Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/Q_Lg6CK7aS6mDfL3ZzKO388DoR0.roa
File:                     Q_Lg6CK7aS6mDfL3ZzKO388DoR0.roa (raw, json)
Hash identifier:          AnFPFnZrZvN7dRDXRZZY6f0odHCkTCAbH1Rse8JT36Y=
Subject key identifier:   43:F2:E0:E8:22:BB:69:2E:A6:0D:F2:F7:67:32:8E:DF:CF:03:A1:1D
Certificate issuer:       /CN=742b1b5c075c3d3bdfa3525d476b1b2867c2a2ca
Certificate serial:       018CC2DAB14500E976151887522FDDB39E32
Authority key identifier: 74:2B:1B:5C:07:5C:3D:3B:DF:A3:52:5D:47:6B:1B:28:67:C2:A2:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/Q_Lg6CK7aS6mDfL3ZzKO388DoR0.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a02:79a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b1:45:00:e9:76:15:18:87:52:2f:dd:b3:9e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=742b1b5c075c3d3bdfa3525d476b1b2867c2a2ca
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f2e0e822bb692ea60df2f767328edfcf03a11d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4e:1b:92:c4:5b:65:ba:20:70:78:3e:61:c1:
                    8a:ab:e4:b4:22:f2:c7:ed:5f:36:9f:ad:25:62:a9:
                    84:05:9f:17:26:80:4e:50:e1:71:f6:8c:58:68:c9:
                    c2:78:11:99:42:77:59:77:0c:e8:86:e8:00:97:de:
                    b1:f7:46:17:9c:dc:8f:7f:66:fe:31:5b:df:fb:1a:
                    69:fd:45:37:24:b1:af:21:38:a3:7c:a1:93:40:a6:
                    0f:15:f2:ed:98:6b:c6:28:4a:40:34:b3:f6:b8:7b:
                    c6:d0:22:16:1a:4e:8d:13:00:3d:7e:93:eb:a9:36:
                    31:e9:2a:05:3e:be:4c:ab:81:63:e8:1d:77:80:10:
                    bf:be:43:02:98:0b:96:e7:75:48:2e:84:3a:03:b5:
                    e2:dc:37:aa:a7:90:f6:54:2f:d9:23:a7:f7:55:4e:
                    8c:3b:9e:00:7b:c7:3a:e9:c3:42:0f:84:fd:ef:22:
                    a5:7a:85:a2:16:34:a3:eb:f4:cf:e6:c9:35:27:ef:
                    b5:47:42:8c:2c:bc:b0:ef:ca:bd:aa:2e:a4:25:47:
                    4d:17:c3:d1:10:c1:67:9e:b4:5b:c5:b5:1d:28:64:
                    4d:5a:21:21:a6:d5:97:1a:3d:28:c1:ef:36:72:30:
                    42:71:96:24:6f:18:23:f4:f9:7a:55:92:0c:40:dc:
                    97:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F2:E0:E8:22:BB:69:2E:A6:0D:F2:F7:67:32:8E:DF:CF:03:A1:1D
            X509v3 Authority Key Identifier:
                keyid:74:2B:1B:5C:07:5C:3D:3B:DF:A3:52:5D:47:6B:1B:28:67:C2:A2:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dCsbXAdcPTvfo1JdR2sbKGfCoso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/Q_Lg6CK7aS6mDfL3ZzKO388DoR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/202a79-5bfe-4a48-a7f9-414196ac646e/1/dCsbXAdcPTvfo1JdR2sbKGfCoso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:79a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:28:fd:2c:3d:77:4e:cb:74:6d:f6:3b:6d:3a:02:dd:6b:db:
