Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/qpOQeaaO2wrckprtC_QyimdXGWQ.roa
File:                     qpOQeaaO2wrckprtC_QyimdXGWQ.roa (raw, json)
Hash identifier:          gCrzvnVgfzxZ816SsSfDQbDJoVOmn+FZGW06pq38jCE=
Subject key identifier:   AA:93:90:79:A6:8E:DB:0A:DC:92:9A:ED:0B:F4:32:8A:67:57:19:64
Certificate issuer:       /CN=ed5a6ba2d2248bc4782ac0fdb3c64b946640b09c
Certificate serial:       018CC7276EED1EB6178C6CDD65A9C0C357F5
Authority key identifier: ED:5A:6B:A2:D2:24:8B:C4:78:2A:C0:FD:B3:C6:4B:94:66:40:B0:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7VprotIki8R4KsD9s8ZLlGZAsJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/qpOQeaaO2wrckprtC_QyimdXGWQ.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210883
IP address blocks:        2a11:4280::/29 maxlen: 128
                          2a07:1c40::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/7VprotIki8R4KsD9s8ZLlGZAsJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/7VprotIki8R4KsD9s8ZLlGZAsJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7VprotIki8R4KsD9s8ZLlGZAsJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6e:ed:1e:b6:17:8c:6c:dd:65:a9:c0:c3:57:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed5a6ba2d2248bc4782ac0fdb3c64b946640b09c
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa939079a68edb0adc929aed0bf4328a67571964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:40:52:72:20:63:37:eb:e5:6e:c0:d5:14:87:
                    f2:c0:05:f0:41:62:f6:8d:7b:bb:5d:49:74:d0:bc:
                    04:31:f4:11:9a:70:c0:14:7a:1d:44:58:92:29:4f:
                    c3:52:ed:12:17:bc:dd:d5:1c:3e:cc:77:21:d8:49:
                    99:8b:e7:c8:c6:6f:d3:06:ea:ee:24:38:7d:5b:eb:
                    0e:2f:9d:df:3b:dd:2a:20:01:7d:7b:ef:11:fd:9d:
                    36:ce:b7:b3:b4:0d:b8:d9:0e:df:5c:7e:8a:e4:9d:
                    7a:7b:7c:2f:3f:29:d4:f5:1c:bb:8d:9d:50:8a:e8:
                    3c:f0:a8:0e:f1:4a:10:e3:dc:14:90:3c:3e:16:65:
                    2e:ee:8c:c4:7e:8b:d1:ab:a8:b1:de:07:b7:2f:b4:
                    4a:95:c4:b8:1f:70:05:e9:bb:1e:97:a5:e7:75:62:
                    85:68:ee:09:40:cd:3a:f6:42:15:09:03:fc:76:96:
                    63:81:ae:a2:2f:61:9c:3e:34:b0:2d:80:3a:ec:c8:
                    91:1d:78:85:00:c2:c8:c2:cd:93:0e:b0:37:8f:42:
                    09:11:04:e8:a9:b3:bb:62:34:16:d7:88:de:f9:b0:
                    e4:91:11:2c:b8:b4:8e:01:ef:dc:6e:6b:4b:3a:a5:
                    5b:6f:a5:e8:f3:8f:f4:71:92:6f:00:34:3c:fe:d0:
                    1c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:93:90:79:A6:8E:DB:0A:DC:92:9A:ED:0B:F4:32:8A:67:57:19:64
            X509v3 Authority Key Identifier:
