Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/QUq_as-wJbivzxLijTmqQSzAeeM.roa
File:                     QUq_as-wJbivzxLijTmqQSzAeeM.roa (raw, json)
Hash identifier:          Obggdbq+FXYocjRAbiQV6ufwU9548OHhlSGKsE0Fnq0=
Subject key identifier:   41:4A:BF:6A:CF:B0:25:B8:AF:CF:12:E2:8D:39:AA:41:2C:C0:79:E3
Certificate issuer:       /CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
Certificate serial:       019427B65E5E204936E7F1EEC5C2EA7BBFF3
Authority key identifier: FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/QUq_as-wJbivzxLijTmqQSzAeeM.roa
Signing time:             Thu 02 Jan 2025 15:50:50 +0000
ROA not before:           Thu 02 Jan 2025 15:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208753
IP address blocks:        2a10:ba87:feef::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:5e:5e:20:49:36:e7:f1:ee:c5:c2:ea:7b:bf:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
        Validity
            Not Before: Jan  2 15:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=414abf6acfb025b8afcf12e28d39aa412cc079e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d2:08:2a:f0:2f:c2:c3:06:ff:42:2f:e7:de:
                    0d:cf:6c:e8:78:cc:b4:20:36:ae:94:12:43:ea:47:
                    cd:f4:21:af:2d:0d:bf:88:5d:11:fc:2f:d9:8f:e6:
                    06:19:27:5f:fe:c2:ee:b3:80:ee:1e:da:a6:d3:fe:
                    b4:9f:85:b3:c3:b3:d2:99:6a:89:0d:8c:74:43:5f:
                    6b:c1:f6:c5:f5:89:98:db:e6:bf:08:6c:c9:c5:1f:
                    5d:aa:44:d1:70:4a:71:1c:39:5f:78:1e:85:6c:7e:
                    b9:0c:68:8b:6e:2d:81:ca:04:2c:02:3d:fa:be:43:
                    ba:39:3d:8f:a8:e9:60:b6:b7:12:1e:22:ca:30:d2:
                    c3:81:6d:6e:2a:36:46:04:28:ce:aa:3d:27:04:a9:
                    e8:f5:52:5c:13:0f:08:47:8c:ba:a4:7c:94:6b:92:
                    d6:e1:88:70:6a:b9:9a:83:b3:8d:f7:d4:d5:13:79:
                    a8:5b:05:b2:d9:27:9e:52:15:b5:90:fa:15:6c:d4:
                    24:75:0a:49:66:96:c6:d6:1a:fa:4f:dd:aa:b7:34:
                    77:f7:da:81:c9:b1:a1:c2:55:a4:dd:fa:fd:14:b8:
                    8f:ec:45:76:e9:0c:bb:03:21:1e:4f:ca:24:a9:02:
                    4b:5d:ce:4f:c1:ec:95:db:7a:ad:97:3b:00:72:a9:
                    a5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4A:BF:6A:CF:B0:25:B8:AF:CF:12:E2:8D:39:AA:41:2C:C0:79:E3
            X509v3 Authority Key Identifier:
                keyid:FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/QUq_as-wJbivzxLijTmqQSzAeeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ba87:feef::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:f6:33:a2:70:14:0b:31:79:2f:d3:50:18:00:8b:ef:35:b1:
         15:44:e9:0d:3e:f9:5d:48:0d:71:95:40:95:ca:c3:b9:4d:d2:
         b1:ce:06:b6:0c:cd:5f:2e:f8:ba:70:48:7e:4c:59:f1:14:5a:
         5c:c2:24:18:4e:89:a4:5e:40:bf:45:37:7b:54:7a:d1:2d:d9:
         e2:88:ae:87:21:de:11:ed:90:18:bd:78:83:70:a2:95:8c:a3:
         c8:2f:0a:bc:98:f6:4e:69:f8:fe:7b:82:dd:f9:1b:03:bc:e3:
         e2:2e:27:b7:c1:1e:a0:df:12:6e:a5:0b:73:ec:47:fd:fd:0f:
         0d:61:1f:d9:1a:40:4f:06:67:dc:13:2a:91:f2:95:57:70:42:
         19:b0:55:96:46:f5:45:6c:ae:f9:98:66:92:70:62:94:6a:a1:
         f4:5f:5d:4b:93:00:a9:42:67:ed:6f:cf:e0:27:06:a7:d8:56:
         d5:18:9e:4b:7e:13:9b:a0:4c:cf:29:e9:b9:d9:9c:9e:85:04:
         2a:1e:b5:ae:01:41:b2:6d:f2:91:bc:10:bd:18:0b:f8:c7:b1:
         86:9d:ff:5c:c0:ed:4a:89:d3:d8:4b:51:23:10:42:f6:a9:ac:
         88:bf:d2:f8:94:72:8f:00:a2:63:af:99:54:5f:4d:85:49:78:
         eb:d3:8a:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntl5eIEk25/HuxcLqe7/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjFjYjRiYWExNTg2MmQxYjU3NzNiZjJiZTYwY2E1ZjRm
YzI0ZDQwHhcNMjUwMTAyMTU1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTRhYmY2YWNmYjAyNWI4YWZjZjEyZTI4ZDM5YWE0MTJjYzA3OWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdIIKvAvwsMG/0Iv594Nz2zoeMy0
IDaulBJD6kfN9CGvLQ2/iF0R/C/Zj+YGGSdf/sLus4DuHtqm0/60n4Wzw7PSmWqJ
DYx0Q19rwfbF9YmY2+a/CGzJxR9dqkTRcEpxHDlfeB6FbH65DGiLbi2BygQsAj36
vkO6OT2PqOlgtrcSHiLKMNLDgW1uKjZGBCjOqj0nBKno9VJcEw8IR4y6pHyUa5LW
4Yhwarmag7ON99TVE3moWwWy2SeeUhW1kPoVbNQkdQpJZpbG1hr6T92qtzR399qB
ybGhwlWk3fr9FLiP7EV26Qy7AyEeT8okqQJLXc5PweyV23qtlzsAcqmlEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEFKv2rPsCW4r88S4o05qkEswHnjMB8GA1UdIwQY
MBaAFP0hy0uqFYYtG1dzvyvmDKX0/CTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUt
YmU1NTIwYTVjODIxLzEvUVVxX2FzLXdKYml2enhMaWpUbXFRU3pBZWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUtYmU1NTIwYTVjODIx
LzEvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhC6h/7v
MA0GCSqGSIb3DQEBCwUAA4IBAQBy9jOicBQLMXkv01AYAIvvNbEVROkNPvldSA1x
lUCVysO5TdKxzga2DM1fLvi6cEh+TFnxFFpcwiQYTomkXkC/RTd7VHrRLdniiK6H
Id4R7ZAYvXiDcKKVjKPILwq8mPZOafj+e4Ld+RsDvOPiLie3wR6g3xJupQtz7Ef9
/Q8NYR/ZGkBPBmfcEyqR8pVXcEIZsFWWRvVFbK75mGaScGKUaqH0X11LkwCpQmft
b8/gJwan2FbVGJ5LfhOboEzPKem52ZyehQQqHrWuAUGybfKRvBC9GAv4x7GGnf9c
wO1KidPYS1EjEEL2qayIv9L4lHKPAKJjr5lUX02FSXjr04pA
-----END CERTIFICATE-----