Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/QfJGcICUs9Ej1AUv1rRUZ8Xctk0.roa
File:                     QfJGcICUs9Ej1AUv1rRUZ8Xctk0.roa (raw, json)
Hash identifier:          7q04UG21qkwmFM+hFjcJQPmY1tVuJ6d7O9TElKsVV9M=
Subject key identifier:   41:F2:46:70:80:94:B3:D1:23:D4:05:2F:D6:B4:54:67:C5:DC:B6:4D
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D624B7BB73B75BFD8D59C0AFE7BAB7
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/QfJGcICUs9Ej1AUv1rRUZ8Xctk0.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17818
IP address blocks:        2a06:e800::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:24:b7:bb:73:b7:5b:fd:8d:59:c0:af:e7:ba:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41f246708094b3d123d4052fd6b45467c5dcb64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:4d:b2:f3:ec:23:2e:a2:ed:e5:f4:d8:74:
                    22:52:d3:1d:ab:27:27:41:da:0b:54:6e:41:ce:22:
                    2b:8b:10:6b:22:31:a6:a5:e0:18:c1:89:5d:7e:5b:
                    91:2d:71:dd:2d:0f:5c:57:21:4f:b5:bd:49:a9:f6:
                    6e:e1:d6:c4:32:b4:27:bb:50:61:30:27:e7:cc:2f:
                    66:a6:b7:2d:fe:e4:71:8f:4d:03:48:5e:d3:47:de:
                    6f:54:70:e8:b6:0b:16:ae:27:5e:bc:af:46:c2:b2:
                    e5:be:2f:4f:75:9f:be:6d:20:11:42:16:72:5d:3c:
                    5a:77:70:92:f0:e8:cb:a1:a4:c7:c1:5e:3b:0d:ca:
                    09:a8:21:11:e7:52:67:50:09:b8:f7:4b:bb:7d:4f:
                    d8:1c:7a:58:25:f6:5e:f3:a8:73:e2:ae:92:c6:bd:
                    96:79:7b:b0:dc:bb:6b:fe:0d:8c:90:50:8d:6d:e5:
                    ee:86:6c:22:b2:0b:33:18:ba:1f:5b:f0:d8:d7:17:
                    19:1f:1f:b5:2e:44:b7:5a:c2:7a:d0:1a:74:0b:48:
                    53:48:80:90:2a:c3:c5:e4:f3:ce:e6:03:5c:73:13:
                    ee:81:5c:28:88:e2:84:51:50:2c:ee:23:50:52:d4:
                    55:74:e7:f6:ff:35:47:53:a7:a6:e7:17:34:01:6c:
                    b5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F2:46:70:80:94:B3:D1:23:D4:05:2F:D6:B4:54:67:C5:DC:B6:4D
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/QfJGcICUs9Ej1AUv1rRUZ8Xctk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:1c:fe:b9:21:8e:55:6f:b2:2f:fc:06:09:7a:68:fc:7b:47:
         92:9c:8e:51:18:5a:ac:a6:87:15:00:60:a9:8d:c8:bc:06:ba:
         4c:26:24:d2:0f:37:a5:c6:5c:ec:a3:cc:86:3f:57:1d:5a:73:
         72:51:3f:70:d5:b3:b8:a5:14:ef:7f:41:58:d7:0d:19:56:2e:
         b3:62:5f:0c:00:b0:77:c7:45:f9:88:e5:e0:d3:f7:2a:78:df:
         47:48:97:ad:be:12:0e:ce:df:27:56:91:59:bc:82:a6:b9:7a:
         c4:f2:6d:3a:17:61:c6:bb:a3:37:56:2b:14:98:7a:5a:61:0b:
         7d:45:b0:e3:16:60:a2:df:39:99:a1:c8:c3:e3:48:82:b0:ab:
         da:1d:b8:82:ea:cc:f9:4a:8c:c0:50:06:f6:a5:5f:7f:ac:93:
         49:c5:da:1d:bb:6b:d9:1d:d9:10:28:00:18:87:6b:df:b3:77:
         47:8e:f2:b6:05:4c:8d:49:f1:97:65:f2:57:43:54:f1:8e:3f:
         13:9a:cf:ed:a3:da:f4:a2:df:57:af:bd:47:1e:f2:5e:35:68:
         6a:e2:9e:0d:6e:31:3f:83:f3:a2:4d:c1:ef:d1:aa:5d:54:a4:
         cf:97:4b:f8:cf:63:20:2c:8a:4f:93:2c:b8:24:e5:f9:1f:00:
         20:da:b6:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1iS3u3O3W/2NWcCv57q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWYyNDY3MDgwOTRiM2QxMjNkNDA1MmZkNmI0NTQ2N2M1ZGNiNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRtNsvPsIy6i7eX02HQiUtMdqycn
QdoLVG5BziIrixBrIjGmpeAYwYldfluRLXHdLQ9cVyFPtb1JqfZu4dbEMrQnu1Bh
MCfnzC9mprct/uRxj00DSF7TR95vVHDotgsWridevK9GwrLlvi9PdZ++bSARQhZy
XTxad3CS8OjLoaTHwV47DcoJqCER51JnUAm490u7fU/YHHpYJfZe86hz4q6Sxr2W
eXuw3Ltr/g2MkFCNbeXuhmwisgszGLofW/DY1xcZHx+1LkS3WsJ60Bp0C0hTSICQ
KsPF5PPO5gNccxPugVwoiOKEUVAs7iNQUtRVdOf2/zVHU6em5xc0AWy1FwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEHyRnCAlLPRI9QFL9a0VGfF3LZNMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvUWZKR2NJQ1VzOUVqMUFVdjFyUlVaOFhjdGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgboADAN
BgkqhkiG9w0BAQsFAAOCAQEAjhz+uSGOVW+yL/wGCXpo/HtHkpyOURharKaHFQBg
qY3IvAa6TCYk0g83pcZc7KPMhj9XHVpzclE/cNWzuKUU739BWNcNGVYus2JfDACw
d8dF+Yjl4NP3KnjfR0iXrb4SDs7fJ1aRWbyCprl6xPJtOhdhxrujN1YrFJh6WmEL
fUWw4xZgot85maHIw+NIgrCr2h24gurM+UqMwFAG9qVff6yTScXaHbtr2R3ZECgA
GIdr37N3R47ytgVMjUnxl2XyV0NU8Y4/E5rP7aPa9KLfV6+9Rx7yXjVoauKeDW4x
P4Pzok3B79GqXVSkz5dL+M9jICyKT5MsuCTl+R8AINq2JQ==
-----END CERTIFICATE-----