Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/qqD0UtBduw-JYRPEC4l6ZCJkOKM.roa
File:                     qqD0UtBduw-JYRPEC4l6ZCJkOKM.roa (raw, json)
Hash identifier:          CWB0x59BVc74Q6Mgr1wyhwx4bvOqrHcGY0DB1rrIokc=
Subject key identifier:   AA:A0:F4:52:D0:5D:BB:0F:89:61:13:C4:0B:89:7A:64:22:64:38:A3
Certificate issuer:       /CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
Certificate serial:       018CC49355A9D3B53548D5E6E67893E029D6
Authority key identifier: 37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/qqD0UtBduw-JYRPEC4l6ZCJkOKM.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204378
IP address blocks:        2a0c:3800:300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:55:a9:d3:b5:35:48:d5:e6:e6:78:93:e0:29:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa0f452d05dbb0f896113c40b897a64226438a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fb:8d:82:f9:21:1a:0d:46:08:8c:8e:0a:75:
                    1d:5b:f6:b9:e0:1e:02:cb:ec:66:3f:90:30:af:a0:
                    3b:8d:67:84:d7:30:78:86:63:6e:57:67:38:3a:08:
                    ee:ae:1f:8d:13:f3:33:d2:db:bd:cf:bf:9c:38:5a:
                    90:57:11:9f:e3:24:63:36:bb:da:78:79:02:1f:40:
                    26:0d:cd:1b:92:78:6f:05:8c:30:7b:8a:46:8a:ca:
                    73:a6:2e:50:86:7b:93:99:12:90:c6:fc:41:0e:18:
                    dd:82:e1:16:3b:6a:14:90:30:2e:f7:5c:72:33:5f:
                    4c:2d:9d:e5:7d:38:ed:c4:e0:54:cb:1a:25:ef:6a:
                    2d:7d:db:ac:90:b7:03:60:a7:c3:6e:2e:aa:9a:be:
                    6d:ab:75:4a:9a:e4:4f:48:ff:d0:00:2b:cc:14:f3:
                    c7:e4:d3:b8:51:e2:79:04:1a:f5:2b:9c:a7:03:1a:
                    ce:77:2b:5f:ca:0c:8c:ae:40:21:6f:1a:28:11:1e:
                    f0:73:ad:13:67:bd:09:fc:9c:d1:87:40:d5:8f:dc:
                    8b:3d:82:e4:83:04:86:41:1a:5c:99:e1:4f:7e:bf:
                    5a:6d:ab:5c:3c:1f:22:7c:61:eb:1f:8e:8c:fd:c9:
                    de:32:25:e2:da:08:9e:d8:f9:77:10:65:bb:f4:cb:
                    0b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A0:F4:52:D0:5D:BB:0F:89:61:13:C4:0B:89:7A:64:22:64:38:A3
            X509v3 Authority Key Identifier:
                keyid:37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/qqD0UtBduw-JYRPEC4l6ZCJkOKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3800:300::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:38:1a:82:35:ad:9c:c7:e0:08:d4:0d:c8:ad:06:ff:f8:80:
         2d:f0:ac:d4:8b:f7:13:1a:60:19:45:89:22:d4:4e:1a:13:7f:
         ae:a7:6e:00:7a:1c:24:9c:84:b9:51:d4:62:94:54:54:49:1c:
         ad:00:85:b3:df:18:13:97:9d:c6:71:70:75:1e:34:67:1f:36:
         97:75:4c:b4:b4:a6:14:30:6a:85:d8:d8:c3:0e:fa:65:24:06:
         a5:84:06:11:c7:79:e4:17:57:68:07:ff:38:d4:6c:9f:49:ee:
         7a:4d:43:d5:96:b5:35:b3:95:de:5c:26:50:87:6d:44:26:a9:
         0a:72:5d:eb:9d:b8:ee:5a:93:78:0b:71:1b:be:85:e6:b7:c2:
         cc:f6:76:fb:5a:cc:59:4a:31:8b:4b:0d:ba:b4:c9:0d:1a:1e:
         a7:65:38:74:00:4f:70:06:27:f8:c4:28:18:61:69:7e:a8:33:
         18:c2:27:a4:c3:a0:09:f1:cf:3c:d3:8b:00:a0:20:49:09:8a:
         03:13:c7:db:9d:2f:8a:b9:e9:a1:e8:bf:78:3c:da:4f:ec:2d:
         ca:4a:cf:b5:f9:92:44:7e:e0:fc:de:b5:eb:c9:64:94:15:22:
         e9:c7:3d:8d:27:1c:32:17:32:59:7e:be:0d:d9:b3:fc:cb:da:
         10:1e:46:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk1Wp07U1SNXm5niT4CnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODdiMzI0YjBkMzJmYjFhMzY3OGIwMmM0ODIyODZkNGMy
NmJhMGYwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWEwZjQ1MmQwNWRiYjBmODk2MTEzYzQwYjg5N2E2NDIyNjQzOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvuNgvkhGg1GCIyOCnUdW/a54B4C
y+xmP5Awr6A7jWeE1zB4hmNuV2c4Ogjurh+NE/Mz0tu9z7+cOFqQVxGf4yRjNrva
eHkCH0AmDc0bknhvBYwwe4pGispzpi5QhnuTmRKQxvxBDhjdguEWO2oUkDAu91xy
M19MLZ3lfTjtxOBUyxol72otfduskLcDYKfDbi6qmr5tq3VKmuRPSP/QACvMFPPH
5NO4UeJ5BBr1K5ynAxrOdytfygyMrkAhbxooER7wc60TZ70J/JzRh0DVj9yLPYLk
gwSGQRpcmeFPfr9abatcPB8ifGHrH46M/cneMiXi2gie2Pl3EGW79MsLIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKqg9FLQXbsPiWETxAuJemQiZDijMB8GA1UdIwQY
MBaAFDeHsySw0y+xo2eLAsSCKG1MJroPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2Ut
YzQ3MTE0ODIzODBlLzEvcXFEMFV0QmR1dy1KWVJQRUM0bDZaQ0prT0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2UtYzQ3MTE0ODIzODBl
LzEvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgw4AAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbOBqCNa2cx+AI1A3IrQb/+IAt8KzUi/cTGmAZ
RYki1E4aE3+up24AehwknIS5UdRilFRUSRytAIWz3xgTl53GcXB1HjRnHzaXdUy0
tKYUMGqF2NjDDvplJAalhAYRx3nkF1doB/841GyfSe56TUPVlrU1s5XeXCZQh21E
JqkKcl3rnbjuWpN4C3EbvoXmt8LM9nb7WsxZSjGLSw26tMkNGh6nZTh0AE9wBif4
xCgYYWl+qDMYwiekw6AJ8c8804sAoCBJCYoDE8fbnS+Kuemh6L94PNpP7C3KSs+1
+ZJEfuD83rXryWSUFSLpxz2NJxwyFzJZfr4N2bP8y9oQHkZ+
-----END CERTIFICATE-----