Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/QubVM_6N5lx1EgDJtxcjPI_RV3o.roa
File:                     QubVM_6N5lx1EgDJtxcjPI_RV3o.roa (raw, json)
Hash identifier:          0U5OEeLVzA3Fo3jdio9FkyyDkZiO1CmcUt6CGyuWF74=
Subject key identifier:   42:E6:D5:33:FE:8D:E6:5C:75:12:00:C9:B7:17:23:3C:8F:D1:57:7A
Certificate issuer:       /CN=3d11fba43f57ab0445e542fceecb87681657ccf3
Certificate serial:       01941F8C0EF5646D3ABBD5675D881F189F81
Authority key identifier: 3D:11:FB:A4:3F:57:AB:04:45:E5:42:FC:EE:CB:87:68:16:57:CC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/QubVM_6N5lx1EgDJtxcjPI_RV3o.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6775
IP address blocks:        45.143.188.0/22 maxlen: 22
                          2a12:f380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0e:f5:64:6d:3a:bb:d5:67:5d:88:1f:18:9f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d11fba43f57ab0445e542fceecb87681657ccf3
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42e6d533fe8de65c751200c9b717233c8fd1577a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d7:c1:c3:27:cf:82:fc:b0:0d:01:45:7e:41:
                    66:60:16:0d:4e:5d:89:21:ff:54:2b:af:56:e7:00:
                    54:1c:e6:b0:59:a5:14:18:96:82:f5:62:c0:0a:1b:
                    de:45:b7:e6:1e:5c:76:c2:d7:3c:88:9d:e4:22:c6:
                    29:e3:0a:ac:2a:11:d2:af:b1:69:86:dc:9c:85:ee:
                    4b:6b:26:36:d5:d7:bb:19:ba:a2:8c:17:60:37:5f:
                    d9:47:c8:0a:c4:72:fa:e1:54:63:5c:ca:76:5a:fb:
                    24:32:68:36:07:82:41:30:cb:ec:76:09:e5:87:1c:
                    0d:8d:19:76:1c:18:66:2b:60:89:dc:c9:ff:34:90:
                    59:99:f0:c2:a4:89:c5:fa:36:46:84:7a:f3:db:6e:
                    d5:4c:5c:b9:c3:2b:89:56:da:73:09:f1:8f:de:96:
                    fa:12:24:9c:0f:a8:87:9f:2c:a1:be:53:fa:f5:c2:
                    7a:18:46:f1:e7:32:93:a7:d3:69:33:d1:97:6f:c2:
                    55:c2:c2:e1:70:5f:4a:71:9e:91:c1:ee:e5:80:4b:
                    d6:56:58:c8:12:29:09:d0:82:a1:3f:3c:5c:6b:3e:
                    d5:d7:39:a0:62:59:f8:a4:bb:8c:25:4e:7d:6a:fe:
                    2b:c2:a7:00:2b:d0:54:9c:b1:fa:a4:52:ae:5f:d1:
                    26:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E6:D5:33:FE:8D:E6:5C:75:12:00:C9:B7:17:23:3C:8F:D1:57:7A
            X509v3 Authority Key Identifier:
                keyid:3D:11:FB:A4:3F:57:AB:04:45:E5:42:FC:EE:CB:87:68:16:57:CC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/QubVM_6N5lx1EgDJtxcjPI_RV3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.188.0/22
                IPv6:
