Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/qvXVyPN38UgT4P1tkzWPfIxW96Y.roa
File:                     qvXVyPN38UgT4P1tkzWPfIxW96Y.roa (raw, json)
Hash identifier:          M2KN/z1iDYPb5hej6J4xSqnve9ZfGX/HqlriaPxUFWE=
Subject key identifier:   AA:F5:D5:C8:F3:77:F1:48:13:E0:FD:6D:93:35:8F:7C:8C:56:F7:A6
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       018CCA2ADD6C60BD1634D1BBD033EAA10782
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/qvXVyPN38UgT4P1tkzWPfIxW96Y.roa
Signing time:             Tue 02 Jan 2024 12:34:15 +0000
ROA not before:           Tue 02 Jan 2024 12:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210851
IP address blocks:        2a0e:e704:46::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:dd:6c:60:bd:16:34:d1:bb:d0:33:ea:a1:07:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  2 12:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf5d5c8f377f14813e0fd6d93358f7c8c56f7a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:a4:72:ae:30:3b:22:13:58:9f:ef:64:68:
                    07:eb:70:16:6a:4b:50:6d:ef:0c:cd:f0:62:52:42:
                    89:ae:d8:7c:d5:8f:2d:1b:22:2d:59:3b:48:d4:cc:
                    c0:52:41:d5:67:be:e2:de:f2:de:cb:b3:4d:1c:b1:
                    80:1a:dc:ef:60:30:27:7c:ca:9c:e9:87:39:21:c2:
                    c7:33:54:95:b9:85:8f:e6:53:95:4e:44:0b:eb:4f:
                    41:35:47:92:81:cc:4f:fc:d5:f8:65:e9:8e:10:a4:
                    a4:1b:d5:8c:8f:f7:6f:19:32:3f:8e:01:2a:d5:46:
                    fc:29:19:48:24:e6:88:27:3b:ed:8e:66:be:b1:19:
                    75:97:cd:b4:f7:78:54:eb:32:4f:e8:66:28:73:87:
                    77:36:81:e4:27:0a:d7:74:3b:a4:94:71:c2:5d:53:
                    54:f2:0a:97:ef:b4:42:da:8b:0d:28:7b:5b:46:8b:
                    b5:5c:11:d6:bd:4b:90:cc:ea:e5:82:f7:86:ba:ba:
                    03:ce:9f:b7:03:3c:91:7b:bc:df:3d:e1:bc:c0:6b:
                    73:8d:4f:27:0d:b4:ef:fb:67:a3:45:02:5a:73:fe:
                    98:10:56:6c:89:99:22:93:64:54:e5:68:5a:4b:1e:
                    2d:69:06:df:33:e3:3d:0c:11:9f:f0:a5:34:79:3a:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F5:D5:C8:F3:77:F1:48:13:E0:FD:6D:93:35:8F:7C:8C:56:F7:A6
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/qvXVyPN38UgT4P1tkzWPfIxW96Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:46::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:a9:28:03:5c:e5:5d:22:fe:1e:90:19:2c:84:5f:bc:84:8e:
         bf:d1:5d:5d:1c:db:ca:16:dd:1d:d1:89:d4:1c:19:8c:82:00:
         76:4f:08:1d:84:38:93:e2:cc:b5:ab:8e:7c:3c:92:ad:98:75:
         65:c4:d7:2e:7c:12:f1:56:17:af:c9:4b:b2:50:d8:ff:79:b5:
         25:c9:28:fe:cf:ae:77:6d:62:10:ba:a6:cd:8e:db:d9:ed:23:
         d6:0e:c8:28:8c:15:e2:01:8d:b3:cf:6c:e6:48:29:5f:21:4e:
         a3:c6:d1:a0:f0:8c:c8:2f:d8:05:a1:0e:42:bd:b4:1a:dd:20:
         dd:d8:0b:f8:b6:4f:2a:ee:ed:34:38:6d:d2:cf:bf:b0:55:a9:
         91:89:90:e6:09:be:37:d7:e2:bf:5d:c3:30:3e:38:0d:03:03:
         70:f5:df:c3:ab:7d:90:19:46:e6:89:12:1b:1a:ec:30:f8:32:
         84:c3:dd:e6:e7:9f:fe:4f:8e:24:6b:65:43:4f:c3:b8:e7:cf:
         7b:b5:01:d8:a4:98:c8:bf:b3:0b:c3:d0:b4:f6:4c:91:10:94:
         b7:e3:3d:60:cf:81:07:c9:c4:7c:3f:a7:d7:fb:97:ec:18:f6:
         0a:bf:ae:5c:ec:43:06:6c:92:9f:fe:aa:a9:29:50:03:61:af:
         50:0f:ba:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKt1sYL0WNNG70DPqoQeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjQwMTAyMTIzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWY1ZDVjOGYzNzdmMTQ4MTNlMGZkNmQ5MzM1OGY3YzhjNTZmN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7Ckcq4wOyITWJ/vZGgH63AWaktQ
be8MzfBiUkKJrth81Y8tGyItWTtI1MzAUkHVZ77i3vLey7NNHLGAGtzvYDAnfMqc
6Yc5IcLHM1SVuYWP5lOVTkQL609BNUeSgcxP/NX4ZemOEKSkG9WMj/dvGTI/jgEq
1Ub8KRlIJOaIJzvtjma+sRl1l82093hU6zJP6GYoc4d3NoHkJwrXdDuklHHCXVNU
8gqX77RC2osNKHtbRou1XBHWvUuQzOrlgveGuroDzp+3AzyRe7zfPeG8wGtzjU8n
DbTv+2ejRQJac/6YEFZsiZkik2RU5WhaSx4taQbfM+M9DBGf8KU0eTqvPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKr11cjzd/FIE+D9bZM1j3yMVvemMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvcXZYVnlQTjM4VWdUNFAxdGt6V1BmSXhXOTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABG
MA0GCSqGSIb3DQEBCwUAA4IBAQA5qSgDXOVdIv4ekBkshF+8hI6/0V1dHNvKFt0d
0YnUHBmMggB2TwgdhDiT4sy1q458PJKtmHVlxNcufBLxVhevyUuyUNj/ebUlySj+
z653bWIQuqbNjtvZ7SPWDsgojBXiAY2zz2zmSClfIU6jxtGg8IzIL9gFoQ5CvbQa
3SDd2Av4tk8q7u00OG3Sz7+wVamRiZDmCb431+K/XcMwPjgNAwNw9d/Dq32QGUbm
iRIbGuww+DKEw93m55/+T44ka2VDT8O45897tQHYpJjIv7MLw9C09kyREJS34z1g
z4EHycR8P6fX+5fsGPYKv65c7EMGbJKf/qqpKVADYa9QD7oR
-----END CERTIFICATE-----