Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/QhEieVCa4VzXwRS2R-uT3VD69zA.roa
File:                     QhEieVCa4VzXwRS2R-uT3VD69zA.roa (raw, json)
Hash identifier:          g7EksG6Y5xUVpGTxJtSk1SiYEQY9x4uAiGIMcbCmQ/k=
Subject key identifier:   42:11:22:79:50:9A:E1:5C:D7:C1:14:B6:47:EB:93:DD:50:FA:F7:30
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       01941FFA7F292B4E92233917FB7A66C3A574
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/QhEieVCa4VzXwRS2R-uT3VD69zA.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43431
IP address blocks:        2a0b:1780::/30 maxlen: 30
                          2a0b:1784::/30 maxlen: 30
                          2a0e:eb00::/48 maxlen: 48
                          2a0e:eb00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:29:2b:4e:92:23:39:17:fb:7a:66:c3:a5:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42112279509ae15cd7c114b647eb93dd50faf730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:39:b0:3d:c8:32:d8:8d:fe:9f:c4:eb:0f:0d:
                    a0:07:85:2c:de:a7:61:f6:32:02:37:7f:58:6b:16:
                    be:78:ae:19:c3:53:89:b6:4e:35:92:91:1d:1f:93:
                    cc:37:2f:8a:70:72:51:d9:a4:24:4b:60:e0:31:14:
                    0a:8e:b1:71:54:b2:f0:c9:4c:ab:c2:c7:68:01:2b:
                    0d:58:7f:81:a2:7e:1f:4d:84:22:f5:4c:c2:a6:8a:
                    34:91:ee:3b:fe:6e:d6:df:bd:3d:c4:66:66:8f:f1:
                    89:6d:0b:13:27:2f:10:ab:4c:48:b9:91:12:45:2b:
                    13:ee:99:b7:d6:30:0b:52:6e:06:e0:d1:1b:e7:73:
                    75:6c:5d:3f:0f:09:09:d5:35:93:73:1e:b6:4a:70:
                    9f:a8:b9:d1:a9:fa:7a:8a:f4:b1:d8:e7:25:6c:d4:
                    06:a2:cf:4d:b7:6c:99:cb:df:10:21:a0:9c:ce:a9:
                    a4:6a:1a:a7:4c:96:ce:9a:9b:26:16:36:95:fa:71:
                    e4:5e:97:2e:91:1e:69:46:23:0d:e6:3e:8c:24:cc:
                    ab:9e:f7:72:db:dd:93:b2:3c:62:91:94:93:43:1d:
                    c1:b3:29:5c:19:6e:b9:4e:1f:97:7e:ac:6a:3c:e9:
                    4b:fc:a3:45:74:cd:dd:eb:f6:4c:40:10:f1:c4:4e:
                    1d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:11:22:79:50:9A:E1:5C:D7:C1:14:B6:47:EB:93:DD:50:FA:F7:30
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/QhEieVCa4VzXwRS2R-uT3VD69zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1780::/29
                  2a0e:eb00::/47

    Signature Algorithm: sha256WithRSAEncryption
         9a:c5:27:ee:30:5c:66:37:81:aa:ce:d5:df:5f:b4:99:aa:1a:
         e0:d3:fa:d4:16:8e:30:37:de:d3:92:07:98:d1:cc:43:5b:96:
         ba:cc:d6:dc:cc:dd:d8:c2:fa:83:fa:2a:d9:6b:94:49:b8:70:
         5d:57:fc:42:9b:20:97:89:f7:ea:dd:d6:60:35:14:89:1a:34:
         5c:f8:59:8a:18:a1:2c:50:ba:51:7f:18:a8:24:f1:a9:49:56:
         09:91:2f:e8:5b:27:44:de:d8:b7:53:e9:af:69:88:1c:f5:52:
         7f:ae:bb:36:da:08:03:42:19:df:2f:e5:01:8c:64:62:a2:65:
         73:b8:b0:6a:98:7b:59:e2:82:d9:3a:d1:78:b3:c7:c7:45:0f:
         9a:be:84:99:dc:d5:13:b5:de:f8:29:59:67:8d:fb:05:99:c1:
         4f:36:99:2b:98:d0:68:ac:9c:dd:6d:9e:94:b4:0e:07:ed:f1:
         54:8a:b0:00:0a:17:66:ba:cc:d1:c2:27:c2:46:f4:b3:07:0e:
         6d:dd:7c:94:28:8b:af:76:76:08:0f:90:97:88:2d:ad:8a:88:
         e5:51:5e:78:75:c8:85:5e:c1:fc:d2:a5:0d:76:7b:09:6d:84:
         ae:d2:f7:a4:27:89:98:65:ab:19:3b:63:4d:fc:12:dd:f4:b9:
         43:70:8d:28
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQf+n8pK06SIzkX+3pmw6V0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjExMjI3OTUwOWFlMTVjZDdjMTE0YjY0N2ViOTNkZDUwZmFmNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDmwPcgy2I3+n8TrDw2gB4Us3qdh
9jICN39Yaxa+eK4Zw1OJtk41kpEdH5PMNy+KcHJR2aQkS2DgMRQKjrFxVLLwyUyr
wsdoASsNWH+Bon4fTYQi9UzCpoo0ke47/m7W3709xGZmj/GJbQsTJy8Qq0xIuZES
RSsT7pm31jALUm4G4NEb53N1bF0/DwkJ1TWTcx62SnCfqLnRqfp6ivSx2OclbNQG
os9Nt2yZy98QIaCczqmkahqnTJbOmpsmFjaV+nHkXpcukR5pRiMN5j6MJMyrnvdy
292TsjxikZSTQx3BsylcGW65Th+XfqxqPOlL/KNFdM3d6/ZMQBDxxE4d0wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFEIRInlQmuFc18EUtkfrk91Q+vcwMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvUWhFaWVWQ2E0VnpYd1JTMlItdVQzVkQ2OXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwUDKgsXgAMH
ASoO6wAAADANBgkqhkiG9w0BAQsFAAOCAQEAmsUn7jBcZjeBqs7V31+0maoa4NP6
1BaOMDfe05IHmNHMQ1uWuszW3Mzd2ML6g/oq2WuUSbhwXVf8Qpsgl4n36t3WYDUU
iRo0XPhZihihLFC6UX8YqCTxqUlWCZEv6FsnRN7Yt1Ppr2mIHPVSf667NtoIA0IZ
3y/lAYxkYqJlc7iwaph7WeKC2TrReLPHx0UPmr6EmdzVE7Xe+ClZZ437BZnBTzaZ
K5jQaKyc3W2elLQOB+3xVIqwAAoXZrrM0cInwkb0swcObd18lCiLr3Z2CA+Ql4gt
rYqI5VFeeHXIhV7B/NKlDXZ7CW2ErtL3pCeJmGWrGTtjTfwS3fS5Q3CNKA==
-----END CERTIFICATE-----