Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/qwAfH0hL1h3I7Vz1ufZqxLjq1vs.roa
File:                     qwAfH0hL1h3I7Vz1ufZqxLjq1vs.roa (raw, json)
Hash identifier:          4CR3GxyAO40dQeUSHO+lmLE05vt9DG5tvDetGYEm5aw=
Subject key identifier:   AB:00:1F:1F:48:4B:D6:1D:C8:ED:5C:F5:B9:F6:6A:C4:B8:EA:D6:FB
Certificate issuer:       /CN=ad652372f0e5d169c200f7d1d080e8570ffedb71
Certificate serial:       0191B23FFACEBB23C0D3EED37E441ACFD4D0
Authority key identifier: AD:65:23:72:F0:E5:D1:69:C2:00:F7:D1:D0:80:E8:57:0F:FE:DB:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rWUjcvDl0WnCAPfR0IDoVw_-23E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/qwAfH0hL1h3I7Vz1ufZqxLjq1vs.roa
Signing time:             Mon 02 Sep 2024 10:20:22 +0000
ROA not before:           Mon 02 Sep 2024 10:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206051
IP address blocks:        2a01:f780::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/rWUjcvDl0WnCAPfR0IDoVw_-23E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/rWUjcvDl0WnCAPfR0IDoVw_-23E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rWUjcvDl0WnCAPfR0IDoVw_-23E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:3f:fa:ce:bb:23:c0:d3:ee:d3:7e:44:1a:cf:d4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad652372f0e5d169c200f7d1d080e8570ffedb71
        Validity
            Not Before: Sep  2 10:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab001f1f484bd61dc8ed5cf5b9f66ac4b8ead6fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b9:6f:78:1b:67:7a:f8:11:e0:c2:e2:ee:a8:
                    8a:6b:27:1a:49:e1:38:75:e1:6f:ed:bc:4a:90:a3:
                    05:d4:5c:e9:89:de:2b:62:2d:e0:73:d8:7f:81:d3:
                    b0:3c:a6:0b:3e:8c:9a:a2:57:21:ec:4b:bd:a1:5e:
                    7b:cb:85:7e:50:2a:c4:d9:d4:56:8c:ea:56:7f:fa:
                    3b:8c:28:ee:1b:75:cb:90:f5:41:79:60:9d:62:4b:
                    bd:9d:a1:f8:9e:7b:25:11:1b:2e:2a:f2:6c:63:ba:
                    89:07:9a:5e:71:03:e2:f1:67:fb:91:b9:05:13:33:
                    2d:b1:f5:2c:0e:36:de:b4:97:2b:4f:dd:90:3e:64:
                    8d:c7:61:51:38:b8:f8:b5:b7:92:f1:8b:12:5c:13:
                    de:49:b3:60:ef:2d:db:e7:d6:d7:59:d3:30:26:91:
                    58:fa:2e:83:58:26:9c:d1:ee:74:86:72:b6:ed:b2:
                    15:61:50:36:2e:06:7f:f6:e8:31:b4:7a:89:33:f3:
                    7a:3f:cc:88:69:58:56:7e:3b:d3:2e:d2:56:62:ab:
                    6a:3e:27:20:c4:c0:ac:12:59:f7:f2:08:c7:89:56:
                    1f:8b:dc:28:dc:83:c2:1d:6f:16:80:01:4e:18:5f:
                    48:0e:93:72:e5:7f:c0:15:a4:c9:ce:7b:74:39:57:
                    78:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:00:1F:1F:48:4B:D6:1D:C8:ED:5C:F5:B9:F6:6A:C4:B8:EA:D6:FB
            X509v3 Authority Key Identifier:
