Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/qFB-AfrzECXh6GN5dVSZvb0x6SI.roa
File:                     qFB-AfrzECXh6GN5dVSZvb0x6SI.roa (raw, json)
Hash identifier:          GzIs503Dc0bsL2WCHQKf2MOheJQNWlvUYNrT8tj73vc=
Subject key identifier:   A8:50:7E:01:FA:F3:10:25:E1:E8:63:79:75:54:99:BD:BD:31:E9:22
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       019421B19F180D05C7F9DD40616B60110985
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/qFB-AfrzECXh6GN5dVSZvb0x6SI.roa
Signing time:             Wed 01 Jan 2025 11:47:56 +0000
ROA not before:           Wed 01 Jan 2025 11:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21150
IP address blocks:        2a01:8180:1000::/36 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9f:18:0d:05:c7:f9:dd:40:61:6b:60:11:09:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 11:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8507e01faf31025e1e86379755499bdbd31e922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1a:da:6b:47:54:85:59:e2:75:02:ef:c8:ec:
                    30:c3:da:bd:bb:6f:d0:68:f7:f3:6d:c8:f3:7c:42:
                    61:d2:62:f6:8b:c8:d2:a8:68:b5:9a:f8:53:72:ab:
                    cd:9e:bd:98:1b:e3:45:86:4b:e2:b8:3b:b2:0c:f2:
                    e4:86:fd:65:4c:63:da:8c:d5:2c:d8:2a:a4:82:9e:
                    91:b5:5f:90:ed:ca:fc:70:86:76:8f:fb:91:9e:fa:
                    2f:f8:c6:4e:02:30:b2:f5:b2:8e:2b:49:3e:3e:a3:
                    64:e4:50:44:82:a9:2a:69:25:e7:3e:f5:f7:25:4a:
                    e9:df:41:15:81:d4:9b:a6:77:cd:b9:c0:93:5e:b4:
                    73:63:59:4d:d0:8e:8c:58:0f:a1:da:41:37:98:a6:
                    7d:58:42:71:72:82:66:47:51:54:27:5b:07:29:5e:
                    da:39:0b:6c:62:17:ff:2c:52:a3:9d:92:ba:a5:8c:
                    51:9b:9d:26:58:57:de:2a:03:7c:d0:99:59:66:71:
                    23:fb:35:26:8a:3e:98:7f:ac:69:56:fb:97:5e:a1:
                    15:a6:fe:2e:39:a2:0b:83:2e:fc:2b:69:90:44:31:
                    c5:f6:f1:10:dd:42:63:32:fa:05:05:6c:ae:35:62:
                    de:e7:88:7b:15:14:9a:ea:22:0f:89:a4:50:a0:1d:
                    21:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:50:7E:01:FA:F3:10:25:E1:E8:63:79:75:54:99:BD:BD:31:E9:22
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/qFB-AfrzECXh6GN5dVSZvb0x6SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8180:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         53:98:b0:b6:dc:6d:35:1b:95:96:be:5a:2d:d4:73:e8:53:af:
         e5:3e:9f:e5:56:e1:14:f5:ee:32:d3:df:e1:fd:0e:00:e7:68:
         d2:07:20:45:54:c4:33:63:c0:46:59:77:3b:5f:1b:99:c9:52:
         48:08:5a:2e:70:ba:1f:f5:b0:ab:1f:c5:d2:4f:a7:e5:f0:0d:
         88:1e:a1:82:8f:42:9e:7a:8d:58:29:84:ef:7e:60:c0:7f:22:
         d2:12:4b:8f:9b:09:9c:45:91:28:63:d5:ec:d8:bb:61:e7:be:
         d0:f8:97:24:53:c4:25:43:7a:ef:9b:f6:3b:2a:a4:b6:77:f6:
         b3:ec:6a:56:da:6f:31:52:91:4a:02:25:94:f2:da:b9:de:46:
         97:d5:40:7a:c8:e1:26:ef:e2:e4:2b:1c:6f:35:37:f6:ba:58:
         5f:37:6a:7a:5e:4b:1e:82:63:93:7f:b7:05:43:2f:d1:1a:dc:
         00:3f:9c:6c:f7:f1:2c:66:30:36:dc:79:37:cf:8c:4b:41:03:
         3a:e0:0c:c9:68:e8:15:c7:cb:77:d0:53:e0:1b:44:5b:73:0b:
         99:78:d6:59:15:cc:56:d7:95:39:59:4c:81:e0:60:56:2a:13:
         1a:d8:9a:0c:fa:cd:02:b0:45:8b:a4:c8:1b:57:9e:84:2b:c2:
         0a:19:90:5a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhsZ8YDQXH+d1AYWtgEQmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjUwMTAxMTE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODUwN2UwMWZhZjMxMDI1ZTFlODYzNzk3NTU0OTliZGJkMzFlOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxraa0dUhVnidQLvyOwww9q9u2/Q
aPfzbcjzfEJh0mL2i8jSqGi1mvhTcqvNnr2YG+NFhkviuDuyDPLkhv1lTGPajNUs
2Cqkgp6RtV+Q7cr8cIZ2j/uRnvov+MZOAjCy9bKOK0k+PqNk5FBEgqkqaSXnPvX3
JUrp30EVgdSbpnfNucCTXrRzY1lN0I6MWA+h2kE3mKZ9WEJxcoJmR1FUJ1sHKV7a
OQtsYhf/LFKjnZK6pYxRm50mWFfeKgN80JlZZnEj+zUmij6Yf6xpVvuXXqEVpv4u
OaILgy78K2mQRDHF9vEQ3UJjMvoFBWyuNWLe54h7FRSa6iIPiaRQoB0hrwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKhQfgH68xAl4ehjeXVUmb29MekiMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvcUZCLUFmcnpFQ1hoNkdONWRWU1p2YjB4NlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgGBgBAw
DQYJKoZIhvcNAQELBQADggEBAFOYsLbcbTUblZa+Wi3Uc+hTr+U+n+VW4RT17jLT
3+H9DgDnaNIHIEVUxDNjwEZZdztfG5nJUkgIWi5wuh/1sKsfxdJPp+XwDYgeoYKP
Qp56jVgphO9+YMB/ItISS4+bCZxFkShj1ezYu2HnvtD4lyRTxCVDeu+b9jsqpLZ3
9rPsalbabzFSkUoCJZTy2rneRpfVQHrI4Sbv4uQrHG81N/a6WF83anpeSx6CY5N/
twVDL9Ea3AA/nGz38SxmMDbceTfPjEtBAzrgDMlo6BXHy3fQU+AbRFtzC5l41lkV
zFbXlTlZTIHgYFYqExrYmgz6zQKwRYukyBtXnoQrwgoZkFo=
-----END CERTIFICATE-----