Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Qc7EtjyFO9hYwzYz6gKfXKkVeWI.roa
File:                     Qc7EtjyFO9hYwzYz6gKfXKkVeWI.roa (raw, json)
Hash identifier:          iLP8hd45buhMuXFl4GdCIvE1JfUI6vyoPkzrrSPtQdI=
Subject key identifier:   41:CE:C4:B6:3C:85:3B:D8:58:C3:36:33:EA:02:9F:5C:A9:15:79:62
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018CC5DC2ED01733DB6A5EC1D5F1ADB504C9
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Qc7EtjyFO9hYwzYz6gKfXKkVeWI.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26042
IP address blocks:        2a09:da00::/32 maxlen: 32
                          2a0d:e841::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2e:d0:17:33:db:6a:5e:c1:d5:f1:ad:b5:04:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41cec4b63c853bd858c33633ea029f5ca9157962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:43:f5:6a:64:e0:58:78:c5:c6:f0:9e:cb:62:
                    de:4e:17:c3:c6:f5:28:63:2e:59:ce:ca:a3:d4:4e:
                    fe:10:07:46:10:92:75:f3:89:5b:e6:84:a7:95:69:
                    b6:ba:ee:d3:0d:bf:94:d1:f7:d2:27:89:0c:eb:2c:
                    d6:62:a4:73:49:2f:61:f7:78:e5:6d:de:ca:37:64:
                    94:e6:80:1a:9a:32:28:29:c1:fb:c6:02:d4:6e:45:
                    c0:26:91:3f:07:56:2e:d5:b0:02:68:b7:22:59:0f:
                    0c:2c:b6:6f:34:9c:72:20:6d:3e:09:35:7d:21:da:
                    c5:86:0d:32:d2:0e:47:b0:09:8b:07:50:f2:23:29:
                    87:d5:8a:34:37:d6:42:2f:94:77:bc:c0:23:a8:70:
                    44:d6:33:1d:93:d4:38:d7:47:b6:b7:40:38:1a:33:
                    e5:1f:72:0d:db:8d:bf:88:e6:fa:5a:6b:ab:ce:0f:
                    48:98:f0:37:99:61:6b:b8:9d:8f:80:59:e4:5e:5e:
                    18:0f:28:92:f6:ed:15:35:d3:c5:e8:e5:55:19:b7:
                    2c:a5:a6:2f:2c:35:e1:8d:95:82:7e:03:e3:8c:74:
                    ba:0d:df:97:4b:bf:43:21:27:e5:7b:9a:65:dc:2c:
                    06:f4:9b:14:fa:53:89:4a:94:c7:60:25:61:43:3d:
                    52:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CE:C4:B6:3C:85:3B:D8:58:C3:36:33:EA:02:9F:5C:A9:15:79:62
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Qc7EtjyFO9hYwzYz6gKfXKkVeWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:da00::/32
                  2a0d:e841::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:71:29:b7:a5:bc:4f:f6:69:4c:50:e3:34:99:f6:1a:3e:c4:
         bb:c3:ec:ef:ae:78:05:37:87:37:cc:73:ab:da:51:a9:8d:7c:
         2e:4e:c1:fa:d4:5f:91:f4:8a:73:d8:58:98:15:4b:aa:88:88:
         ca:d4:01:e0:17:5f:76:bf:5e:fb:83:6a:e7:09:c1:34:63:d9:
         ca:39:1e:3e:e0:97:de:da:55:66:2d:9f:56:73:ed:36:7f:46:
         c6:66:0e:c3:4a:7b:85:18:f5:4a:80:69:ba:4e:58:e8:b9:c4:
         34:b8:f8:50:aa:da:be:00:f9:d1:66:11:98:f2:d1:4e:43:e9:
         eb:12:8e:89:4c:f7:c3:97:8b:35:3a:57:9b:41:57:4a:e5:44:
         d2:72:aa:85:97:11:f2:dd:d0:b1:57:bf:20:27:6e:7d:89:05:
         da:6e:4d:5f:a6:1d:47:70:b6:fd:ee:2b:ab:bc:f3:84:66:09:
         b6:9a:cd:d9:ef:2c:0f:5f:5b:c5:9f:ec:a9:59:a5:00:2d:6e:
         45:06:b2:7e:11:89:2d:2e:e8:7f:54:4f:0f:4a:8b:ea:4d:b7:
         95:ff:73:7b:95:7c:9a:d1:0e:b2:85:ab:6c:d2:6e:5f:18:e8:
         40:02:9b:bf:c0:0f:16:b0:d9:df:17:a2:a9:fb:e8:3d:63:7d:
         77:c4:d4:bb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3C7QFzPbal7B1fGttQTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNlYzRiNjNjODUzYmQ4NThjMzM2MzNlYTAyOWY1Y2E5MTU3OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0P1amTgWHjFxvCey2LeThfDxvUo
Yy5Zzsqj1E7+EAdGEJJ184lb5oSnlWm2uu7TDb+U0ffSJ4kM6yzWYqRzSS9h93jl
bd7KN2SU5oAamjIoKcH7xgLUbkXAJpE/B1Yu1bACaLciWQ8MLLZvNJxyIG0+CTV9
IdrFhg0y0g5HsAmLB1DyIymH1Yo0N9ZCL5R3vMAjqHBE1jMdk9Q410e2t0A4GjPl
H3IN242/iOb6Wmurzg9ImPA3mWFruJ2PgFnkXl4YDyiS9u0VNdPF6OVVGbcspaYv
LDXhjZWCfgPjjHS6Dd+XS79DISfle5pl3CwG9JsU+lOJSpTHYCVhQz1SEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEHOxLY8hTvYWMM2M+oCn1ypFXliMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvUWM3RXRqeUZPOWhZd3pZejZnS2ZYS2tWZVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgnaAAMF
ACoN6EEwDQYJKoZIhvcNAQELBQADggEBAF1xKbelvE/2aUxQ4zSZ9ho+xLvD7O+u
eAU3hzfMc6vaUamNfC5OwfrUX5H0inPYWJgVS6qIiMrUAeAXX3a/XvuDaucJwTRj
2co5Hj7gl97aVWYtn1Zz7TZ/RsZmDsNKe4UY9UqAabpOWOi5xDS4+FCq2r4A+dFm
EZjy0U5D6esSjolM98OXizU6V5tBV0rlRNJyqoWXEfLd0LFXvyAnbn2JBdpuTV+m
HUdwtv3uK6u884RmCbaazdnvLA9fW8Wf7KlZpQAtbkUGsn4RiS0u6H9UTw9Ki+pN
t5X/c3uVfJrRDrKFq2zSbl8Y6EACm7/ADxaw2d8Xoqn76D1jfXfE1Ls=
-----END CERTIFICATE-----