Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/qrHcalRy_JXYvUIS1tkkzHH6ZPM.roa
File:                     qrHcalRy_JXYvUIS1tkkzHH6ZPM.roa (raw, json)
Hash identifier:          B5LhQQeMhbxhyP/euiUVZeJTjZ4f803srjRMUk59y8Q=
Subject key identifier:   AA:B1:DC:6A:54:72:FC:95:D8:BD:42:12:D6:D9:24:CC:71:FA:64:F3
Certificate issuer:       /CN=1719d0bc044cdaa2341809d000f0fc4e1dedb345
Certificate serial:       019421B17BB7514EAF78040535CEAF118386
Authority key identifier: 17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/qrHcalRy_JXYvUIS1tkkzHH6ZPM.roa
Signing time:             Wed 01 Jan 2025 11:47:47 +0000
ROA not before:           Wed 01 Jan 2025 11:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208562
IP address blocks:        2001:678:ad8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:7b:b7:51:4e:af:78:04:05:35:ce:af:11:83:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1719d0bc044cdaa2341809d000f0fc4e1dedb345
        Validity
            Not Before: Jan  1 11:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aab1dc6a5472fc95d8bd4212d6d924cc71fa64f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:78:25:a6:92:dd:7d:6f:d0:42:5a:c8:98:61:
                    f9:56:cc:81:f0:83:a4:ec:83:a9:ef:16:f2:98:39:
                    cc:15:6c:7d:84:03:18:0d:87:b8:08:6e:a3:e8:c6:
                    98:f6:57:06:4e:d6:66:bf:a3:15:7b:89:a7:4d:0e:
                    80:13:bd:b9:a3:59:88:f0:55:50:f3:33:a0:f1:38:
                    1f:79:b7:1a:46:a3:6e:7f:29:a1:1f:37:db:66:4f:
                    74:90:4d:55:a8:23:5e:5e:9e:1b:0b:d2:72:dd:6e:
                    ec:0a:04:a1:50:ba:be:b1:b4:8c:c9:21:a7:bc:c6:
                    e3:33:f6:29:f9:9b:48:cf:52:6c:a8:17:60:8d:89:
                    7e:f6:0f:05:70:26:ee:60:d9:20:25:6b:ab:d5:4f:
                    c8:ab:d7:46:06:ab:16:bf:88:48:31:6a:ee:b0:fd:
                    e4:87:10:fa:b2:f1:fa:3b:e3:35:b6:19:c3:1c:7b:
                    54:66:39:8b:aa:7b:d2:2c:96:ad:89:6e:eb:cc:86:
                    41:0f:7e:35:66:25:dd:7d:01:a0:0d:d7:45:b2:ae:
                    11:f5:0a:c8:9c:bd:c5:a7:73:7f:08:9b:03:2b:a5:
                    0c:83:95:e4:bb:ed:84:0e:66:bf:ca:e5:af:69:7c:
                    a8:9a:a4:7f:3d:3b:df:95:86:8e:90:58:21:2b:b2:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B1:DC:6A:54:72:FC:95:D8:BD:42:12:D6:D9:24:CC:71:FA:64:F3
            X509v3 Authority Key Identifier:
                keyid:17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/qrHcalRy_JXYvUIS1tkkzHH6ZPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ad8::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:dd:2c:66:68:50:83:f6:6f:9f:da:ce:4c:6d:d7:18:8a:70:
