Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/QGRgLRodPyiJHGFOAjP2AzGm8lk.roa
File:                     QGRgLRodPyiJHGFOAjP2AzGm8lk.roa (raw, json)
Hash identifier:          yrixluZBaVdD8PDYUre/+PjjSE8Vru4TCWBPFArE5SU=
Subject key identifier:   40:64:60:2D:1A:1D:3F:28:89:1C:61:4E:02:33:F6:03:31:A6:F2:59
Certificate issuer:       /CN=4d3c5f0aa141011ce2dbf18ccceaac8d23a80253
Certificate serial:       01922F07202608B4D335BE7794ABF479F630
Authority key identifier: 4D:3C:5F:0A:A1:41:01:1C:E2:DB:F1:8C:CC:EA:AC:8D:23:A8:02:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/QGRgLRodPyiJHGFOAjP2AzGm8lk.roa
Signing time:             Thu 26 Sep 2024 15:50:48 +0000
ROA not before:           Thu 26 Sep 2024 15:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8821
IP address blocks:        2a03:62a0:4101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2f:07:20:26:08:b4:d3:35:be:77:94:ab:f4:79:f6:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d3c5f0aa141011ce2dbf18ccceaac8d23a80253
        Validity
            Not Before: Sep 26 15:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4064602d1a1d3f28891c614e0233f60331a6f259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cc:27:ad:cb:e1:aa:e1:1f:89:4d:f8:7c:df:
                    81:c6:80:d8:fb:fc:b9:37:83:f8:de:06:2a:1a:a8:
                    0d:b9:09:3e:b3:64:e4:e1:5b:b8:db:67:4b:8b:5c:
                    36:65:51:32:6d:be:b7:21:2d:c6:91:72:25:ea:b8:
                    2d:7e:32:9d:63:2b:f1:32:4a:2e:63:07:0b:fc:67:
                    97:ce:18:5c:2b:ef:55:c1:13:bf:89:1e:94:86:ae:
                    09:a5:73:c4:3c:a0:04:72:88:05:43:88:56:59:bd:
                    24:1e:82:37:c6:28:eb:a7:e0:07:56:5f:ff:72:22:
                    d8:d2:26:f1:11:e5:7c:45:18:d7:56:37:ff:c6:e3:
                    8f:57:dc:67:1b:9c:bc:32:6a:88:77:b1:f7:f7:0d:
                    f3:58:5a:3f:68:bf:33:aa:af:ef:7e:c7:9c:36:71:
                    82:75:ab:bf:cd:7d:18:fb:55:9f:af:e8:8e:36:69:
                    47:39:bc:78:9b:ba:44:b8:14:f3:a8:02:db:17:b2:
                    60:47:ec:ea:ea:49:3a:c7:a8:6c:cd:4e:2e:18:fc:
                    46:e7:eb:7e:b3:06:ac:f6:96:56:e4:e5:c3:e8:64:
                    e7:09:ad:33:08:5a:b1:18:35:2a:a5:83:41:a1:c8:
                    e8:f7:67:27:9c:20:3d:a7:da:f1:60:9c:6d:d3:a0:
                    57:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:64:60:2D:1A:1D:3F:28:89:1C:61:4E:02:33:F6:03:31:A6:F2:59
            X509v3 Authority Key Identifier:
                keyid:4D:3C:5F:0A:A1:41:01:1C:E2:DB:F1:8C:CC:EA:AC:8D:23:A8:02:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/QGRgLRodPyiJHGFOAjP2AzGm8lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:62a0:4101::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:0a:41:b7:1b:8d:25:09:85:73:db:cf:b9:58:c1:51:9c:39:
