Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/4qVpaGOAVvwgFJQwpb0c_QUQMGE.roa
File:                     4qVpaGOAVvwgFJQwpb0c_QUQMGE.roa (raw, json)
Hash identifier:          W+r545klIGuCsHZ8QGCQfkWKzNqch79gJYRWUiU5Ft4=
Subject key identifier:   E2:A5:69:68:63:80:56:FC:20:14:94:30:A5:BD:1C:FD:05:10:30:61
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE807EFFE933354E7AA70E686F4D1F
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/4qVpaGOAVvwgFJQwpb0c_QUQMGE.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        2a07:290a::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:80:7e:ff:e9:33:35:4e:7a:a7:0e:68:6f:4d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a56968638056fc20149430a5bd1cfd05103061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1e:06:c5:5c:7a:04:ae:32:19:26:19:0d:0f:
                    68:ca:ca:3a:94:3e:43:c1:d0:db:8e:45:ef:17:95:
                    53:5d:2c:f8:cb:07:3d:66:1e:fd:0d:2c:78:46:67:
                    e9:40:6d:b0:83:20:05:47:6e:06:d1:99:b7:1d:80:
                    d7:1f:fd:77:e5:af:57:3e:f3:6a:ed:20:c6:42:3e:
                    29:5a:36:f8:0a:46:13:05:42:c2:bb:3b:8f:09:96:
                    93:2e:49:42:fd:a1:16:01:f7:43:50:43:69:e9:07:
                    d7:6d:53:ca:de:00:eb:41:19:01:fd:1e:72:ea:e3:
                    b8:b7:df:08:ff:ee:4a:11:54:ce:16:24:78:fa:6b:
                    fb:17:1c:c0:d4:32:d3:c2:93:30:3c:3d:24:1f:da:
                    0a:ac:49:ef:7e:c8:6f:ae:af:72:c2:93:bd:a2:64:
                    bf:3b:e9:b3:b4:14:a7:13:d3:79:0c:43:48:d4:fd:
                    72:e6:bc:06:2a:c5:23:09:56:fa:24:34:02:33:6b:
                    22:4f:54:c3:6a:4a:dd:53:57:cb:dc:aa:9b:d8:22:
                    a8:af:21:5a:57:40:09:31:af:0a:a8:47:ac:10:d8:
                    48:62:29:6c:6f:0a:a9:99:84:24:4c:58:82:89:8d:
                    7f:46:20:f7:9f:f1:4c:fe:19:57:f4:07:4e:61:f4:
                    c6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A5:69:68:63:80:56:FC:20:14:94:30:A5:BD:1C:FD:05:10:30:61
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/4qVpaGOAVvwgFJQwpb0c_QUQMGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:290a::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:91:5b:e4:40:21:53:11:8f:51:eb:b6:4c:c6:45:30:8d:67:
         ce:f4:4b:aa:49:bd:86:e8:73:4c:bb:1e:4c:28:d5:e9:58:26:
         dd:27:35:df:5b:87:3b:ee:fc:bb:b5:07:8e:59:e1:14:84:79:
         5c:f5:4d:f3:85:97:3f:2f:bc:6f:69:97:cf:52:4e:5d:b0:3f:
         ab:ec:3a:19:d3:90:cc:36:cb:68:bf:f3:77:ef:33:21:7d:e5:
         d5:90:73:7f:3d:bc:c8:0d:62:94:42:53:18:92:c7:5b:d1:19:
         1d:b1:ca:b9:86:ff:d6:25:90:6c:5c:bc:04:be:eb:9b:f6:dd:
         cc:b7:c1:d9:5d:a0:a3:3a:73:06:b9:30:c1:d2:11:9a:b9:83:
         1b:1c:c5:fc:2b:b2:c1:66:e1:4d:5a:77:6f:bf:15:59:33:a9:
         4e:a6:0a:6d:5c:f6:02:2c:0b:6c:44:13:45:a1:03:ff:51:82:
         59:7c:76:eb:0e:8b:2f:c3:39:37:cb:c0:34:1b:e9:77:87:51:
         7c:a2:50:12:67:08:d4:98:14:a8:f0:21:80:d0:95:14:7f:f9:
         0a:c6:73:b0:cd:52:ca:69:d9:1f:37:15:40:28:93:46:67:2c:
         cf:41:78:c6:58:78:ca:33:d6:91:9f:8a:db:81:27:a6:09:01:
         eb:27:02:07
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3oB+/+kzNU56pw5ob00fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE1Njk2ODYzODA1NmZjMjAxNDk0MzBhNWJkMWNmZDA1MTAzMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB4GxVx6BK4yGSYZDQ9oyso6lD5D
wdDbjkXvF5VTXSz4ywc9Zh79DSx4RmfpQG2wgyAFR24G0Zm3HYDXH/135a9XPvNq
7SDGQj4pWjb4CkYTBULCuzuPCZaTLklC/aEWAfdDUENp6QfXbVPK3gDrQRkB/R5y
6uO4t98I/+5KEVTOFiR4+mv7FxzA1DLTwpMwPD0kH9oKrEnvfshvrq9ywpO9omS/
O+mztBSnE9N5DENI1P1y5rwGKsUjCVb6JDQCM2siT1TDakrdU1fL3Kqb2CKoryFa
V0AJMa8KqEesENhIYilsbwqpmYQkTFiCiY1/RiD3n/FM/hlX9AdOYfTGiwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOKlaWhjgFb8IBSUMKW9HP0FEDBhMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvNHFWcGFHT0FWdndnRkpRd3BiMGNfUVVRTUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpCjAN
BgkqhkiG9w0BAQsFAAOCAQEARZFb5EAhUxGPUeu2TMZFMI1nzvRLqkm9huhzTLse
TCjV6Vgm3Sc131uHO+78u7UHjlnhFIR5XPVN84WXPy+8b2mXz1JOXbA/q+w6GdOQ
zDbLaL/zd+8zIX3l1ZBzfz28yA1ilEJTGJLHW9EZHbHKuYb/1iWQbFy8BL7rm/bd
zLfB2V2gozpzBrkwwdIRmrmDGxzF/CuywWbhTVp3b78VWTOpTqYKbVz2AiwLbEQT
RaED/1GCWXx26w6LL8M5N8vANBvpd4dRfKJQEmcI1JgUqPAhgNCVFH/5CsZzsM1S
ymnZHzcVQCiTRmcsz0F4xlh4yjPWkZ+K24EnpgkB6ycCBw==
-----END CERTIFICATE-----