         75:79:d9:08:b5:9c:92:d1:fc:d5:cc:c2:a5:77:35:e8:07:b4:
         24:8c:ee:23:97:5b:2f:1d:15:2f:ae:22:03:53:6b:c6:f4:ab:
         22:a2:0e:cd:0b:76:3b:65:19:35:2c:95:85:f0:db:cb:07:a7:
         b4:18:c3:32:fa:1c:67:94:2a:28:99:69:cd:c1:25:c6:13:97:
         67:0d:14:30:f0:92:e4:fc:a7:0a:d0:ae:9f:2a:44:9a:71:7d:
         0a:79:4b:7b:c5:0f:79:31:09:b7:54:6d:54:dc:b6:88:33:6d:
         2d:51:d5:f1:ce:00:fb:40:c6:af:a9:7f:02:fc:95:62:93:96:
         db:49:61:a3:2c:8a:58:72:eb:8e:8b:b0:bd:d2:4e:8b:1e:34:
         b4:3c:db:7d:55:43:77:09:1c:7c:d1:77:e3:d4:4e:df:0c:30:
         d7:40:32:c3:88:d1:a2:03:7b:c3:90:a4:1e:85:e9:31:0b:ba:
         f4:d9:fd:1b:26:5e:c6:19:35:a5:d8:45:0c:b3:16:78:30:d0:
         7e:ae:58:4b:4c:24:b6:ce:13:83:7f:3b:e6:38:33:92:c0:a6:
         42:07:54:26:af:ec:de:3e:ce:52:0b:d4:a4:08:e7:83:3e:ff:
         1b:ca:73:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsXu3UU6veAQFNc6vEYOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTlkMGJjMDQ0Y2RhYTIzNDE4MDlkMDAwZjBmYzRlMWRl
ZGIzNDUwHhcNMjUwMTAxMTE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIxZGM2YTU0NzJmYzk1ZDhiZDQyMTJkNmQ5MjRjYzcxZmE2NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3glppLdfW/QQlrImGH5VsyB8IOk
7IOp7xbymDnMFWx9hAMYDYe4CG6j6MaY9lcGTtZmv6MVe4mnTQ6AE725o1mI8FVQ
8zOg8TgfebcaRqNufymhHzfbZk90kE1VqCNeXp4bC9Jy3W7sCgShULq+sbSMySGn
vMbjM/Yp+ZtIz1JsqBdgjYl+9g8FcCbuYNkgJWur1U/Iq9dGBqsWv4hIMWrusP3k
hxD6svH6O+M1thnDHHtUZjmLqnvSLJatiW7rzIZBD341ZiXdfQGgDddFsq4R9QrI
nL3Fp3N/CJsDK6UMg5Xku+2EDma/yuWvaXyomqR/PTvflYaOkFghK7LgXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKqx3GpUcvyV2L1CEtbZJMxx+mTzMB8GA1UdIwQY
MBaAFBcZ0LwETNqiNBgJ0ADw/E4d7bNFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhuUXZBUk0ycUkwR0FuUUFQRDhUaDN0czBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9jMDNlYWUtMzlhZS00MDAyLWI2NmUt
MDRhYzBhNWU4MTQzLzEvcXJIY2FsUnlfSlhZdlVJUzF0a2t6SEg2WlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9jMDNlYWUtMzlhZS00MDAyLWI2NmUtMDRhYzBhNWU4MTQz
LzEvRnhuUXZBUk0ycUkwR0FuUUFQRDhUaDN0czBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArY
MA0GCSqGSIb3DQEBCwUAA4IBAQAH3SxmaFCD9m+f2s5MbdcYinB1edkItZyS0fzV
zMKldzXoB7QkjO4jl1svHRUvriIDU2vG9Ksiog7NC3Y7ZRk1LJWF8NvLB6e0GMMy
+hxnlCoomWnNwSXGE5dnDRQw8JLk/KcK0K6fKkSacX0KeUt7xQ95MQm3VG1U3LaI
M20tUdXxzgD7QMavqX8C/JVik5bbSWGjLIpYcuuOi7C90k6LHjS0PNt9VUN3CRx8
0Xfj1E7fDDDXQDLDiNGiA3vDkKQehekxC7r02f0bJl7GGTWl2EUMsxZ4MNB+rlhL
TCS2zhODfzvmODOSwKZCB1Qmr+zePs5SC9SkCOeDPv8bynPm
-----END CERTIFICATE-----