Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/QxzZseWdf0HAnLVzsTHbB6TZRPo.roa
File:                     QxzZseWdf0HAnLVzsTHbB6TZRPo.roa (raw, json)
Hash identifier:          LcVkagAwGQNjDVIqU06sG6TuMZ2ITtZZGjuQtkOWeTg=
Subject key identifier:   43:1C:D9:B1:E5:9D:7F:41:C0:9C:B5:73:B1:31:DB:07:A4:D9:44:FA
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       018CC5014CBF48A2C9F7CE9171F662B83AFE
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/QxzZseWdf0HAnLVzsTHbB6TZRPo.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204508
IP address blocks:        2a04:f280::/40 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:bf:48:a2:c9:f7:ce:91:71:f6:62:b8:3a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=431cd9b1e59d7f41c09cb573b131db07a4d944fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9c:f8:48:e1:a0:7d:0b:1e:94:1b:12:0f:49:
                    6a:e8:f3:c3:93:42:64:32:72:d8:29:8a:e7:72:4d:
                    41:70:64:4e:8b:10:49:a5:bc:d5:0a:83:11:38:43:
                    d9:4a:62:19:18:2f:20:7d:31:dc:ee:09:ce:9c:fd:
                    47:24:e6:0a:a4:13:5e:8f:8c:da:34:f8:c2:e4:fb:
                    4c:06:81:89:4b:d5:e1:68:07:e5:73:27:e5:62:e5:
                    61:2e:d1:05:e5:e1:2f:46:8d:b1:40:57:7a:99:cc:
                    47:6d:bd:b1:7d:bb:ff:e1:3e:f2:06:5b:3c:14:c5:
                    62:b8:71:ce:3d:3f:ca:6c:f3:f3:f6:d2:56:26:5f:
                    2d:28:8e:c6:2d:2a:7e:ce:ea:c2:92:e5:40:9d:d6:
                    5f:1e:e5:67:4a:f6:f1:da:91:e9:73:72:b6:8c:d5:
                    a8:1a:35:7e:82:83:85:86:9a:a2:66:91:6a:e9:7f:
                    da:87:14:d0:95:10:44:2b:83:4e:2f:91:8a:73:b6:
                    3d:15:ee:de:95:f0:74:ec:5b:d3:30:d4:8e:24:78:
                    7c:db:68:34:31:d9:c0:27:43:1e:03:ca:17:86:a2:
                    a2:d2:06:8e:7e:21:93:64:3c:d0:c8:e9:56:53:1b:
                    72:6a:08:8b:2a:ba:5d:41:ba:d2:a7:a9:68:d9:61:
                    56:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1C:D9:B1:E5:9D:7F:41:C0:9C:B5:73:B1:31:DB:07:A4:D9:44:FA
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/QxzZseWdf0HAnLVzsTHbB6TZRPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         4e:4d:a5:4c:b9:da:3e:2b:50:9e:40:99:43:2a:0c:77:cf:cc:
         ff:ab:c9:52:bc:ae:92:8f:bf:61:25:99:bf:7e:8b:24:c5:db:
         57:b3:21:27:2e:34:0e:78:41:d3:cf:6e:7b:9c:ba:7c:19:f8:
         10:56:1d:b5:d2:52:af:d7:76:e8:b7:f6:c7:2d:98:ed:9e:d9:
         46:42:aa:a0:e8:a3:45:85:3f:e2:96:13:e3:53:97:d9:39:f0:
         ed:74:86:65:a9:29:b9:62:34:c1:bf:e8:42:5f:f3:c3:e3:e2:
         a0:1d:2b:d3:90:0f:9a:87:c2:c7:01:8d:88:20:42:2b:5f:4b:
         02:76:42:9d:63:bf:72:17:4b:82:90:eb:fa:93:e1:ac:a2:77:
         4f:57:12:d1:f4:1f:41:a5:36:80:d4:b1:55:75:11:28:d5:97:
         f2:23:57:7b:78:53:3b:20:d6:1b:4c:de:ad:41:8d:6b:d2:ba:
         eb:18:e3:e2:52:76:2e:66:56:ce:17:67:a8:40:6e:1a:53:9a:
         8a:74:b0:59:5a:39:39:b5:a5:d6:0c:a4:d1:ee:01:76:d0:08:
         4c:ce:7f:4b:f4:c2:dc:7b:1c:bb:ef:6b:d2:b2:a4:8f:c4:62:
         b7:2f:e5:b4:8c:77:a6:34:1d:6a:b5:bc:1f:8d:e6:7c:3b:23:
         92:ef:e6:8a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAUy/SKLJ986RcfZiuDr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFjZDliMWU1OWQ3ZjQxYzA5Y2I1NzNiMTMxZGIwN2E0ZDk0NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5z4SOGgfQselBsSD0lq6PPDk0Jk
MnLYKYrnck1BcGROixBJpbzVCoMROEPZSmIZGC8gfTHc7gnOnP1HJOYKpBNej4za
NPjC5PtMBoGJS9XhaAflcyflYuVhLtEF5eEvRo2xQFd6mcxHbb2xfbv/4T7yBls8
FMViuHHOPT/KbPPz9tJWJl8tKI7GLSp+zurCkuVAndZfHuVnSvbx2pHpc3K2jNWo
GjV+goOFhpqiZpFq6X/ahxTQlRBEK4NOL5GKc7Y9Fe7elfB07FvTMNSOJHh822g0
MdnAJ0MeA8oXhqKi0gaOfiGTZDzQyOlWUxtyagiLKrpdQbrSp6lo2WFWuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEMc2bHlnX9BwJy1c7Ex2wek2UT6MB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvUXh6WnNlV2RmMEhBbkxWenNUSGJCNlRaUlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgTygAAw
DQYJKoZIhvcNAQELBQADggEBAE5NpUy52j4rUJ5AmUMqDHfPzP+ryVK8rpKPv2El
mb9+iyTF21ezIScuNA54QdPPbnucunwZ+BBWHbXSUq/Xdui39sctmO2e2UZCqqDo
o0WFP+KWE+NTl9k58O10hmWpKbliNMG/6EJf88Pj4qAdK9OQD5qHwscBjYggQitf
SwJ2Qp1jv3IXS4KQ6/qT4ayid09XEtH0H0GlNoDUsVV1ESjVl/IjV3t4Uzsg1htM
3q1BjWvSuusY4+JSdi5mVs4XZ6hAbhpTmop0sFlaOTm1pdYMpNHuAXbQCEzOf0v0
wtx7HLvva9KypI/EYrcv5bSMd6Y0HWq1vB+N5nw7I5Lv5oo=
-----END CERTIFICATE-----