Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/qu7da_cxFYITB5hEM0BZhGt_TMA.roa
File:                     qu7da_cxFYITB5hEM0BZhGt_TMA.roa (raw, json)
Hash identifier:          cI5a+Bh4qv++e8pyzekZJFY8urQefEwcI6EYeOVpDeU=
Subject key identifier:   AA:EE:DD:6B:F7:31:15:82:13:07:98:44:33:40:59:84:6B:7F:4C:C0
Certificate issuer:       /CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
Certificate serial:       018F1568FDA1A091D4B95257FCAD7EB4AB4E
Authority key identifier: 20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/qu7da_cxFYITB5hEM0BZhGt_TMA.roa
Signing time:             Thu 25 Apr 2024 13:19:13 +0000
ROA not before:           Thu 25 Apr 2024 13:19:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35594
IP address blocks:        2a0a:7d80:3::/48 maxlen: 48
                          2a0a:7d80:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:68:fd:a1:a0:91:d4:b9:52:57:fc:ad:7e:b4:ab:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
        Validity
            Not Before: Apr 25 13:19:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaeedd6bf731158213079844334059846b7f4cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c7:83:93:90:ae:d9:cf:21:34:d8:ff:36:8c:
                    b1:4f:b5:66:df:d8:da:18:fb:ee:cc:f9:d2:79:b9:
                    e9:25:b2:29:6d:6a:47:b5:60:c3:a2:54:ce:43:f2:
                    d3:6b:d5:11:8b:b6:c6:3a:0c:f8:c8:5e:15:d7:49:
                    9e:8d:fe:4a:2f:cf:a4:d5:54:9b:06:b9:5b:d0:e5:
                    bb:ec:9e:68:99:a2:52:a2:6d:1e:5c:74:33:03:05:
                    0d:01:fe:83:81:19:6f:0d:1b:cb:75:c8:9b:04:43:
                    83:13:da:7b:d2:8f:a3:ea:7f:ac:c1:de:05:94:09:
                    4c:95:ee:92:5f:f5:12:5c:8b:82:51:e4:31:76:1b:
                    c7:9d:61:b1:13:bf:a5:d0:36:58:2b:91:80:46:73:
                    c9:05:1e:51:65:0e:5a:5d:ae:f7:73:85:59:07:df:
                    6d:1a:9d:e4:17:0b:19:6b:5a:1b:33:38:0d:2a:50:
                    76:0a:5f:b8:e3:ab:ad:e7:16:04:64:d3:8c:75:7d:
                    16:ce:bf:32:a3:e5:37:a7:93:b6:af:e9:27:be:13:
                    2d:4f:a5:aa:91:4e:8a:b3:44:e2:f0:80:ad:46:28:
                    6b:3d:54:97:89:4a:2a:6e:36:95:c4:fb:bb:67:33:
                    19:63:56:1a:db:28:77:d0:90:6d:a9:e1:fc:0e:60:
                    ee:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:EE:DD:6B:F7:31:15:82:13:07:98:44:33:40:59:84:6B:7F:4C:C0
            X509v3 Authority Key Identifier:
                keyid:20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/qu7da_cxFYITB5hEM0BZhGt_TMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7d80:3::/48
                  2a0a:7d80:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:7c:73:29:77:31:4b:bc:34:1e:6b:88:f4:c0:b0:49:89:22:
         69:13:d1:47:7b:7a:18:c4:57:c6:d2:75:40:e8:6a:41:83:1b:
         31:85:55:8e:25:f6:66:f5:5d:b0:fb:70:27:3b:60:3c:2c:23:
         65:ff:4f:6d:38:50:29:98:86:e1:2d:89:da:1c:9c:48:ea:1f:
         f1:16:37:95:eb:57:3c:1c:c6:d5:59:9d:ee:1f:88:db:e1:bc:
         62:91:33:87:ff:ba:22:99:17:81:05:63:9b:5f:ee:63:0d:70:
         2e:30:6d:b9:0f:09:dc:6b:ba:e7:7f:62:e4:c1:95:8f:00:e4:
         7c:9c:2c:a7:c6:67:60:11:b8:be:4b:88:61:26:93:b8:04:4e:
         4d:36:08:89:ab:0b:0f:ad:6d:f0:3b:89:e7:31:98:ea:8b:a8:
         22:20:00:f0:4a:12:ce:44:a0:f9:87:1c:7a:2e:4c:ed:72:c2:
         e9:32:c6:ff:0e:e5:7a:c5:0a:63:9e:3a:d2:b5:17:17:c5:8d:
         fb:96:a1:81:f9:9e:2b:a9:cb:3e:07:92:fc:b2:17:a9:ca:a6:
         fa:7c:ba:86:c4:4c:d8:e6:b7:9d:53:0e:4c:75:01:ad:30:bb:
         d8:08:1e:33:fd:ca:91:88:0c:7d:a6:5a:c9:96:84:e0:b2:41:
         5e:65:81:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8VaP2hoJHUuVJX/K1+tKtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzVlZTAyZDJlMDU4NjFkZDkwNmZlMDZiMzg0NGYwNGQz
NzhjNzMwHhcNMjQwNDI1MTMxOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWVlZGQ2YmY3MzExNTgyMTMwNzk4NDQzMzQwNTk4NDZiN2Y0Y2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtseDk5Cu2c8hNNj/NoyxT7Vm39ja
GPvuzPnSebnpJbIpbWpHtWDDolTOQ/LTa9URi7bGOgz4yF4V10mejf5KL8+k1VSb
Brlb0OW77J5omaJSom0eXHQzAwUNAf6DgRlvDRvLdcibBEODE9p70o+j6n+swd4F
lAlMle6SX/USXIuCUeQxdhvHnWGxE7+l0DZYK5GARnPJBR5RZQ5aXa73c4VZB99t
Gp3kFwsZa1obMzgNKlB2Cl+446ut5xYEZNOMdX0Wzr8yo+U3p5O2r+knvhMtT6Wq
kU6Ks0Ti8ICtRihrPVSXiUoqbjaVxPu7ZzMZY1Ya2yh30JBtqeH8DmDuqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKru3Wv3MRWCEweYRDNAWYRrf0zAMB8GA1UdIwQY
MBaAFCDF7gLS4Fhh3ZBv4Gs4RPBNN4xzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUt
Njc3NzEzNTlhMmIzLzEvcXU3ZGFfY3hGWUlUQjVoRU0wQlpoR3RfVE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUtNjc3NzEzNTlhMmIz
LzEvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgp9gAAD
AwcAKgp9gAAJMA0GCSqGSIb3DQEBCwUAA4IBAQBcfHMpdzFLvDQea4j0wLBJiSJp
E9FHe3oYxFfG0nVA6GpBgxsxhVWOJfZm9V2w+3AnO2A8LCNl/09tOFApmIbhLYna
HJxI6h/xFjeV61c8HMbVWZ3uH4jb4bxikTOH/7oimReBBWObX+5jDXAuMG25Dwnc
a7rnf2LkwZWPAOR8nCynxmdgEbi+S4hhJpO4BE5NNgiJqwsPrW3wO4nnMZjqi6gi
IADwShLORKD5hxx6LkztcsLpMsb/DuV6xQpjnjrStRcXxY37lqGB+Z4rqcs+B5L8
shepyqb6fLqGxEzY5redUw5MdQGtMLvYCB4z/cqRiAx9plrJloTgskFeZYE/
-----END CERTIFICATE-----