                keyid:ED:5A:6B:A2:D2:24:8B:C4:78:2A:C0:FD:B3:C6:4B:94:66:40:B0:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7VprotIki8R4KsD9s8ZLlGZAsJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/qpOQeaaO2wrckprtC_QyimdXGWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/b278df-ed37-4de7-a675-107a8d85bd30/1/7VprotIki8R4KsD9s8ZLlGZAsJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:1c40::/29
                  2a11:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:bb:d9:f4:ba:72:8c:3a:18:81:a2:82:88:9f:45:1e:14:d5:
         43:be:5d:fd:73:b6:dc:0a:0a:84:35:f7:f6:af:40:f7:c2:9b:
         7d:ab:f5:57:44:e0:f1:ee:4a:97:91:79:ce:d9:43:13:4f:11:
         26:83:a7:21:d6:94:70:8f:e8:ca:3e:08:66:b6:c4:3e:75:81:
         3d:99:57:99:79:a7:59:d4:7c:12:08:83:6c:8a:08:71:2b:10:
         e5:ad:37:4c:f6:f9:98:bc:f3:e5:19:25:3a:a5:ba:02:bb:44:
         6f:80:2b:7f:67:eb:55:5f:97:d6:81:73:c5:8b:1e:01:dc:89:
         7c:24:d9:f9:c5:32:74:d0:72:eb:df:ed:6a:95:e5:09:50:76:
         ee:ad:78:28:c7:d5:2e:a2:d6:05:95:59:34:e0:c6:61:f2:a4:
         11:7f:f6:53:90:42:49:93:5f:8b:51:59:4f:44:3c:f8:65:b3:
         e6:d8:03:1c:76:ac:1b:fa:92:8c:f3:61:c5:3c:e3:07:d4:ad:
         2c:a7:f1:16:06:e1:48:51:be:dd:2d:fc:ee:ad:7d:ca:37:99:
         18:b4:91:d2:be:a2:1d:2d:63:ff:70:40:8e:df:50:1a:a1:ec:
         85:a8:0a:f3:34:e0:69:ec:b8:6a:96:b9:0e:f7:2c:46:0d:4b:
         88:76:02:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJ27tHrYXjGzdZanAw1f1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNWE2YmEyZDIyNDhiYzQ3ODJhYzBmZGIzYzY0Yjk0NjY0
MGIwOWMwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTkzOTA3OWE2OGVkYjBhZGM5MjlhZWQwYmY0MzI4YTY3NTcxOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEBSciBjN+vlbsDVFIfywAXwQWL2
jXu7XUl00LwEMfQRmnDAFHodRFiSKU/DUu0SF7zd1Rw+zHch2EmZi+fIxm/TBuru
JDh9W+sOL53fO90qIAF9e+8R/Z02zreztA242Q7fXH6K5J16e3wvPynU9Ry7jZ1Q
iug88KgO8UoQ49wUkDw+FmUu7ozEfovRq6ix3ge3L7RKlcS4H3AF6bsel6XndWKF
aO4JQM069kIVCQP8dpZjga6iL2GcPjSwLYA67MiRHXiFAMLIws2TDrA3j0IJEQTo
qbO7YjQW14je+bDkkREsuLSOAe/cbmtLOqVbb6Xo84/0cZJvADQ8/tAchQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKqTkHmmjtsK3JKa7Qv0MopnVxlkMB8GA1UdIwQY
MBaAFO1aa6LSJIvEeCrA/bPGS5RmQLCcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1Zwcm90SWtpOFI0S3NEOXM4WkxsR1pBc0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iMjc4ZGYtZWQzNy00ZGU3LWE2NzUt
MTA3YThkODViZDMwLzEvcXBPUWVhYU8yd3Jja3BydENfUXlpbWRYR1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iMjc4ZGYtZWQzNy00ZGU3LWE2NzUtMTA3YThkODViZDMw
LzEvN1Zwcm90SWtpOFI0S3NEOXM4WkxsR1pBc0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgccQAMF
AyoRQoAwDQYJKoZIhvcNAQELBQADggEBAEW72fS6cow6GIGigoifRR4U1UO+Xf1z
ttwKCoQ19/avQPfCm32r9VdE4PHuSpeRec7ZQxNPESaDpyHWlHCP6Mo+CGa2xD51
gT2ZV5l5p1nUfBIIg2yKCHErEOWtN0z2+Zi88+UZJTqlugK7RG+AK39n61Vfl9aB
c8WLHgHciXwk2fnFMnTQcuvf7WqV5QlQdu6teCjH1S6i1gWVWTTgxmHypBF/9lOQ
QkmTX4tRWU9EPPhls+bYAxx2rBv6kozzYcU84wfUrSyn8RYG4UhRvt0t/O6tfco3
mRi0kdK+oh0tY/9wQI7fUBqh7IWoCvM04GnsuGqWuQ73LEYNS4h2Ajo=
-----END CERTIFICATE-----