Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Qvihp-kYSJRVR8yCJN7kWU1FyhI.roa
File:                     Qvihp-kYSJRVR8yCJN7kWU1FyhI.roa (raw, json)
Hash identifier:          zziZaRaz9dIUoDbUIaAFkCLalkFIAJ2WBLcCz5gMSh0=
Subject key identifier:   42:F8:A1:A7:E9:18:48:94:55:47:CC:82:24:DE:E4:59:4D:45:CA:12
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD81F26DDDE511C16000771FCC2AD
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Qvihp-kYSJRVR8yCJN7kWU1FyhI.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199326
IP address blocks:        2a03:5840:f5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d8:1f:26:dd:de:51:1c:16:00:07:71:fc:c2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42f8a1a7e91848945547cc8224dee4594d45ca12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:94:85:5a:97:75:3d:24:e0:5d:21:73:b9:44:
                    21:10:dc:c0:03:9a:e3:d2:a9:75:ef:08:4f:b9:37:
                    8d:53:82:61:26:f9:30:ab:58:6a:46:2e:de:9e:1d:
                    c0:e2:a5:36:37:42:2e:e0:66:f4:e1:78:ae:f8:89:
                    4d:e8:3f:8e:fd:59:4a:35:55:64:61:2f:77:52:83:
                    0b:7c:2e:a3:9f:5a:82:19:8a:d2:3d:d6:22:f1:e6:
                    48:42:08:b9:3c:e1:6f:76:0c:d0:a8:5c:dd:3c:0d:
                    4a:fe:8b:31:32:86:3d:03:0d:ab:1d:f1:33:7c:a3:
                    3e:40:8e:42:ad:1e:cf:d8:ae:b8:43:46:56:67:4b:
                    51:e1:8d:69:3c:6d:e1:aa:8d:a7:87:be:70:d3:39:
                    a0:b8:fe:7f:66:32:7b:0d:c9:9b:43:7f:f2:71:10:
                    70:f5:ed:c7:c3:40:23:5a:19:ce:f3:6f:ce:94:40:
                    9e:d8:67:79:65:77:4b:3b:2a:d9:db:15:cd:b6:25:
                    42:97:10:67:ff:8b:f3:63:5a:b5:38:ec:b3:93:16:
                    81:ca:e6:3c:33:e1:f7:0e:14:9e:e8:fb:65:13:53:
                    ff:33:a0:f0:88:22:42:f4:d9:83:10:16:5f:85:3b:
                    b8:d7:9f:91:54:1a:52:4b:7c:a0:d6:d0:f6:77:a9:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F8:A1:A7:E9:18:48:94:55:47:CC:82:24:DE:E4:59:4D:45:CA:12
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Qvihp-kYSJRVR8yCJN7kWU1FyhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f5::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:44:6a:32:b8:ec:88:d6:06:d5:35:c1:5f:9d:1c:66:90:68:
         1d:08:9e:a7:3f:a8:48:e0:dc:81:d9:e1:57:52:08:c3:9b:7e:
         64:33:ad:13:77:40:e7:d5:a4:16:ec:62:05:0a:b4:18:b0:1e:
         48:4c:54:a6:23:4b:59:2b:65:77:62:f0:a3:d8:c8:1f:3d:cb:
         fa:68:f1:01:c3:91:db:ee:97:55:87:8c:f6:e2:f6:5d:7e:53:
         1b:21:7b:80:8e:2f:f7:55:89:4e:d3:87:9e:13:50:e6:cf:05:
         f2:08:c1:26:3b:c4:ce:97:e6:2d:b3:24:c4:1c:37:d4:35:ba:
         85:65:bc:33:fa:33:49:3a:75:5f:fd:c3:d4:1c:78:95:a9:c4:
         6f:f4:a2:44:a7:f0:89:05:08:81:8a:f1:52:92:8c:1f:01:7d:
         86:cd:22:9a:d7:e2:84:7d:f9:46:9e:88:bc:00:9c:ee:21:22:
         08:dc:27:9f:b9:a7:c7:5f:73:12:7e:1a:3e:45:75:c6:f9:fb:
         48:8d:ba:5f:71:c3:b6:e0:78:26:b7:77:09:6c:ac:e2:7f:1f:
         26:65:04:45:05:87:ed:af:3d:93:08:ea:16:6e:2a:48:f6:2d:
         44:02:16:7f:83:2e:f1:02:94:5c:7d:ba:ca:1e:da:da:d9:7a:
         57:07:95:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9gfJt3eURwWAAdx/MKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY4YTFhN2U5MTg0ODk0NTU0N2NjODIyNGRlZTQ1OTRkNDVjYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpSFWpd1PSTgXSFzuUQhENzAA5rj
0ql17whPuTeNU4JhJvkwq1hqRi7enh3A4qU2N0Iu4Gb04Xiu+IlN6D+O/VlKNVVk
YS93UoMLfC6jn1qCGYrSPdYi8eZIQgi5POFvdgzQqFzdPA1K/osxMoY9Aw2rHfEz
fKM+QI5CrR7P2K64Q0ZWZ0tR4Y1pPG3hqo2nh75w0zmguP5/ZjJ7DcmbQ3/ycRBw
9e3Hw0AjWhnO82/OlECe2Gd5ZXdLOyrZ2xXNtiVClxBn/4vzY1q1OOyzkxaByuY8
M+H3DhSe6PtlE1P/M6DwiCJC9NmDEBZfhTu415+RVBpSS3yg1tD2d6kzKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEL4oafpGEiUVUfMgiTe5FlNRcoSMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvUXZpaHAta1lTSlJWUjh5Q0pON2tXVTFGeWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD1
MA0GCSqGSIb3DQEBCwUAA4IBAQBdRGoyuOyI1gbVNcFfnRxmkGgdCJ6nP6hI4NyB
2eFXUgjDm35kM60Td0Dn1aQW7GIFCrQYsB5ITFSmI0tZK2V3YvCj2MgfPcv6aPEB
w5Hb7pdVh4z24vZdflMbIXuAji/3VYlO04eeE1DmzwXyCMEmO8TOl+YtsyTEHDfU
NbqFZbwz+jNJOnVf/cPUHHiVqcRv9KJEp/CJBQiBivFSkowfAX2GzSKa1+KEfflG
noi8AJzuISII3CefuafHX3MSfho+RXXG+ftIjbpfccO24Hgmt3cJbKzifx8mZQRF
BYftrz2TCOoWbipI9i1EAhZ/gy7xApRcfbrKHtra2XpXB5X6
-----END CERTIFICATE-----