Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/QDOGKTaxI_pk61Xd3isnKL4clRs.roa
File:                     QDOGKTaxI_pk61Xd3isnKL4clRs.roa (raw, json)
Hash identifier:          48BDIWHwmxpk5q0aMO0LlDoYsSF7fRt1egmNzvmKdMA=
Subject key identifier:   40:33:86:29:36:B1:23:FA:64:EB:55:DD:DE:2B:27:28:BE:1C:95:1B
Certificate issuer:       /CN=a49b83f5bde1a1dc93de69476837e9e3a37797af
Certificate serial:       018CC492D1890F97B7331F218FCFD2EC4315
Authority key identifier: A4:9B:83:F5:BD:E1:A1:DC:93:DE:69:47:68:37:E9:E3:A3:77:97:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/QDOGKTaxI_pk61Xd3isnKL4clRs.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        134.60.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d1:89:0f:97:b7:33:1f:21:8f:cf:d2:ec:43:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a49b83f5bde1a1dc93de69476837e9e3a37797af
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4033862936b123fa64eb55ddde2b2728be1c951b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b7:21:6d:52:56:e4:b1:fc:9b:ad:e7:9e:19:
                    7b:82:1b:9d:c1:8a:0b:af:22:b7:a3:4d:be:70:19:
                    06:93:dd:fa:09:77:9b:d1:2c:7e:88:2e:19:99:8e:
                    4e:fd:2f:d7:36:59:cf:31:ad:f5:31:91:6d:a8:c9:
                    be:eb:1d:75:1a:5b:58:4f:16:22:ee:b3:57:18:40:
                    ab:87:5f:55:34:01:c1:df:26:18:96:5c:46:e2:7f:
                    c5:ef:9d:eb:97:65:bb:2d:a1:5b:d1:68:09:95:96:
                    fc:3f:42:04:96:ca:3e:aa:f6:6e:53:ac:b6:b2:db:
                    f1:61:a7:ef:88:f4:a4:05:6b:52:fd:2e:20:51:6e:
                    29:6c:0d:0f:6b:0f:4c:53:22:7b:5b:63:bb:5d:02:
                    ae:b0:55:15:95:f4:28:9f:26:68:17:63:20:56:cb:
                    9a:d4:e2:88:a1:ee:33:5d:e2:35:99:7b:40:43:ff:
                    a8:3b:13:e5:b3:7d:0f:ee:34:c7:24:1a:9b:32:b0:
                    ec:d2:41:82:92:e0:49:62:48:e9:d1:58:ba:75:e4:
                    bc:d5:fb:48:19:25:66:fa:1e:37:3d:1a:9f:05:b2:
                    c1:6d:eb:30:7c:c0:e0:92:f2:4c:67:72:51:41:1b:
                    66:59:be:98:aa:f4:eb:d8:3f:73:d2:ea:db:e8:c8:
                    a7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:33:86:29:36:B1:23:FA:64:EB:55:DD:DE:2B:27:28:BE:1C:95:1B
            X509v3 Authority Key Identifier:
                keyid:A4:9B:83:F5:BD:E1:A1:DC:93:DE:69:47:68:37:E9:E3:A3:77:97:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJuD9b3hodyT3mlHaDfp46N3l68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/QDOGKTaxI_pk61Xd3isnKL4clRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ad1c69-ce56-4eda-87ea-987719ee6a0c/1/pJuD9b3hodyT3mlHaDfp46N3l68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:d9:71:bc:d3:9d:b8:b8:cc:02:71:be:49:6a:19:04:68:7f:
