Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/QmEh_LxC050w2P7XKy2kU-uOGpc.roa
File:                     QmEh_LxC050w2P7XKy2kU-uOGpc.roa (raw, json)
Hash identifier:          NS2iyWec1NjDlJCoDKX2s6cpXpLt3TzcwrQlVXOfVkk=
Subject key identifier:   42:61:21:FC:BC:42:D3:9D:30:D8:FE:D7:2B:2D:A4:53:EB:8E:1A:97
Certificate issuer:       /CN=eebb4c0b4af615c85a3cdcded4b7ebb666311b48
Certificate serial:       018CC500CF3CE685F79A9B83D6CDC07210C4
Authority key identifier: EE:BB:4C:0B:4A:F6:15:C8:5A:3C:DC:DE:D4:B7:EB:B6:66:31:1B:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rtMC0r2FchaPNze1LfrtmYxG0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/QmEh_LxC050w2P7XKy2kU-uOGpc.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204911
IP address blocks:        2001:678:a40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/7rtMC0r2FchaPNze1LfrtmYxG0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/7rtMC0r2FchaPNze1LfrtmYxG0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rtMC0r2FchaPNze1LfrtmYxG0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:cf:3c:e6:85:f7:9a:9b:83:d6:cd:c0:72:10:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebb4c0b4af615c85a3cdcded4b7ebb666311b48
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=426121fcbc42d39d30d8fed72b2da453eb8e1a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:72:94:65:51:b9:1e:35:fc:af:61:7a:0c:
                    d1:a9:d9:78:03:72:81:01:43:90:b0:2a:80:ae:ce:
                    e3:1f:5c:d4:41:f4:13:03:3c:b1:a5:16:cf:3d:48:
                    90:67:33:3c:b4:bf:cb:fe:f0:d8:0d:d6:e0:d1:5e:
                    1a:bd:a5:c7:c8:5c:d4:5b:6b:7e:3a:27:45:a7:6d:
                    a3:28:61:76:d0:3e:a9:4a:cd:c6:1b:b7:9b:ab:ea:
                    66:cd:d4:ac:91:7b:91:74:23:49:f4:e8:6f:09:e9:
                    5d:d7:19:17:3f:81:c6:1c:13:03:5c:0e:d1:1b:a6:
                    53:b9:bd:50:11:4c:64:80:42:4e:14:7b:49:59:2a:
                    75:29:dd:34:ad:09:1e:f9:35:23:64:22:1d:f2:e9:
                    21:67:4e:ea:d8:57:df:fa:11:ff:be:4a:3d:ce:88:
                    c7:09:7a:83:48:d9:44:0b:46:e1:18:ba:b5:4b:2a:
                    0e:2a:e5:36:55:15:1d:bc:bd:21:aa:5b:c6:02:50:
                    08:d1:08:67:62:db:95:fa:2e:8a:f9:8d:6e:cd:4b:
                    8d:c7:6c:f8:de:fa:6f:5d:5c:18:01:f7:b5:f5:63:
                    90:40:e0:88:59:28:26:ca:25:13:90:cf:98:19:f7:
                    94:87:30:ab:15:3d:a2:70:f4:1d:5d:34:f9:e9:77:
                    41:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:61:21:FC:BC:42:D3:9D:30:D8:FE:D7:2B:2D:A4:53:EB:8E:1A:97
            X509v3 Authority Key Identifier:
