Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QTAcbfkHigphbCykgMyuUxykxV8.roa
File:                     QTAcbfkHigphbCykgMyuUxykxV8.roa (raw, json)
Hash identifier:          7doyMNjlqsQdSza2/N9RxMRxVujb65Kn6W3+NIFmOug=
Subject key identifier:   41:30:1C:6D:F9:07:8A:0A:61:6C:2C:A4:80:CC:AE:53:1C:A4:C5:5F
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018E5D88CD7B9969657D650689432FB9651A
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QTAcbfkHigphbCykgMyuUxykxV8.roa
Signing time:             Wed 20 Mar 2024 20:23:50 +0000
ROA not before:           Wed 20 Mar 2024 20:23:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45027
IP address blocks:        2a0d:1ac7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:88:cd:7b:99:69:65:7d:65:06:89:43:2f:b9:65:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Mar 20 20:23:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41301c6df9078a0a616c2ca480ccae531ca4c55f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:da:4d:bf:df:d6:b7:46:0b:3a:e9:e5:1b:c7:
                    7f:a4:f2:43:4a:14:db:62:09:a7:0d:02:1f:cf:f8:
                    07:c6:db:84:5d:d5:1b:a9:56:2c:1f:2c:41:2b:c0:
                    cb:e4:30:b3:74:1a:51:25:47:55:3c:44:ea:2f:05:
                    ec:79:f4:a2:7c:db:43:c4:01:fa:c8:f5:30:52:b9:
                    e5:96:28:d9:9c:40:15:c1:4e:fa:54:ea:67:ef:33:
                    b7:fe:24:99:ae:2d:d4:07:91:54:02:74:b0:ee:5a:
                    91:5a:46:3f:96:25:c4:bd:c0:b9:b6:4e:94:d6:c1:
                    03:b7:e1:5a:42:16:93:db:18:99:50:86:cc:67:03:
                    95:b7:10:73:79:91:d7:dd:27:af:78:85:5f:72:27:
                    bb:36:30:af:b0:3f:73:63:6d:9a:34:25:58:54:03:
                    b3:7b:71:39:26:e7:7e:21:b3:a4:0b:15:5f:ef:20:
                    db:77:c6:57:cd:84:b2:8c:68:2d:57:0b:2c:c5:2b:
                    1c:ba:be:e2:02:14:cc:b6:8b:6a:2c:c4:d2:b6:5a:
                    e7:41:c3:fe:6a:7c:22:14:56:5d:82:00:de:2e:48:
                    15:28:02:56:30:6a:31:83:9e:bc:c0:1d:3c:5d:57:
                    2a:97:2f:72:b4:f9:09:ec:c1:c4:de:96:a3:2c:24:
                    a7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:30:1C:6D:F9:07:8A:0A:61:6C:2C:A4:80:CC:AE:53:1C:A4:C5:5F
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QTAcbfkHigphbCykgMyuUxykxV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1ac7::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:e8:31:68:9a:a2:f8:ef:1e:e9:34:db:e6:66:4c:23:71:28:
         28:de:97:03:9e:94:cf:d9:71:b3:92:f2:da:4e:52:72:b8:9a:
         c4:31:ce:ac:93:99:d5:18:ca:0e:12:49:72:63:1a:6b:ed:53:
         af:fd:12:a8:bf:6c:98:15:75:cd:6f:26:8f:c8:64:19:21:4d:
         f3:a3:23:66:a2:67:c7:d3:6e:71:13:90:56:ae:e9:8b:b7:fb:
         b6:c6:37:50:f8:9a:2b:e4:70:d2:8a:1b:5b:2e:08:b2:2c:3f:
         49:4c:7b:18:df:7d:8f:4d:4f:6a:00:b2:7e:56:57:99:69:30:
         b1:69:e6:46:6e:51:f8:18:db:2d:e2:25:b8:17:5f:11:6f:81:
         02:ae:39:a7:c7:ca:5e:0a:87:70:60:1d:4d:05:bb:6b:21:ab:
         ff:3b:ef:bb:b7:a3:d4:90:06:c6:c3:5a:e5:dc:a4:a9:b7:ef:
         43:65:49:0c:ce:86:1a:47:ce:8e:82:03:85:e5:a6:ee:02:0b:
         e4:50:55:87:04:80:71:c4:ec:a1:e0:0a:c2:bb:b8:8e:56:1f:
         bf:91:a0:bd:d0:1d:02:e0:b2:50:44:4b:03:7a:44:f6:6f:e3:
         ed:ca:2a:af:6e:8f:92:2b:19:b0:77:a1:33:a3:46:9f:2b:0b:
         2b:4e:4c:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5diM17mWllfWUGiUMvuWUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMzIwMjAyMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTMwMWM2ZGY5MDc4YTBhNjE2YzJjYTQ4MGNjYWU1MzFjYTRjNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldpNv9/Wt0YLOunlG8d/pPJDShTb
YgmnDQIfz/gHxtuEXdUbqVYsHyxBK8DL5DCzdBpRJUdVPETqLwXsefSifNtDxAH6
yPUwUrnllijZnEAVwU76VOpn7zO3/iSZri3UB5FUAnSw7lqRWkY/liXEvcC5tk6U
1sEDt+FaQhaT2xiZUIbMZwOVtxBzeZHX3SeveIVfcie7NjCvsD9zY22aNCVYVAOz
e3E5Jud+IbOkCxVf7yDbd8ZXzYSyjGgtVwssxSscur7iAhTMtotqLMTStlrnQcP+
anwiFFZdggDeLkgVKAJWMGoxg568wB08XVcqly9ytPkJ7MHE3pajLCSn7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEEwHG35B4oKYWwspIDMrlMcpMVfMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUVRBY2Jma0hpZ3BoYkN5a2dNeXVVeHlreFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0axzAN
BgkqhkiG9w0BAQsFAAOCAQEAZ+gxaJqi+O8e6TTb5mZMI3EoKN6XA56Uz9lxs5Ly
2k5ScriaxDHOrJOZ1RjKDhJJcmMaa+1Tr/0SqL9smBV1zW8mj8hkGSFN86MjZqJn
x9NucROQVq7pi7f7tsY3UPiaK+Rw0oobWy4Isiw/SUx7GN99j01PagCyflZXmWkw
sWnmRm5R+BjbLeIluBdfEW+BAq45p8fKXgqHcGAdTQW7ayGr/zvvu7ej1JAGxsNa
5dykqbfvQ2VJDM6GGkfOjoIDheWm7gIL5FBVhwSAccTsoeAKwru4jlYfv5GgvdAd
AuCyUERLA3pE9m/j7coqr26PkisZsHehM6NGnysLK05M3w==
-----END CERTIFICATE-----