Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/QfCE84C5mXjE3pc-vv8Z3PN8Ftc.roa
File:                     QfCE84C5mXjE3pc-vv8Z3PN8Ftc.roa (raw, json)
Hash identifier:          fWz5/zlEwc/FfIJ7uTaCeiVlT5ulVNUEAcYZgSkvI+4=
Subject key identifier:   41:F0:84:F3:80:B9:99:78:C4:DE:97:3E:BE:FF:19:DC:F3:7C:16:D7
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       01942143C5616D503BB2FCE71990BB293434
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/QfCE84C5mXjE3pc-vv8Z3PN8Ftc.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211935
IP address blocks:        2a0e:f43::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c5:61:6d:50:3b:b2:fc:e7:19:90:bb:29:34:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41f084f380b99978c4de973ebeff19dcf37c16d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:de:79:48:38:06:8c:bf:bc:59:9e:b6:65:dc:
                    ff:08:5f:cd:0a:fe:41:4f:11:20:a4:b5:60:91:28:
                    db:ac:fc:30:05:0c:df:61:6e:a8:91:44:c0:22:99:
                    9a:1d:c2:e6:9f:67:fc:47:fe:c5:e9:14:fb:9a:06:
                    87:42:2b:97:71:1f:05:0e:5a:10:d0:ba:73:c5:ae:
                    16:68:49:f8:da:b1:63:7d:0f:de:ee:3d:c3:ca:35:
                    c3:40:a9:2c:b7:83:11:bc:fa:cd:a8:25:3f:07:97:
                    a1:17:92:92:17:75:b2:49:04:34:2e:14:3c:d4:14:
                    95:e0:2b:dd:10:e3:5d:eb:28:bd:ce:8c:c5:46:7b:
                    2f:42:ec:9c:f0:02:b0:65:1a:97:db:0c:4c:48:7c:
                    af:dc:17:01:26:39:7c:5e:1f:20:75:bc:4b:3c:c3:
                    a4:df:9b:1f:ac:46:09:c5:76:8e:c8:f4:81:f6:c1:
                    2d:97:0f:fc:74:0d:97:b6:01:a7:35:ce:0f:10:55:
                    4d:03:dd:b8:73:65:ba:70:7a:72:9d:8c:a3:52:78:
                    b1:db:d6:7f:06:09:e0:31:29:24:e3:00:5a:3a:ef:
                    6b:cf:30:1a:79:ff:74:f1:93:bb:df:74:2c:cb:16:
                    50:6f:8d:9e:60:ac:d3:ed:57:03:0c:6b:4c:8f:ac:
                    3c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F0:84:F3:80:B9:99:78:C4:DE:97:3E:BE:FF:19:DC:F3:7C:16:D7
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/QfCE84C5mXjE3pc-vv8Z3PN8Ftc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f43::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:b4:02:d7:f9:6f:12:c8:28:fa:61:2e:9e:30:00:82:70:fe:
         73:2b:14:19:b4:e9:ca:bf:f2:09:49:e0:9b:b9:c3:e0:b4:2d:
         a3:82:cd:95:8c:66:c6:de:89:65:cc:12:e7:c3:e2:00:4f:7b:
         78:88:4b:7e:50:9f:59:40:cd:c9:3e:82:86:19:14:11:92:83:
         ad:4b:72:c5:c1:10:f0:88:98:bc:b3:45:28:f7:8f:5b:e7:c4:
         9a:ec:dc:3e:53:22:38:d7:a3:9a:da:20:24:8f:72:e0:f7:03:
         09:8c:77:60:1b:d5:6f:03:9f:c7:25:86:6f:ca:c3:11:0a:40:
         6b:0e:cd:5c:8d:23:d1:8a:fb:d7:de:b9:c2:61:bd:04:9e:3f:
         2b:42:a2:bf:27:ec:59:d8:89:91:9d:13:c7:bb:42:9a:f4:c5:
         8d:2a:ba:05:30:5b:b7:59:c1:f9:f0:af:c8:08:f6:38:b4:d1:
         0a:ac:3e:40:cc:02:89:00:72:ed:f2:b8:39:93:67:39:d1:2a:
         f5:f4:e3:70:16:90:7f:21:2f:ce:8b:9c:d1:d8:49:53:0b:11:
         2b:e4:54:fa:6f:68:4f:b5:e2:b6:04:9b:49:d2:db:8a:11:3d:
         c7:d5:c0:0b:f7:46:26:c2:06:14:50:58:6c:f4:69:cc:80:fa:
         96:08:e7:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ8VhbVA7svznGZC7KTQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWYwODRmMzgwYjk5OTc4YzRkZTk3M2ViZWZmMTlkY2YzN2MxNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn955SDgGjL+8WZ62Zdz/CF/NCv5B
TxEgpLVgkSjbrPwwBQzfYW6okUTAIpmaHcLmn2f8R/7F6RT7mgaHQiuXcR8FDloQ
0Lpzxa4WaEn42rFjfQ/e7j3DyjXDQKkst4MRvPrNqCU/B5ehF5KSF3WySQQ0LhQ8
1BSV4CvdEONd6yi9zozFRnsvQuyc8AKwZRqX2wxMSHyv3BcBJjl8Xh8gdbxLPMOk
35sfrEYJxXaOyPSB9sEtlw/8dA2XtgGnNc4PEFVNA924c2W6cHpynYyjUnix29Z/
BgngMSkk4wBaOu9rzzAaef908ZO733QsyxZQb42eYKzT7VcDDGtMj6w8jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEHwhPOAuZl4xN6XPr7/GdzzfBbXMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvUWZDRTg0QzVtWGpFM3BjLXZ2OFozUE44RnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4PQwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBEtALX+W8SyCj6YS6eMACCcP5zKxQZtOnKv/IJ
SeCbucPgtC2jgs2VjGbG3ollzBLnw+IAT3t4iEt+UJ9ZQM3JPoKGGRQRkoOtS3LF
wRDwiJi8s0Uo949b58Sa7Nw+UyI416Oa2iAkj3Lg9wMJjHdgG9VvA5/HJYZvysMR
CkBrDs1cjSPRivvX3rnCYb0Enj8rQqK/J+xZ2ImRnRPHu0Ka9MWNKroFMFu3WcH5
8K/ICPY4tNEKrD5AzAKJAHLt8rg5k2c50Sr19ONwFpB/IS/Oi5zR2ElTCxEr5FT6
b2hPteK2BJtJ0tuKET3H1cAL90YmwgYUUFhs9GnMgPqWCOdx
-----END CERTIFICATE-----