                  2a12:f380::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:a8:d6:e4:70:c0:bc:b8:f2:f0:18:02:07:77:e9:46:1f:f1:
         e9:b3:c8:61:1f:4e:4e:cc:e1:a4:97:35:15:4c:d0:4e:7f:28:
         7e:41:96:f8:b3:af:df:2b:23:76:88:a5:ff:39:88:1b:a7:df:
         f2:1d:fa:3c:a2:24:34:c6:f6:f5:cc:c6:91:ac:46:d9:4d:d3:
         29:4d:a3:3a:46:7e:28:56:3a:87:c6:f4:d6:71:31:80:7b:a8:
         94:cf:42:9e:14:6f:d7:a8:75:cb:b8:9b:b9:2b:db:36:af:16:
         9a:2f:0b:b8:e6:c8:c7:c7:5d:8c:be:74:6d:d6:4f:68:ab:0a:
         28:37:15:ee:65:44:f3:94:20:57:8b:68:7e:db:1e:a6:6d:ce:
         4c:51:76:24:b5:d0:58:37:ed:d0:12:ab:dc:5e:b3:c5:2d:d7:
         d6:58:d3:c8:e7:74:b4:cb:cf:78:57:3d:54:61:13:6a:ab:db:
         85:07:d6:b5:82:46:dc:61:72:c2:19:b1:53:d7:ed:20:42:da:
         f2:1d:cd:7f:0a:17:76:2c:e8:59:db:bc:04:a0:10:00:e5:37:
         e5:3c:61:6b:cd:aa:ad:e9:52:db:16:5f:7c:f4:e8:a5:ed:40:
         e4:f7:ee:25:17:c2:ba:1d:1a:ed:c2:76:87:92:86:0d:d1:b2:
         53:7e:7a:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjA71ZG06u9VnXYgfGJ+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTFmYmE0M2Y1N2FiMDQ0NWU1NDJmY2VlY2I4NzY4MTY1
N2NjZjMwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmU2ZDUzM2ZlOGRlNjVjNzUxMjAwYzliNzE3MjMzYzhmZDE1NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttfBwyfPgvywDQFFfkFmYBYNTl2J
If9UK69W5wBUHOawWaUUGJaC9WLAChveRbfmHlx2wtc8iJ3kIsYp4wqsKhHSr7Fp
htyche5LayY21de7GbqijBdgN1/ZR8gKxHL64VRjXMp2WvskMmg2B4JBMMvsdgnl
hxwNjRl2HBhmK2CJ3Mn/NJBZmfDCpInF+jZGhHrz227VTFy5wyuJVtpzCfGP3pb6
EiScD6iHnyyhvlP69cJ6GEbx5zKTp9NpM9GXb8JVwsLhcF9KcZ6Rwe7lgEvWVljI
EikJ0IKhPzxcaz7V1zmgYln4pLuMJU59av4rwqcAK9BUnLH6pFKuX9EmCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFELm1TP+jeZcdRIAybcXIzyP0Vd6MB8GA1UdIwQY
MBaAFD0R+6Q/V6sEReVC/O7Lh2gWV8zzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJIN3BEOVhxd1JGNVVMODdzdUhhQlpYelBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NzNhZGUtYjUwNC00YjEwLWFlZDYt
YzVkZDM4NTdhNGQyLzEvUXViVk1fNk41bHgxRWdESnR4Y2pQSV9SVjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NzNhZGUtYjUwNC00YjEwLWFlZDYtYzVkZDM4NTdhNGQy
LzEvUFJIN3BEOVhxd1JGNVVMODdzdUhhQlpYelBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY+8MA0E
AgACMAcDBQMqEvOAMA0GCSqGSIb3DQEBCwUAA4IBAQBIqNbkcMC8uPLwGAIHd+lG
H/Hps8hhH05OzOGklzUVTNBOfyh+QZb4s6/fKyN2iKX/OYgbp9/yHfo8oiQ0xvb1
zMaRrEbZTdMpTaM6Rn4oVjqHxvTWcTGAe6iUz0KeFG/XqHXLuJu5K9s2rxaaLwu4
5sjHx12MvnRt1k9oqwooNxXuZUTzlCBXi2h+2x6mbc5MUXYktdBYN+3QEqvcXrPF
LdfWWNPI53S0y894Vz1UYRNqq9uFB9a1gkbcYXLCGbFT1+0gQtryHc1/Chd2LOhZ
27wEoBAA5TflPGFrzaqt6VLbFl989Oil7UDk9+4lF8K6HRrtwnaHkoYN0bJTfnq3
-----END CERTIFICATE-----