         d2:98:60:7c:16:af:31:dc:f7:a8:01:9a:bc:78:c3:59:76:2c:
         1b:38:23:57:d2:3d:96:cd:a1:e8:eb:19:34:b2:3a:35:bd:4f:
         00:b6:17:bb:6b:c0:dc:42:86:49:55:df:b9:28:25:b9:5c:78:
         6e:28:21:6c:a7:ef:2c:95:c9:10:e8:66:07:7e:2c:a8:54:d0:
         6a:fc:60:cf:86:0c:44:e0:37:34:de:41:d7:3e:c0:8d:08:aa:
         68:44:f0:b1:82:98:43:2a:c3:00:60:d0:d1:1e:c4:ac:c5:f6:
         02:f4:87:e7:06:47:fb:97:a8:80:ee:f5:47:bd:2d:1c:f6:e0:
         cc:20:98:36:43:04:71:a9:6d:71:76:06:d6:43:b7:e5:dd:b7:
         30:fc:ee:a2:8a:37:5a:8f:3b:87:29:8b:51:17:a3:57:1b:44:
         a0:10:11:17:a4:6c:22:2d:e8:7a:2e:44:77:2c:98:15:95:f4:
         8b:48:1d:32:ae:51:e4:e0:97:32:ab:4e:b9:bf:f5:a2:a7:37:
         29:2d:06:ce:b5:4b:c7:43:02:6a:3b:77:65:fd:7b:91:91:e2:
         6a:33:ae:54:29:dc:df:fd:38:06:91:d5:1b:57:ab:48:f8:c0:
         d4:78:68:aa
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEktGJD5e3Mx8hj8/S7EMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OWI4M2Y1YmRlMWExZGM5M2RlNjk0NzY4MzdlOWUzYTM3
Nzk3YWYwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDMzODYyOTM2YjEyM2ZhNjRlYjU1ZGRkZTJiMjcyOGJlMWM5NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbchbVJW5LH8m63nnhl7ghudwYoL
ryK3o02+cBkGk936CXeb0Sx+iC4ZmY5O/S/XNlnPMa31MZFtqMm+6x11GltYTxYi
7rNXGECrh19VNAHB3yYYllxG4n/F753rl2W7LaFb0WgJlZb8P0IElso+qvZuU6y2
stvxYafviPSkBWtS/S4gUW4pbA0Paw9MUyJ7W2O7XQKusFUVlfQonyZoF2MgVsua
1OKIoe4zXeI1mXtAQ/+oOxPls30P7jTHJBqbMrDs0kGCkuBJYkjp0Vi6deS81ftI
GSVm+h43PRqfBbLBbeswfMDgkvJMZ3JRQRtmWb6YqvTr2D9z0urb6Min6wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEAzhik2sSP6ZOtV3d4rJyi+HJUbMB8GA1UdIwQY
MBaAFKSbg/W94aHck95pR2g36eOjd5evMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEp1RDliM2hvZHlUM21sSGFEZnA0Nk4zbDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hZDFjNjktY2U1Ni00ZWRhLTg3ZWEt
OTg3NzE5ZWU2YTBjLzEvUURPR0tUYXhJX3BrNjFYZDNpc25LTDRjbFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hZDFjNjktY2U1Ni00ZWRhLTg3ZWEtOTg3NzE5ZWU2YTBj
LzEvcEp1RDliM2hvZHlUM21sSGFEZnA0Nk4zbDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhjwwDQYJ
KoZIhvcNAQELBQADggEBACvZcbzTnbi4zAJxvklqGQRof9KYYHwWrzHc96gBmrx4
w1l2LBs4I1fSPZbNoejrGTSyOjW9TwC2F7trwNxChklV37koJblceG4oIWyn7yyV
yRDoZgd+LKhU0Gr8YM+GDETgNzTeQdc+wI0IqmhE8LGCmEMqwwBg0NEexKzF9gL0
h+cGR/uXqIDu9Ue9LRz24MwgmDZDBHGpbXF2BtZDt+XdtzD87qKKN1qPO4cpi1EX
o1cbRKAQERekbCIt6HouRHcsmBWV9ItIHTKuUeTglzKrTrm/9aKnNyktBs61S8dD
Amo7d2X9e5GR4mozrlQp3N/9OAaR1RtXq0j4wNR4aKo=
-----END CERTIFICATE-----