Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/QjvrrFdq7QlvBd65nzaLlBe7pPE.roa
File:                     QjvrrFdq7QlvBd65nzaLlBe7pPE.roa (raw, json)
Hash identifier:          q3TZWIki8qPxAZ9W1qA2l+tw6ChJnWhmGHdtmSrSMAs=
Subject key identifier:   42:3B:EB:AC:57:6A:ED:09:6F:05:DE:B9:9F:36:8B:94:17:BB:A4:F1
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       0191E13F5291E150B26C6A742123DABC502E
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/QjvrrFdq7QlvBd65nzaLlBe7pPE.roa
Signing time:             Wed 11 Sep 2024 13:21:49 +0000
ROA not before:           Wed 11 Sep 2024 13:21:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34136
IP address blocks:        212.110.138.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:3f:52:91:e1:50:b2:6c:6a:74:21:23:da:bc:50:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Sep 11 13:21:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=423bebac576aed096f05deb99f368b9417bba4f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0b:bb:22:06:a6:f3:4c:99:cd:5d:2e:0b:36:
                    07:ed:6e:11:3a:73:01:68:0b:32:ca:67:46:f7:cc:
                    a8:db:ad:b3:6f:bd:2d:42:b3:6a:4d:d9:9d:bc:fe:
                    66:3b:02:5e:83:90:fa:a1:81:55:87:82:17:e0:71:
                    f1:fb:fb:69:ff:17:7a:12:f3:87:0c:93:2c:d4:62:
                    9a:cd:8f:6b:7a:72:45:5e:e9:09:60:2c:b3:9d:d6:
                    a8:9a:ee:09:2d:37:20:1d:71:ef:89:4d:cc:7d:61:
                    93:3f:41:a2:3a:58:b8:b8:bf:6d:a3:37:17:80:e5:
                    07:0e:44:5a:ef:67:c1:34:6c:0e:c9:a1:47:84:ca:
                    a8:38:63:f6:bb:94:b3:13:ba:6a:d4:9e:70:85:f7:
                    e1:7d:aa:ea:91:f0:28:90:d2:1f:fa:a1:d9:2f:6d:
                    10:2d:14:15:ad:c6:35:3d:ce:0b:76:ae:8a:ee:62:
                    62:83:e1:c5:a0:86:f8:c6:ee:a9:e7:04:8f:50:ec:
                    1b:e4:d0:fd:7e:39:f0:24:d4:c3:6d:af:db:94:1c:
                    5c:60:e6:33:00:d8:5a:0d:d7:c5:e7:0a:0f:3f:29:
                    15:2d:13:0a:03:95:1d:73:ec:f8:c8:76:4f:81:0c:
                    fe:fd:b6:f6:c5:dc:a6:6f:c7:1b:c3:a9:da:80:76:
                    ad:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3B:EB:AC:57:6A:ED:09:6F:05:DE:B9:9F:36:8B:94:17:BB:A4:F1
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/QjvrrFdq7QlvBd65nzaLlBe7pPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:1d:b7:81:13:05:14:03:c3:b9:6c:07:80:db:9d:58:a2:98:
         17:59:9c:65:9d:5f:2f:64:f0:78:9c:0a:f3:a3:12:e5:b9:ca:
         2d:04:02:9a:f9:f6:2e:2b:f2:5a:7a:5a:30:05:1b:f5:54:c6:
         e5:1b:a1:41:5e:57:5b:aa:13:d6:04:7e:91:74:59:f4:81:c1:
         b0:21:e1:24:0c:0e:bf:e3:2e:34:c5:cf:2f:b2:cc:80:86:dd:
         43:a3:10:83:51:48:f1:67:94:7a:78:b1:7a:03:62:1c:ff:e2:
         43:28:30:c4:fc:1c:f3:00:66:34:dc:6b:4b:b8:25:16:fd:7a:
         d4:e6:1e:ec:38:ae:0e:e6:76:ce:48:59:0c:57:42:14:78:2d:
         38:87:44:cd:20:63:36:12:c1:2d:49:a7:af:cd:6b:33:3c:19:
         17:f6:61:12:d9:2e:62:44:d0:11:d8:86:29:4e:92:10:d2:64:
         84:21:a5:f6:2a:44:f1:0c:5e:38:2e:92:0e:29:69:e6:68:01:
         bb:bd:ef:d9:cb:a6:63:74:40:6f:94:08:ce:57:ad:50:a0:ac:
         46:5a:49:bc:9c:d5:db:67:70:ac:4f:73:25:38:2d:48:47:bc:
         3b:fc:80:e0:67:da:62:20:13:55:00:92:dc:3f:fe:77:37:1d:
         9d:86:c7:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhP1KR4VCybGp0ISPavFAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjQwOTExMTMyMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjNiZWJhYzU3NmFlZDA5NmYwNWRlYjk5ZjM2OGI5NDE3YmJhNGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQu7Igam80yZzV0uCzYH7W4ROnMB
aAsyymdG98yo262zb70tQrNqTdmdvP5mOwJeg5D6oYFVh4IX4HHx+/tp/xd6EvOH
DJMs1GKazY9renJFXukJYCyzndaomu4JLTcgHXHviU3MfWGTP0GiOli4uL9tozcX
gOUHDkRa72fBNGwOyaFHhMqoOGP2u5SzE7pq1J5whffhfarqkfAokNIf+qHZL20Q
LRQVrcY1Pc4Ldq6K7mJig+HFoIb4xu6p5wSPUOwb5ND9fjnwJNTDba/blBxcYOYz
ANhaDdfF5woPPykVLRMKA5Udc+z4yHZPgQz+/bb2xdymb8cbw6nagHat1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI766xXau0JbwXeuZ82i5QXu6TxMB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvUWp2cnJGZHE3UWx2QmQ2NW56YUxsQmU3cFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1G6KMA0G
CSqGSIb3DQEBCwUAA4IBAQAbHbeBEwUUA8O5bAeA251YopgXWZxlnV8vZPB4nArz
oxLlucotBAKa+fYuK/JaelowBRv1VMblG6FBXldbqhPWBH6RdFn0gcGwIeEkDA6/
4y40xc8vssyAht1DoxCDUUjxZ5R6eLF6A2Ic/+JDKDDE/BzzAGY03GtLuCUW/XrU
5h7sOK4O5nbOSFkMV0IUeC04h0TNIGM2EsEtSaevzWszPBkX9mES2S5iRNAR2IYp
TpIQ0mSEIaX2KkTxDF44LpIOKWnmaAG7ve/Zy6ZjdEBvlAjOV61QoKxGWkm8nNXb
Z3CsT3MlOC1IR7w7/IDgZ9piIBNVAJLcP/53Nx2dhscQ
-----END CERTIFICATE-----