v7O1c7o8abJN5jlo0tiH23As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/PQGDAa5Ff-9v5H-X_hhk3izvlBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9fb7ab-f3cb-47fc-9a14-06cdeb38f7b6/1/jP3v7O1c7o8abJN5jlo0tiH23As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:20ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:59:51:85:7b:0a:37:35:94:a9:ce:32:20:b9:94:dc:3e:03:
         02:fb:5f:00:42:20:5b:d1:93:84:11:f5:0c:08:1a:11:59:67:
         cd:61:0c:7b:c6:d4:0e:26:37:93:65:83:25:9f:79:e8:27:dc:
         21:7c:53:f1:32:65:88:49:e2:28:be:88:36:c2:cb:42:05:50:
         b2:a4:30:ce:65:25:f0:f2:28:91:50:96:c0:b6:2c:d5:b4:ee:
         35:df:26:53:93:29:2b:9b:41:3b:de:0b:3d:21:92:e9:5e:0b:
         a4:bf:c3:8b:d3:2e:fc:8f:8e:76:dd:c3:19:61:b1:37:13:02:
         85:56:dc:19:46:dd:87:ab:92:48:b5:06:fc:e5:48:75:3d:97:
         d4:a7:03:bb:f2:93:10:b2:d3:19:12:47:d3:5b:3b:30:f5:6b:
         ec:cb:36:bd:f7:d5:f2:86:f3:9f:7d:eb:13:43:31:81:64:ac:
         c7:5c:19:d1:c8:0b:72:79:b5:29:b0:26:97:b2:f8:b8:08:9a:
         07:da:0c:24:11:f2:06:7f:ec:0d:a1:bc:8a:75:d2:8c:5c:36:
         eb:db:1f:e1:a7:b7:29:64:d3:45:bd:19:e4:2b:af:3b:10:43:
         30:3a:94:68:9e:72:3a:b4:70:78:72:ad:e1:68:75:49:1e:af:
         5d:f0:14:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF/Dx1MtW9iRGlM9pFw6baQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZmRlZmVjZWQ1Y2VlOGYxYTZjOTM3OThlNWEzNGI2MjFm
NmRjMGIwHhcNMjQwODIzMTE0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDAxODMwMWFlNDU3ZmVmNmZlNDdmOTdmZTE4NjRkZTJjZWY5NDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJnB2fs4+FgDU1WS/sTsFYBacZd0
eAykCJM04gTfbA/e6LWtiP3Qqyb4yV6n3ATN5QcNelH439KDXYrZRtFIxS83uYfu
41t+R5puPI0VVi2Cc8LYm5R2zO51LgvlKzJxLhlGsHHUmWEz+q/0tJwKQ6Ik3F3C
lFmhD8KgSYjSLs/bERnvQRxrA+SHAsE+6T27clntAvQrlsU8MZLkdH8oX3VuF1vp
68w1Hl6WZq5bo2hPhUgVLWHvI2eojaPvoI+ck8EX4dqY0RXMzStGe0ScrIDgX65u
4lUSJMRM34omBAYD9lVOaqOcpuBVAUzj0gsJIJpErGImVhuJ3BSnz4mM4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD0BgwGuRX/vb+R/l/4YZN4s75QRMB8GA1UdIwQY
MBaAFIz97+ztXO6PGmyTeY5aNLYh9twLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalAzdjdPMWM3bzhhYkpONWpsbzB0aUgyM0FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85ZmI3YWItZjNjYi00N2ZjLTlhMTQt
MDZjZGViMzhmN2I2LzEvUFFHREFhNUZmLTl2NUgtWF9oaGszaXp2bEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85ZmI3YWItZjNjYi00N2ZjLTlhMTQtMDZjZGViMzhmN2I2
LzEvalAzdjdPMWM3bzhhYkpONWpsbzB0aUgyM0FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCDs
MA0GCSqGSIb3DQEBCwUAA4IBAQAbWVGFewo3NZSpzjIguZTcPgMC+18AQiBb0ZOE
EfUMCBoRWWfNYQx7xtQOJjeTZYMln3noJ9whfFPxMmWISeIovog2wstCBVCypDDO
ZSXw8iiRUJbAtizVtO413yZTkykrm0E73gs9IZLpXgukv8OL0y78j4523cMZYbE3
EwKFVtwZRt2Hq5JItQb85Uh1PZfUpwO78pMQstMZEkfTWzsw9Wvsyza999XyhvOf
fesTQzGBZKzHXBnRyAtyebUpsCaXsvi4CJoH2gwkEfIGf+wNobyKddKMXDbr2x/h
p7cpZNNFvRnkK687EEMwOpRonnI6tHB4cq3haHVJHq9d8BRl
-----END CERTIFICATE-----