Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/QGrd388-C11MqeKLf5zSPmftmu8.roa
File:                     QGrd388-C11MqeKLf5zSPmftmu8.roa (raw, json)
Hash identifier:          eIGajnhQKVymGKeREUlczNnZhMIZNge0+YaIwRrctAo=
Subject key identifier:   40:6A:DD:DF:CF:3E:0B:5D:4C:A9:E2:8B:7F:9C:D2:3E:67:ED:9A:EF
Certificate issuer:       /CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
Certificate serial:       01941FFA09C71051D8FEEFFBC52319F6B553
Authority key identifier: 51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/QGrd388-C11MqeKLf5zSPmftmu8.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213948
IP address blocks:        2a13:cc82:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:09:c7:10:51:d8:fe:ef:fb:c5:23:19:f6:b5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=406adddfcf3e0b5d4ca9e28b7f9cd23e67ed9aef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:62:71:5e:ba:c0:29:f5:cd:c9:e6:e0:0a:7b:
                    9b:ed:85:51:db:22:38:23:38:a3:ed:e1:73:8e:ad:
                    e4:33:57:19:90:ed:64:d2:9d:e2:1f:be:9c:bf:46:
                    9d:33:47:ec:ee:04:4b:ad:65:94:7c:82:4a:54:da:
                    a0:df:b7:09:66:be:ff:eb:c0:6c:8f:e8:b4:fc:85:
                    0c:5a:89:85:a3:75:80:33:6c:4f:30:0f:d5:21:9f:
                    d6:63:2e:fb:de:8a:8b:0c:a8:b7:25:53:88:05:de:
                    38:04:97:a4:e5:16:a8:e1:14:48:e7:22:22:c7:a5:
                    dc:33:df:11:42:2b:5c:ad:2f:42:ca:9d:03:54:50:
                    3f:12:a3:d6:f2:5e:2d:b8:57:f0:34:92:bf:3f:f6:
                    b1:4a:9e:b4:1d:a9:61:39:bc:24:94:fe:26:d5:ad:
                    af:8f:0c:df:50:81:fc:49:65:c8:46:f4:99:6f:1b:
                    8c:30:45:a5:01:09:91:c6:ba:f4:04:5e:9c:12:49:
                    72:45:69:a1:11:76:0d:75:da:73:6c:de:93:d3:11:
                    b5:1e:3b:25:6e:81:fc:5c:b4:3b:14:fc:b2:d7:67:
                    da:69:be:eb:c2:8c:0b:d7:bf:b8:ab:b9:dc:b8:20:
                    56:52:7c:6a:03:ef:92:93:c2:8a:8f:51:b2:fb:7c:
                    62:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6A:DD:DF:CF:3E:0B:5D:4C:A9:E2:8B:7F:9C:D2:3E:67:ED:9A:EF
            X509v3 Authority Key Identifier:
                keyid:51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/QGrd388-C11MqeKLf5zSPmftmu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cc82:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:b9:38:48:61:ad:cc:85:83:31:2e:ec:47:03:9a:d6:49:ee:
         f1:a3:40:90:dc:11:9c:c0:34:46:a6:28:78:d2:04:02:02:11:
         e7:01:95:b6:fd:60:c7:db:d3:13:c1:3e:5a:4e:2b:87:49:18:
         52:4f:3f:3a:4b:00:e4:01:16:3c:65:53:3b:27:74:2e:fe:0c:
         58:0f:24:88:de:69:1c:98:7e:93:b7:18:ff:fa:01:96:fb:fb:
         69:de:85:4b:ea:6a:68:27:e5:a1:b7:d8:e1:79:b6:78:08:88:
         6d:68:4f:9f:25:c0:63:0f:5b:ff:c6:1b:47:02:db:ac:9c:8e:
         d5:7d:76:78:6c:3b:d0:b5:3d:58:a1:46:74:55:63:e7:12:5e:
         7f:e0:9c:1b:b8:49:73:d6:18:23:bf:2d:b0:fd:93:88:c0:aa:
         5b:f4:d8:aa:28:14:82:2f:86:c5:48:86:69:ad:da:50:57:56:
         43:06:39:ab:a5:5c:bf:7b:4e:61:4e:02:68:21:33:ed:4d:82:
         08:fc:3d:f5:8d:a5:59:31:17:61:75:f6:64:30:ba:0e:50:40:
         73:32:71:76:33:43:a4:42:1c:bc:6f:3f:b4:b3:bb:4c:3d:4f:
         d0:a6:af:ed:d2:40:4f:df:a8:6c:f8:cf:cc:cf:56:ef:ba:15:
         76:2c:ee:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+gnHEFHY/u/7xSMZ9rVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxN2EwYzk2ODQyYmFmYzlmNjMwYmExNGI4M2VhNzliZDEy
YTUzYjkwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZhZGRkZmNmM2UwYjVkNGNhOWUyOGI3ZjljZDIzZTY3ZWQ5YWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmJxXrrAKfXNyebgCnub7YVR2yI4
Izij7eFzjq3kM1cZkO1k0p3iH76cv0adM0fs7gRLrWWUfIJKVNqg37cJZr7/68Bs
j+i0/IUMWomFo3WAM2xPMA/VIZ/WYy773oqLDKi3JVOIBd44BJek5Rao4RRI5yIi
x6XcM98RQitcrS9Cyp0DVFA/EqPW8l4tuFfwNJK/P/axSp60HalhObwklP4m1a2v
jwzfUIH8SWXIRvSZbxuMMEWlAQmRxrr0BF6cEklyRWmhEXYNddpzbN6T0xG1Hjsl
boH8XLQ7FPyy12faab7rwowL17+4q7ncuCBWUnxqA++Sk8KKj1Gy+3xirQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEBq3d/PPgtdTKnii3+c0j5n7ZrvMB8GA1UdIwQY
MBaAFFF6DJaEK6/J9jC6FLg+p5vRKlO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMt
YjBlYjY3MTVlMGFmLzEvUUdyZDM4OC1DMTFNcWVLTGY1elNQbWZ0bXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMtYjBlYjY3MTVlMGFm
LzEvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPMggAD
MA0GCSqGSIb3DQEBCwUAA4IBAQDCuThIYa3MhYMxLuxHA5rWSe7xo0CQ3BGcwDRG
pih40gQCAhHnAZW2/WDH29MTwT5aTiuHSRhSTz86SwDkARY8ZVM7J3Qu/gxYDySI
3mkcmH6Ttxj/+gGW+/tp3oVL6mpoJ+Wht9jhebZ4CIhtaE+fJcBjD1v/xhtHAtus
nI7VfXZ4bDvQtT1YoUZ0VWPnEl5/4JwbuElz1hgjvy2w/ZOIwKpb9NiqKBSCL4bF
SIZprdpQV1ZDBjmrpVy/e05hTgJoITPtTYII/D31jaVZMRdhdfZkMLoOUEBzMnF2
M0OkQhy8bz+0s7tMPU/Qpq/t0kBP36hs+M/Mz1bvuhV2LO6f
-----END CERTIFICATE-----