                keyid:AD:65:23:72:F0:E5:D1:69:C2:00:F7:D1:D0:80:E8:57:0F:FE:DB:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rWUjcvDl0WnCAPfR0IDoVw_-23E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/qwAfH0hL1h3I7Vz1ufZqxLjq1vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bd98c9-fce3-4bba-b49b-4cae325c0e28/1/rWUjcvDl0WnCAPfR0IDoVw_-23E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f780::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:c6:a6:08:25:23:ab:56:5c:62:1d:59:10:97:2a:a7:d2:5a:
         71:47:51:08:61:bc:a5:22:1b:07:b8:ff:06:7d:98:54:28:5e:
         6c:03:3d:d6:14:b0:a1:14:5b:c2:64:ad:18:a0:e1:96:c8:a4:
         30:73:01:20:93:c0:06:26:c0:09:4a:70:c0:d3:53:fd:9a:d9:
         60:2f:b0:a1:06:9e:10:84:98:82:bc:ad:1b:2c:f6:e9:12:56:
         18:09:07:5f:61:15:83:1f:fc:b0:5d:88:55:97:00:17:ad:11:
         91:f4:b2:64:a7:a5:c5:48:97:5d:d4:ba:2e:14:ab:cb:a4:07:
         43:94:cd:9e:5e:eb:30:4a:46:fb:5f:bf:e0:0f:d2:d2:a9:ad:
         ff:1f:3b:1c:42:25:43:29:d8:4e:6d:79:d4:bb:78:41:f4:f1:
         77:2f:7f:ab:1e:3b:6e:a0:26:6a:c7:b8:a3:57:70:3a:10:9f:
         3c:e1:f6:c3:35:99:bc:27:88:fb:84:e9:75:65:b7:68:56:a1:
         8b:d5:05:f5:6f:86:6c:c5:de:1a:b2:5b:6d:89:05:08:30:11:
         a8:36:10:3b:4a:bb:d5:0a:d9:46:07:d1:3f:31:0e:60:7a:86:
         ba:fb:6c:68:c9:7d:55:06:18:24:8b:e4:ff:85:dc:b5:8f:67:
         1c:a4:7d:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGyP/rOuyPA0+7TfkQaz9TQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNjUyMzcyZjBlNWQxNjljMjAwZjdkMWQwODBlODU3MGZm
ZWRiNzEwHhcNMjQwOTAyMTAyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjAwMWYxZjQ4NGJkNjFkYzhlZDVjZjViOWY2NmFjNGI4ZWFkNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLlveBtnevgR4MLi7qiKaycaSeE4
deFv7bxKkKMF1Fzpid4rYi3gc9h/gdOwPKYLPoyaolch7Eu9oV57y4V+UCrE2dRW
jOpWf/o7jCjuG3XLkPVBeWCdYku9naH4nnslERsuKvJsY7qJB5pecQPi8Wf7kbkF
EzMtsfUsDjbetJcrT92QPmSNx2FROLj4tbeS8YsSXBPeSbNg7y3b59bXWdMwJpFY
+i6DWCac0e50hnK27bIVYVA2LgZ/9ugxtHqJM/N6P8yIaVhWfjvTLtJWYqtqPicg
xMCsEln38gjHiVYfi9wo3IPCHW8WgAFOGF9IDpNy5X/AFaTJznt0OVd4zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKsAHx9IS9YdyO1c9bn2asS46tb7MB8GA1UdIwQY
MBaAFK1lI3Lw5dFpwgD30dCA6FcP/ttxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcldVamN2RGwwV25DQVBmUjBJRG9Wd18tMjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iZDk4YzktZmNlMy00YmJhLWI0OWIt
NGNhZTMyNWMwZTI4LzEvcXdBZkgwaEwxaDNJN1Z6MXVmWnF4TGpxMXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iZDk4YzktZmNlMy00YmJhLWI0OWItNGNhZTMyNWMwZTI4
LzEvcldVamN2RGwwV25DQVBmUjBJRG9Wd18tMjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH3gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAUxqYIJSOrVlxiHVkQlyqn0lpxR1EIYbylIhsH
uP8GfZhUKF5sAz3WFLChFFvCZK0YoOGWyKQwcwEgk8AGJsAJSnDA01P9mtlgL7Ch
Bp4QhJiCvK0bLPbpElYYCQdfYRWDH/ywXYhVlwAXrRGR9LJkp6XFSJdd1LouFKvL
pAdDlM2eXuswSkb7X7/gD9LSqa3/HzscQiVDKdhObXnUu3hB9PF3L3+rHjtuoCZq
x7ijV3A6EJ884fbDNZm8J4j7hOl1ZbdoVqGL1QX1b4Zsxd4aslttiQUIMBGoNhA7
SrvVCtlGB9E/MQ5geoa6+2xoyX1VBhgki+T/hdy1j2ccpH3i
-----END CERTIFICATE-----