Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/QPn7LB4emXSAeNnVjllQCH-31c8.roa
File:                     QPn7LB4emXSAeNnVjllQCH-31c8.roa (raw, json)
Hash identifier:          UDaA069uPiYLLsVO5rPK+YfcDsIdYguYG3vzDQ8YWZw=
Subject key identifier:   40:F9:FB:2C:1E:1E:99:74:80:78:D9:D5:8E:59:50:08:7F:B7:D5:CF
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDBCEA5B547C5F5DDDEE919EB70EE2
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/QPn7LB4emXSAeNnVjllQCH-31c8.roa
Signing time:             Thu 02 Jan 2025 07:49:33 +0000
ROA not before:           Thu 02 Jan 2025 07:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35467
IP address blocks:        2a07:3501:1260::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:bc:ea:5b:54:7c:5f:5d:dd:ee:91:9e:b7:0e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40f9fb2c1e1e99748078d9d58e5950087fb7d5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:05:9a:79:f7:ce:31:a4:de:60:3d:0c:7e:7f:
                    39:12:74:41:9c:0f:92:4e:65:8f:da:79:5f:e3:3c:
                    40:f1:9b:fa:15:dc:58:97:0a:e0:98:62:68:30:c1:
                    75:d5:ea:28:b1:25:3e:d9:f6:9c:43:f0:e9:1f:58:
                    b9:0b:37:31:72:d3:88:d7:e5:21:97:28:e3:7f:ba:
                    13:8c:6b:4a:ce:fe:7d:81:2f:8c:f3:48:9b:e2:64:
                    41:6e:e3:3b:06:83:45:5b:a2:ea:10:3d:b6:4e:4a:
                    74:dd:d4:f4:2d:d1:e8:06:a4:f5:b7:9d:68:a6:ce:
                    14:fa:e0:33:ca:a8:21:38:4e:a0:28:5b:3a:99:eb:
                    ac:ed:d7:a0:75:aa:a7:d2:db:df:66:bf:45:41:8a:
                    10:c2:8b:ac:8f:b9:21:0b:92:eb:e5:59:f5:f4:f0:
                    1d:59:a8:6b:e2:ba:9c:8e:5a:85:67:4a:12:8c:fb:
                    fd:a7:5a:fe:51:4f:98:bb:48:7b:f5:f0:a0:c8:c9:
                    e0:31:0f:c1:cd:f0:01:f7:f1:8b:32:42:23:d4:eb:
                    6c:b6:de:64:4f:96:4e:4e:8b:74:68:97:a3:71:3f:
                    50:ac:be:06:b6:41:02:2f:07:0d:a9:57:cf:8c:a7:
                    50:9c:47:7e:f6:a3:18:5e:df:f3:d2:87:f9:73:69:
                    e1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F9:FB:2C:1E:1E:99:74:80:78:D9:D5:8E:59:50:08:7F:B7:D5:CF
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/QPn7LB4emXSAeNnVjllQCH-31c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1260::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:2c:b7:5e:62:14:47:43:31:ac:58:cc:b7:43:32:35:01:19:
         0c:1d:0a:1a:4e:99:40:ce:0c:48:af:9e:d1:a9:28:6e:82:c4:
         d1:44:21:bb:46:7e:6b:fd:66:88:13:a2:a9:ed:1d:03:97:0a:
         84:ff:c6:38:1b:87:86:0c:95:03:2b:9f:0f:34:4f:e4:83:9f:
         3b:45:3c:c7:5e:1e:e9:9c:dd:69:75:4f:d5:86:5e:1f:d3:c6:
         01:d4:31:4b:2d:69:55:5e:29:55:77:b7:fe:3b:05:4e:c8:3a:
         3c:37:18:01:eb:a7:44:7e:cb:57:ae:05:a6:fa:b0:de:3c:e8:
         1a:b2:9d:cc:4b:36:4b:ef:ea:f3:32:66:95:c1:b4:df:d3:9e:
         eb:c3:9c:05:54:34:29:bf:ad:2b:ac:96:29:90:4c:cf:b8:98:
         4d:85:3a:84:fd:15:76:cf:95:90:c1:44:0b:6e:29:f0:1c:a8:
         38:19:8f:c0:19:e4:16:3b:9f:41:1b:2d:36:62:5d:86:bd:06:
         ad:96:b5:86:7d:e2:a0:b9:93:d5:88:7c:bf:5a:11:0a:20:6f:
         77:2f:d0:0d:da:46:59:49:a7:29:3e:ef:d9:68:60:9e:e9:39:
         7b:89:f6:8a:d4:40:a3:56:38:aa:75:a5:d9:bb:75:8d:b5:92:
         44:7a:16:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/bzqW1R8X13d7pGetw7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY5ZmIyYzFlMWU5OTc0ODA3OGQ5ZDU4ZTU5NTAwODdmYjdkNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAWaeffOMaTeYD0Mfn85EnRBnA+S
TmWP2nlf4zxA8Zv6FdxYlwrgmGJoMMF11eoosSU+2facQ/DpH1i5CzcxctOI1+Uh
lyjjf7oTjGtKzv59gS+M80ib4mRBbuM7BoNFW6LqED22Tkp03dT0LdHoBqT1t51o
ps4U+uAzyqghOE6gKFs6meus7degdaqn0tvfZr9FQYoQwousj7khC5Lr5Vn19PAd
Wahr4rqcjlqFZ0oSjPv9p1r+UU+Yu0h79fCgyMngMQ/BzfAB9/GLMkIj1Otstt5k
T5ZOTot0aJejcT9QrL4GtkECLwcNqVfPjKdQnEd+9qMYXt/z0of5c2nhhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFED5+yweHpl0gHjZ1Y5ZUAh/t9XPMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvUVBuN0xCNGVtWFNBZU5uVmpsbFFDSC0zMWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARJg
MA0GCSqGSIb3DQEBCwUAA4IBAQAmLLdeYhRHQzGsWMy3QzI1ARkMHQoaTplAzgxI
r57RqShugsTRRCG7Rn5r/WaIE6Kp7R0DlwqE/8Y4G4eGDJUDK58PNE/kg587RTzH
Xh7pnN1pdU/Vhl4f08YB1DFLLWlVXilVd7f+OwVOyDo8NxgB66dEfstXrgWm+rDe
POgasp3MSzZL7+rzMmaVwbTf057rw5wFVDQpv60rrJYpkEzPuJhNhTqE/RV2z5WQ
wUQLbinwHKg4GY/AGeQWO59BGy02Yl2GvQatlrWGfeKguZPViHy/WhEKIG93L9AN
2kZZSacpPu/ZaGCe6Tl7ifaK1ECjVjiqdaXZu3WNtZJEehb+
-----END CERTIFICATE-----