                keyid:EE:BB:4C:0B:4A:F6:15:C8:5A:3C:DC:DE:D4:B7:EB:B6:66:31:1B:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rtMC0r2FchaPNze1LfrtmYxG0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/QmEh_LxC050w2P7XKy2kU-uOGpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ed1b84-b8c5-4766-882d-18e84e747d22/1/7rtMC0r2FchaPNze1LfrtmYxG0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a40::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:7c:a4:e3:ad:64:c7:ee:0e:92:92:69:30:9d:6d:df:0e:b7:
         eb:33:8d:f2:70:e6:6c:d3:2e:a7:d7:df:b0:7d:f5:4a:69:15:
         8c:fd:c2:75:ab:55:15:18:16:2d:69:4e:95:91:09:bc:71:9d:
         e4:84:93:ec:2a:2b:67:4b:a6:7b:56:df:ad:ec:2c:10:62:fc:
         e9:f7:58:31:1c:c0:e4:46:7b:4b:c8:0d:c3:5a:d4:37:c0:f4:
         3e:d1:ae:4a:96:a5:ae:c7:a8:5f:f3:0b:b8:bf:00:76:0c:f4:
         ea:e2:86:d8:b1:3e:c3:6b:c4:f1:c6:9c:7b:a1:5e:aa:7c:38:
         82:26:ae:23:12:91:f6:db:2c:be:2f:a5:81:7e:9b:01:90:9b:
         21:a6:20:0a:96:d1:19:87:f9:08:f7:38:46:e0:37:27:73:8a:
         a9:d8:86:5a:86:0b:ee:af:9a:74:a0:26:d1:20:e5:d2:dc:19:
         9f:d9:d8:80:d5:8b:2d:c1:2d:c1:66:35:29:f2:f7:9d:93:d5:
         d6:94:13:a2:4f:6a:1c:e0:b9:34:84:7b:cc:53:f0:88:ca:1c:
         ec:e8:f3:38:18:53:ab:0d:13:da:8f:4b:34:ec:2e:d7:fc:66:
         9d:eb:95:1c:12:9b:12:82:6a:c9:17:19:1a:8e:73:6a:81:7f:
         a3:7b:0e:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAM885oX3mpuD1s3AchDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmI0YzBiNGFmNjE1Yzg1YTNjZGNkZWQ0YjdlYmI2NjYz
MTFiNDgwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjYxMjFmY2JjNDJkMzlkMzBkOGZlZDcyYjJkYTQ1M2ViOGUxYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRZylGVRuR41/K9hegzRqdl4A3KB
AUOQsCqArs7jH1zUQfQTAzyxpRbPPUiQZzM8tL/L/vDYDdbg0V4avaXHyFzUW2t+
OidFp22jKGF20D6pSs3GG7ebq+pmzdSskXuRdCNJ9OhvCeld1xkXP4HGHBMDXA7R
G6ZTub1QEUxkgEJOFHtJWSp1Kd00rQke+TUjZCId8ukhZ07q2Fff+hH/vko9zojH
CXqDSNlEC0bhGLq1SyoOKuU2VRUdvL0hqlvGAlAI0QhnYtuV+i6K+Y1uzUuNx2z4
3vpvXVwYAfe19WOQQOCIWSgmyiUTkM+YGfeUhzCrFT2icPQdXTT56XdBqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEJhIfy8QtOdMNj+1ystpFPrjhqXMB8GA1UdIwQY
MBaAFO67TAtK9hXIWjzc3tS367ZmMRtIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J0TUMwcjJGY2hhUE56ZTFMZnJ0bVl4RzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZDFiODQtYjhjNS00NzY2LTg4MmQt
MThlODRlNzQ3ZDIyLzEvUW1FaF9MeEMwNTB3MlA3WEt5MmtVLXVPR3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lZDFiODQtYjhjNS00NzY2LTg4MmQtMThlODRlNzQ3ZDIy
LzEvN3J0TUMwcjJGY2hhUE56ZTFMZnJ0bVl4RzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeApA
MA0GCSqGSIb3DQEBCwUAA4IBAQAYfKTjrWTH7g6SkmkwnW3fDrfrM43ycOZs0y6n
19+wffVKaRWM/cJ1q1UVGBYtaU6VkQm8cZ3khJPsKitnS6Z7Vt+t7CwQYvzp91gx
HMDkRntLyA3DWtQ3wPQ+0a5KlqWux6hf8wu4vwB2DPTq4obYsT7Da8Txxpx7oV6q
fDiCJq4jEpH22yy+L6WBfpsBkJshpiAKltEZh/kI9zhG4Dcnc4qp2IZahgvur5p0
oCbRIOXS3Bmf2diA1YstwS3BZjUp8vedk9XWlBOiT2oc4Lk0hHvMU/CIyhzs6PM4
GFOrDRPaj0s07C7X/Gad65UcEpsSgmrJFxkajnNqgX+jew4Y
-----END CERTIFICATE-----