Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/MQ39IPfEelBOnDG6aYZeNKf9Lxs.roa
File:                     MQ39IPfEelBOnDG6aYZeNKf9Lxs.roa (raw, json)
Hash identifier:          N+f/5SzvWuyNRG6aasKVZcjox4wa/5q3jlSxcJ3t7Lw=
Subject key identifier:   31:0D:FD:20:F7:C4:7A:50:4E:9C:31:BA:69:86:5E:34:A7:FD:2F:1B
Certificate issuer:       /CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
Certificate serial:       018CC8022BD09A447CB7B75FD191C20448D4
Authority key identifier: 57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/MQ39IPfEelBOnDG6aYZeNKf9Lxs.roa
Signing time:             Tue 02 Jan 2024 02:30:34 +0000
ROA not before:           Tue 02 Jan 2024 02:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203701
IP address blocks:        2a09:e200:40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:2b:d0:9a:44:7c:b7:b7:5f:d1:91:c2:04:48:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
        Validity
            Not Before: Jan  2 02:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=310dfd20f7c47a504e9c31ba69865e34a7fd2f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d2:9c:4f:09:e1:b7:b3:c3:44:c4:9c:38:a7:
                    1a:cf:c2:09:71:00:71:fd:05:87:9b:54:93:7d:e2:
                    39:7b:22:dc:51:61:20:36:aa:79:e2:bd:96:6a:2c:
                    70:51:bd:13:37:5a:83:b9:f9:6e:90:d0:b7:eb:37:
                    77:c9:76:f5:09:58:79:2d:c1:10:37:cb:cd:1c:3f:
                    45:ff:a1:08:e0:0a:2b:2e:38:63:d9:f9:12:d8:ce:
                    15:b9:0d:e6:af:8d:eb:1c:e5:c6:d9:ce:77:e7:c4:
                    d3:c9:c2:89:ba:69:ad:9e:fc:93:33:5c:fe:f5:57:
                    9f:c0:90:da:9e:06:30:41:79:62:ad:68:98:98:f2:
                    5a:83:e8:c2:65:12:13:62:a5:24:c4:fc:4b:75:ee:
                    b4:be:a4:1e:ff:4d:ec:61:bb:8b:31:e7:73:13:62:
                    f8:a9:89:92:2b:02:1f:71:a3:5c:c4:f6:05:d2:7c:
                    c1:46:3a:59:8e:f5:31:3f:ed:c1:54:01:a1:c1:df:
                    42:86:7c:c0:3d:50:b3:ea:1e:3f:bb:8f:eb:26:79:
                    64:10:00:a5:6f:7f:4d:07:a7:e8:96:74:68:43:d4:
                    88:01:c6:80:60:a3:04:2a:25:97:c6:b5:ea:4a:89:
                    e5:f5:d1:48:b7:d9:4a:4a:a2:ae:80:d8:64:93:6c:
                    39:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0D:FD:20:F7:C4:7A:50:4E:9C:31:BA:69:86:5E:34:A7:FD:2F:1B
            X509v3 Authority Key Identifier:
                keyid:57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/MQ39IPfEelBOnDG6aYZeNKf9Lxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e200:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:4a:ba:83:af:af:aa:8c:ec:5e:b1:10:82:8a:92:45:e1:ad:
         bc:3b:93:ed:d9:4f:ef:6f:b5:52:a6:32:c6:77:62:9a:b3:65:
         f8:30:89:15:ba:38:64:08:fc:b6:0a:ab:4d:bf:92:dd:d7:c8:
         1d:83:ce:87:03:ef:c8:2d:e9:91:a6:b3:18:f4:35:87:64:01:
         60:ae:47:97:0a:7a:f9:c0:bb:e4:be:95:42:69:48:c3:81:15:
         ac:d6:8d:95:71:c5:25:e6:60:3e:3a:a2:90:64:df:c2:8c:dc:
         dc:69:de:26:94:81:82:6b:c4:83:9d:ed:6d:de:62:10:07:62:
         43:22:90:40:ba:97:59:28:a8:93:df:95:84:ea:c5:d5:ee:84:
         1e:d7:bc:c2:43:aa:7d:d4:6a:9f:42:f3:55:c4:13:90:a2:d8:
         96:a7:42:06:db:55:f4:7b:41:20:43:43:82:8c:a6:1d:e3:1d:
         59:90:9a:ea:df:54:a1:42:36:65:1e:bc:8d:db:45:ae:00:ca:
         ab:59:ff:26:f2:51:83:c0:83:81:c5:73:2a:c6:f5:83:b1:f0:
         e5:f7:e4:cb:d1:77:c0:35:02:6c:db:e5:b2:e9:d4:52:b7:e3:
         ae:61:51:99:af:0f:41:53:60:dd:35:50:e6:ef:22:8f:a0:07:
         96:07:b8:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAivQmkR8t7df0ZHCBEjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OWFkZTlmZWFlZGM0MDZkZjVlMTFiY2VmMDM5M2NkNWU5
ZmQwZGQwHhcNMjQwMTAyMDIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBkZmQyMGY3YzQ3YTUwNGU5YzMxYmE2OTg2NWUzNGE3ZmQyZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9KcTwnht7PDRMScOKcaz8IJcQBx
/QWHm1STfeI5eyLcUWEgNqp54r2WaixwUb0TN1qDuflukNC36zd3yXb1CVh5LcEQ
N8vNHD9F/6EI4AorLjhj2fkS2M4VuQ3mr43rHOXG2c5358TTycKJummtnvyTM1z+
9VefwJDangYwQXlirWiYmPJag+jCZRITYqUkxPxLde60vqQe/03sYbuLMedzE2L4
qYmSKwIfcaNcxPYF0nzBRjpZjvUxP+3BVAGhwd9ChnzAPVCz6h4/u4/rJnlkEACl
b39NB6folnRoQ9SIAcaAYKMEKiWXxrXqSonl9dFIt9lKSqKugNhkk2w5ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDEN/SD3xHpQTpwxummGXjSn/S8bMB8GA1UdIwQY
MBaAFFea3p/q7cQG314RvO8Dk81en9DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmIt
MjA4ZWYzMmMwMjAyLzEvTVEzOUlQZkVlbEJPbkRHNmFZWmVOS2Y5THhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmItMjA4ZWYzMmMwMjAy
LzEvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgniAABA
MA0GCSqGSIb3DQEBCwUAA4IBAQBwSrqDr6+qjOxesRCCipJF4a28O5Pt2U/vb7VS
pjLGd2Kas2X4MIkVujhkCPy2CqtNv5Ld18gdg86HA+/ILemRprMY9DWHZAFgrkeX
Cnr5wLvkvpVCaUjDgRWs1o2VccUl5mA+OqKQZN/CjNzcad4mlIGCa8SDne1t3mIQ
B2JDIpBAupdZKKiT35WE6sXV7oQe17zCQ6p91GqfQvNVxBOQotiWp0IG21X0e0Eg
Q0OCjKYd4x1ZkJrq31ShQjZlHryN20WuAMqrWf8m8lGDwIOBxXMqxvWDsfDl9+TL
0XfANQJs2+Wy6dRSt+OuYVGZrw9BU2DdNVDm7yKPoAeWB7jc
-----END CERTIFICATE-----