Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/QBcmMBpfcIn9fSN46fXg-fB3fm8.roa
File:                     QBcmMBpfcIn9fSN46fXg-fB3fm8.roa (raw, json)
Hash identifier:          BIrVS6+yDwfVb1NN7kX8tCxyswJ7TZYWuVICnphEalw=
Subject key identifier:   40:17:26:30:1A:5F:70:89:FD:7D:23:78:E9:F5:E0:F9:F0:77:7E:6F
Certificate issuer:       /CN=049d4f66598668079353721c21935a00319f6759
Certificate serial:       018CC424B2929F3A924A598B325114E07F7E
Authority key identifier: 04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/QBcmMBpfcIn9fSN46fXg-fB3fm8.roa
Signing time:             Mon 01 Jan 2024 08:29:48 +0000
ROA not before:           Mon 01 Jan 2024 08:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        2a11:7400:d1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b2:92:9f:3a:92:4a:59:8b:32:51:14:e0:7f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=049d4f66598668079353721c21935a00319f6759
        Validity
            Not Before: Jan  1 08:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=401726301a5f7089fd7d2378e9f5e0f9f0777e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:2e:5d:8e:c4:14:cb:9f:3c:cd:ee:8a:3f:56:
                    6a:1f:4b:49:83:3f:19:0a:7e:32:e5:96:d2:ad:7b:
                    53:f2:9e:0d:94:e4:c8:26:29:81:86:81:55:72:ad:
                    bd:91:f8:44:22:cd:76:48:ce:dd:f2:83:7e:5b:5e:
                    d5:86:ae:4c:d9:be:b2:bf:63:b8:82:32:be:b6:c1:
                    22:bd:52:21:62:4a:17:35:52:16:f0:fc:86:1d:00:
                    13:f3:d9:72:66:68:ce:23:c3:33:f7:96:81:83:1b:
                    f2:bd:56:e3:8d:60:b9:79:39:e6:97:b6:59:f2:88:
                    f5:34:a2:c5:0b:25:96:00:34:fc:23:4b:70:75:6c:
                    82:17:d2:d3:96:3e:21:2d:17:ce:12:f2:56:92:1e:
                    6e:57:50:ca:1d:ec:b5:8e:7d:cf:5f:1c:54:4d:37:
                    b7:48:53:a4:e7:f6:5c:52:4c:eb:73:3a:17:00:f8:
                    0e:f6:4e:32:de:61:a0:d3:22:4a:41:b9:91:34:d8:
                    15:66:49:65:2a:dc:a3:fc:76:93:00:56:3b:c7:5b:
                    5b:1a:53:44:99:39:c8:82:5b:79:2d:e7:46:8a:b2:
                    1e:6a:03:8b:28:e4:dd:7f:3c:46:32:7f:32:33:f1:
                    20:8f:45:8d:ed:c4:f6:e2:fe:0f:6e:c7:e9:97:40:
                    35:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:17:26:30:1A:5F:70:89:FD:7D:23:78:E9:F5:E0:F9:F0:77:7E:6F
            X509v3 Authority Key Identifier:
                keyid:04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/QBcmMBpfcIn9fSN46fXg-fB3fm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7400:d1::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:df:11:45:c8:c8:e9:20:a1:00:b1:2e:07:99:07:73:4f:d7:
         af:37:d1:8f:ce:d5:ff:4f:0e:d6:b9:37:04:87:1d:8d:84:9d:
         4f:29:79:80:48:92:c3:d3:0c:06:99:15:b3:3a:be:fb:b6:26:
         27:b9:51:7b:34:42:a4:ae:95:83:f9:91:1e:c6:57:74:d2:31:
         c3:55:71:02:da:f0:7f:09:85:e9:e9:1a:d9:18:75:70:44:6d:
         d4:69:ee:9e:4f:57:ac:48:e1:14:22:80:73:5c:bb:06:ba:a0:
         33:61:06:0e:8c:4e:91:8c:2b:23:3d:b1:d0:54:9b:ef:f6:5c:
         7e:6c:1a:0d:a7:32:be:c4:77:9d:73:38:1e:74:6f:e2:f2:7f:
         ae:e2:f6:c3:3e:40:16:f8:c1:04:28:4a:7e:57:48:ae:97:14:
         cb:a8:de:2f:e3:39:92:70:e5:e5:97:94:3e:8a:f6:66:0c:c2:
         6d:14:44:04:dc:3e:d9:05:fb:f4:27:5d:64:d2:3e:99:8e:18:
         b0:4e:54:8a:02:11:66:ef:8c:6c:f2:d1:ce:ca:c8:46:ad:41:
         80:6f:cf:9c:25:45:5a:d8:55:6a:3e:e3:17:b3:e9:50:d0:bf:
         57:a4:b6:49:46:f4:d3:4b:a7:d6:fe:4c:e1:3d:87:0b:4a:b6:
         ec:ee:d2:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJLKSnzqSSlmLMlEU4H9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OWQ0ZjY2NTk4NjY4MDc5MzUzNzIxYzIxOTM1YTAwMzE5
ZjY3NTkwHhcNMjQwMTAxMDgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE3MjYzMDFhNWY3MDg5ZmQ3ZDIzNzhlOWY1ZTBmOWYwNzc3ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6i5djsQUy588ze6KP1ZqH0tJgz8Z
Cn4y5ZbSrXtT8p4NlOTIJimBhoFVcq29kfhEIs12SM7d8oN+W17Vhq5M2b6yv2O4
gjK+tsEivVIhYkoXNVIW8PyGHQAT89lyZmjOI8Mz95aBgxvyvVbjjWC5eTnml7ZZ
8oj1NKLFCyWWADT8I0twdWyCF9LTlj4hLRfOEvJWkh5uV1DKHey1jn3PXxxUTTe3
SFOk5/ZcUkzrczoXAPgO9k4y3mGg0yJKQbmRNNgVZkllKtyj/HaTAFY7x1tbGlNE
mTnIglt5LedGirIeagOLKOTdfzxGMn8yM/Egj0WN7cT24v4Pbsfpl0A1rwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEAXJjAaX3CJ/X0jeOn14Pnwd35vMB8GA1UdIwQY
MBaAFASdT2ZZhmgHk1NyHCGTWgAxn2dZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEt
OTI3OTU0N2VjYTU1LzEvUUJjbU1CcGZjSW45ZlNONDZmWGctZkIzZm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEtOTI3OTU0N2VjYTU1
LzEvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhF0AADR
MA0GCSqGSIb3DQEBCwUAA4IBAQAT3xFFyMjpIKEAsS4HmQdzT9evN9GPztX/Tw7W
uTcEhx2NhJ1PKXmASJLD0wwGmRWzOr77tiYnuVF7NEKkrpWD+ZEexld00jHDVXEC
2vB/CYXp6RrZGHVwRG3Uae6eT1esSOEUIoBzXLsGuqAzYQYOjE6RjCsjPbHQVJvv
9lx+bBoNpzK+xHedczgedG/i8n+u4vbDPkAW+MEEKEp+V0iulxTLqN4v4zmScOXl
l5Q+ivZmDMJtFEQE3D7ZBfv0J11k0j6ZjhiwTlSKAhFm74xs8tHOyshGrUGAb8+c
JUVa2FVqPuMXs+lQ0L9XpLZJRvTTS6fW/kzhPYcLSrbs7tK4
-----END CERTIFICATE-----