         2f:19:c9:cf:5b:f5:e7:dd:8d:a8:d4:ac:8a:3b:47:14:6a:f7:
         0d:71:54:53:87:5a:17:59:0e:e9:c5:83:63:e0:56:05:b9:12:
         90:2b:19:f6:52:fe:2d:4e:7a:ab:8a:2d:83:8a:62:72:94:ed:
         b1:91:02:51:79:12:51:b9:7e:e7:8a:d0:76:be:93:a6:a8:99:
         f9:aa:4a:82:8b:80:97:8a:26:d3:27:ae:8d:d9:7b:0c:ca:96:
         35:ee:d7:f4:e1:43:92:58:94:49:69:ce:09:87:01:9e:0c:55:
         f2:be:3f:2a:66:a4:85:67:d5:93:0c:f1:1c:30:32:f4:ff:01:
         04:13:bd:bf:0e:3e:58:37:f1:db:d6:39:9c:e4:48:47:4d:81:
         70:e5:11:9b:19:9b:97:4e:bc:d0:8e:5f:33:1f:27:f4:b9:3c:
         d2:9e:77:20:b6:95:2e:f6:83:78:07:c3:db:19:81:eb:ec:cc:
         77:5f:47:f0:c8:70:b3:03:37:88:80:b5:71:67:c4:9e:2f:2c:
         de:26:e8:84:0c:5a:c4:e7:f4:b6:88:9e:95:6b:6d:3c:1a:0c:
         54:1a:45:9d:78:99:b7:95:41:50:17:f5:70:91:79:0c:7d:ce:
         10:96:3c:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIvByAmCLTTNb53lKv0efYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkM2M1ZjBhYTE0MTAxMWNlMmRiZjE4Y2NjZWFhYzhkMjNh
ODAyNTMwHhcNMjQwOTI2MTU1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDY0NjAyZDFhMWQzZjI4ODkxYzYxNGUwMjMzZjYwMzMxYTZmMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicwnrcvhquEfiU34fN+BxoDY+/y5
N4P43gYqGqgNuQk+s2Tk4Vu422dLi1w2ZVEybb63IS3GkXIl6rgtfjKdYyvxMkou
YwcL/GeXzhhcK+9VwRO/iR6Uhq4JpXPEPKAEcogFQ4hWWb0kHoI3xijrp+AHVl//
ciLY0ibxEeV8RRjXVjf/xuOPV9xnG5y8MmqId7H39w3zWFo/aL8zqq/vfsecNnGC
dau/zX0Y+1Wfr+iONmlHObx4m7pEuBTzqALbF7JgR+zq6kk6x6hszU4uGPxG5+t+
swas9pZW5OXD6GTnCa0zCFqxGDUqpYNBocjo92cnnCA9p9rxYJxt06BXzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEBkYC0aHT8oiRxhTgIz9gMxpvJZMB8GA1UdIwQY
MBaAFE08XwqhQQEc4tvxjMzqrI0jqAJTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFR4ZkNxRkJBUnppMl9HTXpPcXNqU09vQWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yZDA2N2MtZGY3Mi00MDQwLWJjNDMt
MTkzOTdmYzc2ZmVjLzEvUUdSZ0xSb2RQeWlKSEdGT0FqUDJBekdtOGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yZDA2N2MtZGY3Mi00MDQwLWJjNDMtMTkzOTdmYzc2ZmVj
LzEvVFR4ZkNxRkJBUnppMl9HTXpPcXNqU09vQWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNioEEB
MA0GCSqGSIb3DQEBCwUAA4IBAQAMCkG3G40lCYVz28+5WMFRnDkvGcnPW/Xn3Y2o
1KyKO0cUavcNcVRTh1oXWQ7pxYNj4FYFuRKQKxn2Uv4tTnqrii2DimJylO2xkQJR
eRJRuX7nitB2vpOmqJn5qkqCi4CXiibTJ66N2XsMypY17tf04UOSWJRJac4JhwGe
DFXyvj8qZqSFZ9WTDPEcMDL0/wEEE72/Dj5YN/Hb1jmc5EhHTYFw5RGbGZuXTrzQ
jl8zHyf0uTzSnncgtpUu9oN4B8PbGYHr7Mx3X0fwyHCzAzeIgLVxZ8SeLyzeJuiE
DFrE5/S2iJ6Va208GgxUGkWdeJm3lUFQF/VwkXkMfc4Qljyv
-----END CERTIFICATE-----