         3b:6a:e8:a7:e2:7a:6b:36:64:aa:0f:5f:98:84:4d:e1:f5:22:
         0a:55:c2:a0:a8:6c:9d:f3:23:73:c8:d0:6b:c4:27:af:eb:af:
         5f:e5:ac:b8:cd:f5:95:86:ff:7b:55:f3:cd:90:15:8f:20:25:
         af:f3:77:64:17:3f:29:de:30:50:9c:60:cd:d7:be:77:a1:db:
         44:19:99:56:60:01:9c:08:f1:50:89:35:a3:3c:52:dd:42:1f:
         28:f1:43:74:8b:5e:f9:ce:60:04:60:af:f7:1c:c9:3b:8e:17:
         a3:38:f7:9d:40:cf:41:97:bd:ec:bd:b9:b7:13:f3:b1:c6:10:
         23:3c:86:ae:fc:b1:11:fd:15:21:3b:d1:d8:62:3b:12:2c:e7:
         54:bf:3c:bf:c3:30:b4:06:87:5d:8c:96:f4:27:c5:57:30:fd:
         71:aa:de:5d:a0:ea:ee:d3:21:60:fb:9c:b9:70:ba:b0:d5:2a:
         e1:02:72:07:8c:b5:51:7c:04:16:e7:12:ac:17:18:2b:d7:a2:
         1b:a3:da:1c:8e:11:b8:3c:d3:24:34:d1:35:53:8a:a5:c9:9b:
         26:85:4b:7e:a7:be:d7:b6:89:28:7a:51:3c:f6:d7:48:ca:b6:
         99:ce:3b:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2rFFAOl2FRiHUi/ds54yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MmIxYjVjMDc1YzNkM2JkZmEzNTI1ZDQ3NmIxYjI4Njdj
MmEyY2EwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2YyZTBlODIyYmI2OTJlYTYwZGYyZjc2NzMyOGVkZmNmMDNhMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn04bksRbZbogcHg+YcGKq+S0IvLH
7V82n60lYqmEBZ8XJoBOUOFx9oxYaMnCeBGZQndZdwzohugAl96x90YXnNyPf2b+
MVvf+xpp/UU3JLGvITijfKGTQKYPFfLtmGvGKEpANLP2uHvG0CIWGk6NEwA9fpPr
qTYx6SoFPr5Mq4Fj6B13gBC/vkMCmAuW53VILoQ6A7Xi3Deqp5D2VC/ZI6f3VU6M
O54Ae8c66cNCD4T97yKleoWiFjSj6/TP5sk1J++1R0KMLLyw78q9qi6kJUdNF8PR
EMFnnrRbxbUdKGRNWiEhptWXGj0owe82cjBCcZYkbxgj9Pl6VZIMQNyXSwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEPy4Ogiu2kupg3y92cyjt/PA6EdMB8GA1UdIwQY
MBaAFHQrG1wHXD0736NSXUdrGyhnwqLKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZENzYlhBZGNQVHZmbzFKZFIyc2JLR2ZDb3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8yMDJhNzktNWJmZS00YTQ4LWE3Zjkt
NDE0MTk2YWM2NDZlLzEvUV9MZzZDSzdhUzZtRGZMM1p6S08zODhEb1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8yMDJhNzktNWJmZS00YTQ4LWE3ZjktNDE0MTk2YWM2NDZl
LzEvZENzYlhBZGNQVHZmbzFKZFIyc2JLR2ZDb3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgJ5oDAN
BgkqhkiG9w0BAQsFAAOCAQEAHSj9LD13Tst0bfY7bToC3WvbO2rop+J6azZkqg9f
mIRN4fUiClXCoKhsnfMjc8jQa8Qnr+uvX+WsuM31lYb/e1XzzZAVjyAlr/N3ZBc/
Kd4wUJxgzde+d6HbRBmZVmABnAjxUIk1ozxS3UIfKPFDdIte+c5gBGCv9xzJO44X
ozj3nUDPQZe97L25txPzscYQIzyGrvyxEf0VITvR2GI7EiznVL88v8MwtAaHXYyW
9CfFVzD9careXaDq7tMhYPucuXC6sNUq4QJyB4y1UXwEFucSrBcYK9eiG6PaHI4R
uDzTJDTRNVOKpcmbJoVLfqe+17aJKHpRPPbXSMq2mc47KQ==
-----END CERTIFICATE-----