Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/qhfy9J3hmWj07IWPmBCIHeF7xFw.roa
File:                     qhfy9J3hmWj07IWPmBCIHeF7xFw.roa (raw, json)
Hash identifier:          w7+8T/bLTspAk6W8SrIsoufPCTCPG1paPC/piEydfaY=
Subject key identifier:   AA:17:F2:F4:9D:E1:99:68:F4:EC:85:8F:98:10:88:1D:E1:7B:C4:5C
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       018CC34965166F4FA8107F685DC79F7E8F83
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/qhfy9J3hmWj07IWPmBCIHeF7xFw.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:678:2cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:16:6f:4f:a8:10:7f:68:5d:c7:9f:7e:8f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa17f2f49de19968f4ec858f9810881de17bc45c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ba:be:c2:7c:7a:34:ea:5f:0f:29:ee:db:33:
                    0e:f4:01:05:b7:53:52:1c:0c:1f:24:09:46:37:62:
                    a8:a7:a7:04:48:f8:5f:f6:92:e8:73:6e:85:af:73:
                    2c:47:f2:ad:19:86:e5:17:be:51:1b:11:72:f3:31:
                    7f:6d:ca:6c:a9:2c:84:c4:4f:5d:71:09:a8:fb:ee:
                    99:52:bc:24:95:06:81:6f:d8:f4:36:1f:2e:db:91:
                    66:1a:44:e5:15:a5:28:9a:67:f9:91:7b:9e:5d:43:
                    93:47:22:eb:27:cb:66:89:21:1d:bc:12:3a:06:36:
                    ab:93:ad:86:5c:e8:12:91:a6:88:d7:4d:ff:0a:64:
                    a3:c3:08:f0:87:37:99:05:15:a5:1e:61:c2:5c:05:
                    ea:d4:59:9f:34:a6:a1:e5:9c:57:7a:a0:b0:5a:79:
                    d8:99:17:81:10:44:9f:3c:af:23:e5:f6:d6:37:fd:
                    3e:22:c6:02:13:45:66:84:3f:d6:c8:7e:7f:9d:a5:
                    06:fd:25:db:4e:ed:49:4b:38:ba:81:ea:3e:7f:a4:
                    31:00:73:39:c1:4b:92:d5:69:3d:d4:09:88:34:69:
                    34:18:40:eb:a6:bc:f0:47:2c:f0:98:3d:db:9c:36:
                    e2:7d:62:51:bf:dc:69:e7:e1:4e:16:f7:d4:45:be:
                    73:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:17:F2:F4:9D:E1:99:68:F4:EC:85:8F:98:10:88:1D:E1:7B:C4:5C
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/qhfy9J3hmWj07IWPmBCIHeF7xFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:55:62:59:04:de:1f:3d:8e:97:f2:a7:a2:fc:b9:07:d1:10:
         88:90:4c:04:29:a6:93:d7:fe:0e:5e:b9:fb:4b:ed:1b:dc:b5:
         b2:94:3c:dc:aa:61:32:2b:12:83:db:e5:ff:16:ac:25:97:7a:
         0c:37:e5:3f:05:23:f3:93:63:ef:56:cb:d2:d0:8f:5e:b1:15:
         11:35:50:6d:77:48:7f:65:c4:db:35:46:a5:72:07:1b:86:2a:
         f6:b3:3b:50:f1:5a:15:d6:f3:c1:99:bc:08:10:b2:a5:66:18:
         a2:fa:2b:c7:d0:e3:52:c9:d8:d8:df:53:3c:4e:ac:fb:b9:19:
         ec:a7:19:46:6e:ff:b2:ca:e9:82:5a:c7:0c:2c:2a:f3:e1:7e:
         e9:d1:e8:f1:52:08:a3:d8:f0:0e:7d:1e:a6:b7:a0:26:f1:1d:
         ff:dd:a7:a5:14:9e:70:2f:41:05:50:69:a6:44:f8:36:33:65:
         0b:73:74:65:1f:40:84:61:b5:8a:1f:f1:1a:11:0b:fd:3a:00:
         ce:25:0b:90:01:fd:38:20:ab:35:a4:26:ef:8a:d5:96:a0:d5:
         8e:8f:b4:ac:9d:7b:30:82:d7:63:8f:fc:7c:c2:ac:1b:a1:c4:
         dd:4a:14:c9:cf:af:6c:71:9a:6d:71:09:8d:09:9f:d5:50:bf:
         ee:7e:da:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSWUWb0+oEH9oXceffo+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE3ZjJmNDlkZTE5OTY4ZjRlYzg1OGY5ODEwODgxZGUxN2JjNDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbq+wnx6NOpfDynu2zMO9AEFt1NS
HAwfJAlGN2Kop6cESPhf9pLoc26Fr3MsR/KtGYblF75RGxFy8zF/bcpsqSyExE9d
cQmo++6ZUrwklQaBb9j0Nh8u25FmGkTlFaUommf5kXueXUOTRyLrJ8tmiSEdvBI6
Bjark62GXOgSkaaI103/CmSjwwjwhzeZBRWlHmHCXAXq1FmfNKah5ZxXeqCwWnnY
mReBEESfPK8j5fbWN/0+IsYCE0VmhD/WyH5/naUG/SXbTu1JSzi6geo+f6QxAHM5
wUuS1Wk91AmINGk0GEDrprzwRyzwmD3bnDbifWJRv9xp5+FOFvfURb5zCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKoX8vSd4Zlo9OyFj5gQiB3he8RcMB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvcWhmeTlKM2htV2owN0lXUG1CQ0lIZUY3eEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQBxVWJZBN4fPY6X8qei/LkH0RCIkEwEKaaT1/4O
Xrn7S+0b3LWylDzcqmEyKxKD2+X/Fqwll3oMN+U/BSPzk2PvVsvS0I9esRURNVBt
d0h/ZcTbNUalcgcbhir2sztQ8VoV1vPBmbwIELKlZhii+ivH0ONSydjY31M8Tqz7
uRnspxlGbv+yyumCWscMLCrz4X7p0ejxUgij2PAOfR6mt6Am8R3/3aelFJ5wL0EF
UGmmRPg2M2ULc3RlH0CEYbWKH/EaEQv9OgDOJQuQAf04IKs1pCbvitWWoNWOj7Ss
nXswgtdjj/x8wqwbocTdShTJz69scZptcQmNCZ/VUL/uftor
-----END CERTIFICATE-----