Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/q2Z7ZgyzQBwnOnJASqxG_LYMQWo.roa
File:                     q2Z7ZgyzQBwnOnJASqxG_LYMQWo.roa (raw, json)
Hash identifier:          rHkvwWI5F2Oia2RkHV5TdhwHUF2/biQBUmrUnr8EOww=
Subject key identifier:   AB:66:7B:66:0C:B3:40:1C:27:3A:72:40:4A:AC:46:FC:B6:0C:41:6A
Certificate issuer:       /CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Certificate serial:       018CC493996F002F5C9BE2E682454C9B2798
Authority key identifier: C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/q2Z7ZgyzQBwnOnJASqxG_LYMQWo.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6279
IP address blocks:        2a03:5400:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:6f:00:2f:5c:9b:e2:e6:82:45:4c:9b:27:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8531ae2ce57c95f5a398930ea45503542801ba1
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab667b660cb3401c273a72404aac46fcb60c416a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b5:c8:a1:b9:35:7a:11:56:ab:4e:b0:e6:ce:
                    db:0c:f8:3d:1f:fc:15:06:91:71:d2:a9:35:f2:bc:
                    1f:f4:53:75:85:26:66:27:8f:36:cd:66:c5:70:36:
                    5d:6e:c2:a9:99:d9:dd:03:e8:bf:81:e5:7d:54:f7:
                    d9:2c:2e:40:14:12:8b:23:36:6c:99:f8:41:86:91:
                    89:b0:e2:39:97:4e:4c:a4:9d:f0:b3:9e:9f:f6:fe:
                    f8:91:db:4a:89:8b:dd:3f:de:fb:6c:c8:2a:28:6a:
                    3e:2d:b1:9b:97:98:84:25:55:a8:84:6d:42:8e:31:
                    be:0a:eb:6f:0f:69:4b:c4:be:78:61:46:af:43:ec:
                    62:f9:15:db:d2:f6:10:1d:f5:71:9a:cf:77:b1:ed:
                    7f:05:e2:99:2a:30:b7:7a:a4:75:91:e1:bc:78:ce:
                    b5:e9:fd:82:21:dc:65:50:13:12:90:ed:b0:37:ba:
                    c1:63:5d:4b:40:2e:e6:c5:8d:e4:06:7b:8c:e4:6e:
                    6b:96:a7:3e:f5:1d:5f:8e:c3:6b:b2:92:6e:4c:3b:
                    6d:12:80:7d:90:57:80:9e:04:0d:b7:c8:05:a6:e2:
                    e2:1f:7b:5b:bb:d1:d7:f9:94:bb:63:e8:58:58:c6:
                    3e:e2:2f:94:ed:0e:bd:b5:f7:91:76:30:5e:ba:63:
                    fb:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:66:7B:66:0C:B3:40:1C:27:3A:72:40:4A:AC:46:FC:B6:0C:41:6A
            X509v3 Authority Key Identifier:
                keyid:C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/q2Z7ZgyzQBwnOnJASqxG_LYMQWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5400:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:50:17:51:6e:d9:a6:c9:73:f8:f5:2e:d4:fb:e1:d4:60:ed:
         e0:88:98:2b:fb:09:4e:7d:9a:85:ff:f2:f6:fa:69:a2:b5:e1:
         e6:d3:b0:52:05:71:1d:e4:55:af:ab:06:74:cd:1a:40:cc:a6:
         65:ef:32:a0:89:75:a3:72:0e:11:89:e3:8c:91:2a:44:34:a5:
         06:17:84:f5:f2:a0:45:82:e3:ee:90:14:bb:27:35:21:51:b3:
         3e:93:32:73:3e:20:b5:6e:e0:b2:25:b0:8b:a8:89:59:72:ab:
         82:d9:14:23:55:2d:f5:11:da:05:86:83:91:4d:5b:32:af:8a:
         fa:82:d9:c6:1f:e2:c8:a2:dc:3f:43:02:cc:a4:b5:fc:5f:14:
         ea:e9:f1:53:64:d3:e1:9b:a1:bc:fd:42:a6:a2:c0:e5:63:5f:
         22:98:00:f7:dd:73:ad:da:6d:08:ff:33:80:f3:c8:96:fe:3a:
         28:ff:d4:6d:50:c5:76:31:33:5d:e1:aa:2b:b0:11:b2:27:0f:
         1a:7b:bb:a6:d2:48:9c:2e:a6:5e:e3:41:6b:be:22:79:85:22:
         27:8a:0e:4f:5a:82:d3:76:b5:70:00:62:b8:aa:3e:c5:30:90:
         60:00:d4:b1:ca:08:44:15:ff:8a:3d:ca:17:73:45:89:07:24:
         cb:83:9b:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk5lvAC9cm+LmgkVMmyeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTMxYWUyY2U1N2M5NWY1YTM5ODkzMGVhNDU1MDM1NDI4
MDFiYTEwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjY2N2I2NjBjYjM0MDFjMjczYTcyNDA0YWFjNDZmY2I2MGM0MTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLXIobk1ehFWq06w5s7bDPg9H/wV
BpFx0qk18rwf9FN1hSZmJ482zWbFcDZdbsKpmdndA+i/geV9VPfZLC5AFBKLIzZs
mfhBhpGJsOI5l05MpJ3ws56f9v74kdtKiYvdP977bMgqKGo+LbGbl5iEJVWohG1C
jjG+CutvD2lLxL54YUavQ+xi+RXb0vYQHfVxms93se1/BeKZKjC3eqR1keG8eM61
6f2CIdxlUBMSkO2wN7rBY11LQC7mxY3kBnuM5G5rlqc+9R1fjsNrspJuTDttEoB9
kFeAngQNt8gFpuLiH3tbu9HX+ZS7Y+hYWMY+4i+U7Q69tfeRdjBeumP7hQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKtme2YMs0AcJzpyQEqsRvy2DEFqMB8GA1UdIwQY
MBaAFMhTGuLOV8lfWjmJMOpFUDVCgBuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjkt
NDVkNTQyZDVmNTVmLzEvcTJaN1pneXpRQnduT25KQVNxeEdfTFlNUVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjktNDVkNTQyZDVmNTVm
LzEveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgNUAAEw
DQYJKoZIhvcNAQELBQADggEBACtQF1Fu2abJc/j1LtT74dRg7eCImCv7CU59moX/
8vb6aaK14ebTsFIFcR3kVa+rBnTNGkDMpmXvMqCJdaNyDhGJ44yRKkQ0pQYXhPXy
oEWC4+6QFLsnNSFRsz6TMnM+ILVu4LIlsIuoiVlyq4LZFCNVLfUR2gWGg5FNWzKv
ivqC2cYf4sii3D9DAsyktfxfFOrp8VNk0+Gbobz9QqaiwOVjXyKYAPfdc63abQj/
M4DzyJb+Oij/1G1QxXYxM13hqiuwEbInDxp7u6bSSJwupl7jQWu+InmFIieKDk9a
gtN2tXAAYriqPsUwkGAA1LHKCEQV/4o9yhdzRYkHJMuDm4I=
-----END CERTIFICATE-----