Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/Q9pveRz-wv7HZ-QvQ-d_1s7P-P0.roa
File:                     Q9pveRz-wv7HZ-QvQ-d_1s7P-P0.roa (raw, json)
Hash identifier:          kb9Qh9OnPpsW5NMEf/tWS/tgpgFcrUZe/Kq31oP3Gl0=
Subject key identifier:   43:DA:6F:79:1C:FE:C2:FE:C7:67:E4:2F:43:E7:7F:D6:CE:CF:F8:FD
Certificate issuer:       /CN=a5a56ebf01e00349f673019180560c9a31aea871
Certificate serial:       018D7011448681B0BF119BA76E6A5F7056FF
Authority key identifier: A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/Q9pveRz-wv7HZ-QvQ-d_1s7P-P0.roa
Signing time:             Sat 03 Feb 2024 17:43:16 +0000
ROA not before:           Sat 03 Feb 2024 17:43:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47316
IP address blocks:        2a12:c6c7:1000::/36 maxlen: 48
                          2a12:c6c7:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:70:11:44:86:81:b0:bf:11:9b:a7:6e:6a:5f:70:56:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a56ebf01e00349f673019180560c9a31aea871
        Validity
            Not Before: Feb  3 17:43:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43da6f791cfec2fec767e42f43e77fd6cecff8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8b:21:02:47:ae:05:06:ac:d7:9d:58:06:85:
                    a2:e0:a5:6e:d7:b6:06:c8:97:fb:a4:33:3c:cd:9c:
                    51:d9:42:d1:a5:5b:9f:96:b2:48:b1:f6:51:54:59:
                    f8:f1:96:63:65:88:0d:42:db:f5:dc:94:d9:56:5e:
                    85:64:2c:b1:be:5c:c1:88:18:c3:9c:e7:2b:1c:01:
                    c5:21:25:03:2a:6f:a9:71:f5:c1:ef:27:d4:70:be:
                    42:ea:c4:86:78:b5:49:42:ee:7a:5a:6f:fa:77:e0:
                    a8:f6:e0:09:7e:21:d5:73:18:a1:51:85:33:d4:56:
                    55:99:da:5b:ac:7f:b8:05:cb:88:28:c2:0d:dc:7a:
                    bb:8e:fc:b0:16:e6:c7:62:30:83:ff:d6:45:90:e7:
                    05:36:66:d8:38:b7:af:ce:a3:5b:f5:1e:f0:5e:70:
                    9a:50:ce:87:0d:cf:b9:3a:30:ac:33:83:6b:95:9a:
                    50:c9:c1:21:27:1e:db:a0:f8:5e:9e:ed:0c:25:bb:
                    f4:f2:fd:aa:95:dc:5a:1b:d2:57:91:b7:47:cc:60:
                    86:40:2b:d4:8c:2f:1c:65:ec:b2:3b:19:bf:24:09:
                    e5:87:14:7d:7f:5c:c1:9b:39:21:f6:2c:1d:a2:bc:
                    c4:10:9f:87:8e:24:c2:42:c5:7d:77:7a:b7:0d:54:
                    a9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DA:6F:79:1C:FE:C2:FE:C7:67:E4:2F:43:E7:7F:D6:CE:CF:F8:FD
            X509v3 Authority Key Identifier:
                keyid:A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/Q9pveRz-wv7HZ-QvQ-d_1s7P-P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c6c7:1000::-2a12:c6c7:2fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         07:a6:0d:0c:1a:0d:08:89:cb:85:38:c5:c3:83:1d:ef:f8:24:
         b7:a5:bb:68:c9:5d:95:b4:cf:01:1e:1b:9f:90:a2:84:8e:07:
         07:8e:c7:2b:31:18:2d:4a:68:57:d7:fe:51:0e:1f:e3:c1:79:
         33:f7:63:f9:b5:ea:e8:8b:31:d3:fa:be:1f:53:5e:5b:ab:68:
         ba:3a:45:e4:ea:2b:af:56:01:f5:54:d4:26:bd:2c:7b:c6:4a:
         26:de:9c:2a:aa:ba:4b:f7:72:8b:c9:f1:de:33:9d:6d:f3:92:
         e0:ed:f0:af:18:b7:61:fe:a1:fc:05:82:e4:e7:72:f8:c5:4c:
         e3:ea:15:dc:e3:39:bc:ec:e4:d6:7a:49:ba:ce:62:aa:41:82:
         36:e5:4b:3e:0f:23:72:57:5d:7c:44:1a:92:c5:2e:70:52:ed:
         b8:2b:00:28:9f:4f:0e:86:f0:c4:c0:9e:5c:1b:5a:e5:7a:b9:
         31:9b:66:91:f6:72:19:cd:e1:57:db:bb:16:dc:7a:92:a7:6d:
         d4:e0:0f:2d:a9:ef:83:bb:4b:fe:bb:8a:45:8e:13:81:be:84:
         b7:3a:53:33:d7:25:ab:3b:44:22:b5:f1:9a:37:79:a1:4a:07:
         49:26:d5:a5:c2:db:2b:ec:6e:ee:06:e7:25:f6:f5:f4:2c:df:
         51:da:d2:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1wEUSGgbC/EZunbmpfcFb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTU2ZWJmMDFlMDAzNDlmNjczMDE5MTgwNTYwYzlhMzFh
ZWE4NzEwHhcNMjQwMjAzMTc0MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RhNmY3OTFjZmVjMmZlYzc2N2U0MmY0M2U3N2ZkNmNlY2ZmOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoshAkeuBQas151YBoWi4KVu17YG
yJf7pDM8zZxR2ULRpVuflrJIsfZRVFn48ZZjZYgNQtv13JTZVl6FZCyxvlzBiBjD
nOcrHAHFISUDKm+pcfXB7yfUcL5C6sSGeLVJQu56Wm/6d+Co9uAJfiHVcxihUYUz
1FZVmdpbrH+4BcuIKMIN3Hq7jvywFubHYjCD/9ZFkOcFNmbYOLevzqNb9R7wXnCa
UM6HDc+5OjCsM4NrlZpQycEhJx7boPhenu0MJbv08v2qldxaG9JXkbdHzGCGQCvU
jC8cZeyyOxm/JAnlhxR9f1zBmzkh9iwdorzEEJ+HjiTCQsV9d3q3DVSpYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEPab3kc/sL+x2fkL0Pnf9bOz/j9MB8GA1UdIwQY
MBaAFKWlbr8B4ANJ9nMBkYBWDJoxrqhxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQt
MmQ0NmQzMGRhY2JmLzEvUTlwdmVSei13djdIWi1RdlEtZF8xczdQLVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQtMmQ0NmQzMGRhY2Jm
LzEvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgQqEsbH
EAMGBCoSxscgMA0GCSqGSIb3DQEBCwUAA4IBAQAHpg0MGg0IicuFOMXDgx3v+CS3
pbtoyV2VtM8BHhufkKKEjgcHjscrMRgtSmhX1/5RDh/jwXkz92P5teroizHT+r4f
U15bq2i6OkXk6iuvVgH1VNQmvSx7xkom3pwqqrpL93KLyfHeM51t85Lg7fCvGLdh
/qH8BYLk53L4xUzj6hXc4zm87OTWekm6zmKqQYI25Us+DyNyV118RBqSxS5wUu24
KwAon08OhvDEwJ5cG1rlerkxm2aR9nIZzeFX27sW3HqSp23U4A8tqe+Du0v+u4pF
jhOBvoS3OlMz1yWrO0QitfGaN3mhSgdJJtWlwtsr7G7uBucl9vX0LN9R2tJV
-----END CERTIFICATE-----