Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DqCqDJYVWeNEU8uvtBnd44bah3o.roa
File:                     DqCqDJYVWeNEU8uvtBnd44bah3o.roa (raw, json)
Hash identifier:          cwDXvD7pgfwaTfE6xUf+Y7JKXSqnFw71yOuOSjsqWt0=
Subject key identifier:   0E:A0:AA:0C:96:15:59:E3:44:53:CB:AF:B4:19:DD:E3:86:DA:87:7A
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       01942827168CB80275B2876920C611F06240
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DqCqDJYVWeNEU8uvtBnd44bah3o.roa
Signing time:             Thu 02 Jan 2025 17:53:57 +0000
ROA not before:           Thu 02 Jan 2025 17:53:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141483
IP address blocks:        2a0e:46c4:1800::/48 maxlen: 48
                          2a0e:46c4:1801::/48 maxlen: 48
                          2a0e:46c4:1802::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:16:8c:b8:02:75:b2:87:69:20:c6:11:f0:62:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ea0aa0c961559e34453cbafb419dde386da877a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:42:b8:ac:8b:78:3d:c1:c2:32:9d:7e:19:14:
                    28:76:7f:a4:4c:16:e3:0a:75:5f:0e:7f:a4:40:3d:
                    14:5f:52:f0:9d:5d:70:1e:d2:d4:0d:c5:8e:ba:47:
                    56:76:6f:8f:f5:dd:f1:95:d7:6b:0e:72:41:f3:8b:
                    b5:1d:58:39:74:09:27:5d:88:92:2c:3e:6e:00:e1:
                    05:14:a5:89:95:ab:f4:49:ac:88:6f:9a:15:0c:83:
                    6f:29:da:03:82:ca:17:20:8d:d0:c9:11:96:9c:e7:
                    45:b0:2a:e3:33:b0:d1:0e:09:7f:65:17:f5:7d:4b:
                    4c:13:6a:dc:e1:26:cb:f3:cf:b1:e8:7c:7c:d3:ea:
                    c2:3f:7b:ef:de:8b:eb:46:99:cb:ac:c5:87:56:63:
                    9d:63:1e:9d:4a:bb:a3:83:ab:9c:86:78:79:42:de:
                    9b:3c:ac:0b:4a:11:1e:d2:52:c0:91:02:9b:6b:d4:
                    b8:13:3d:44:73:33:89:c3:9f:af:22:ed:87:e7:9c:
                    5d:34:5e:fa:bf:af:5c:d1:e7:c8:2b:a1:cc:1c:66:
                    6e:43:9d:18:bf:04:c2:bb:45:fd:ee:0b:70:08:e8:
                    cb:e5:a3:b8:06:0c:ae:b2:9f:ff:91:12:f6:2f:84:
                    89:92:61:47:01:f7:c5:53:c2:7a:05:7a:e8:52:bb:
                    88:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A0:AA:0C:96:15:59:E3:44:53:CB:AF:B4:19:DD:E3:86:DA:87:7A
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/DqCqDJYVWeNEU8uvtBnd44bah3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:1800::-2a0e:46c4:1802:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         27:16:71:0c:97:7b:ba:f1:4b:a3:4c:4b:bc:86:35:05:8f:a4:
         6d:a7:22:33:ad:0b:4b:cb:df:e2:d9:ef:5b:b4:0d:e1:bd:93:
         38:b5:df:78:fe:d1:3e:52:c5:28:e7:3f:95:74:2d:58:5e:74:
         f3:7e:53:ac:68:69:a0:41:57:ef:bb:ee:8d:4f:2d:3e:af:c7:
         0c:85:5e:a6:35:ca:56:fa:18:72:d5:a8:69:be:f9:a8:39:e6:
         ee:d4:5a:48:9d:75:92:d6:41:7c:83:ce:6c:28:f6:f1:99:54:
         8e:a2:ae:31:4c:ae:b0:b2:d8:b3:ae:37:ca:5b:59:ec:58:35:
         2b:3a:b0:28:19:b1:12:4c:6c:4a:d2:be:20:df:10:d1:8f:2b:
         b8:ea:8f:2e:af:61:6d:b0:9a:f6:b5:ac:03:4f:76:c6:a3:f1:
         e1:93:9e:ff:0c:08:0f:13:82:a8:c7:d0:39:6a:81:c2:15:52:
         58:5f:63:dd:56:e3:18:b1:25:8e:03:3a:2f:4d:0e:7a:67:e4:
         e5:98:9d:38:57:5e:82:e2:8a:2b:24:b6:7a:c1:af:90:ad:73:
         29:6c:78:71:e5:ea:ae:fa:87:84:19:7e:ab:5c:01:7e:be:c4:
         f6:62:b3:d5:4f:81:23:f5:c8:bb:4b:1d:61:ec:f4:e6:cc:55:
         75:93:6a:9c
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQoJxaMuAJ1sodpIMYR8GJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWEwYWEwYzk2MTU1OWUzNDQ1M2NiYWZiNDE5ZGRlMzg2ZGE4NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEK4rIt4PcHCMp1+GRQodn+kTBbj
CnVfDn+kQD0UX1LwnV1wHtLUDcWOukdWdm+P9d3xlddrDnJB84u1HVg5dAknXYiS
LD5uAOEFFKWJlav0SayIb5oVDINvKdoDgsoXII3QyRGWnOdFsCrjM7DRDgl/ZRf1
fUtME2rc4SbL88+x6Hx80+rCP3vv3ovrRpnLrMWHVmOdYx6dSrujg6uchnh5Qt6b
PKwLShEe0lLAkQKba9S4Ez1EczOJw5+vIu2H55xdNF76v69c0efIK6HMHGZuQ50Y
vwTCu0X97gtwCOjL5aO4Bgyusp//kRL2L4SJkmFHAffFU8J6BXroUruI0wIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFA6gqgyWFVnjRFPLr7QZ3eOG2od6MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvRHFDcURKWVZXZU5FVTh1dnRCbmQ0NGJhaDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgMqDkbE
GAMHACoORsQYAjANBgkqhkiG9w0BAQsFAAOCAQEAJxZxDJd7uvFLo0xLvIY1BY+k
baciM60LS8vf4tnvW7QN4b2TOLXfeP7RPlLFKOc/lXQtWF50835TrGhpoEFX77vu
jU8tPq/HDIVepjXKVvoYctWoab75qDnm7tRaSJ11ktZBfIPObCj28ZlUjqKuMUyu
sLLYs643yltZ7Fg1KzqwKBmxEkxsStK+IN8Q0Y8ruOqPLq9hbbCa9rWsA092xqPx
4ZOe/wwIDxOCqMfQOWqBwhVSWF9j3VbjGLEljgM6L00Oemfk5ZidOFdeguKKKyS2
esGvkK1zKWx4ceXqrvqHhBl+q1wBfr7E9mKz1U+BI/XIu0sdYez05sxVdZNqnA==
-----END CERTIFICATE-----