Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/QkAGEVx-6IImRb89Fkc7AkMaN-4.roa
File:                     QkAGEVx-6IImRb89Fkc7AkMaN-4.roa (raw, json)
Hash identifier:          iSQlaO0MxtKnetsCjm8Jxo5mG51M3RMDDsEBjtRQOCI=
Subject key identifier:   42:40:06:11:5C:7E:E8:82:26:45:BF:3D:16:47:3B:02:43:1A:37:EE
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018CC94C36B162CDE377BF6F3D38E1D3B514
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/QkAGEVx-6IImRb89Fkc7AkMaN-4.roa
Signing time:             Tue 02 Jan 2024 08:31:04 +0000
ROA not before:           Tue 02 Jan 2024 08:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201380
IP address blocks:        2a10:59c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:36:b1:62:cd:e3:77:bf:6f:3d:38:e1:d3:b5:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jan  2 08:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=424006115c7ee8822645bf3d16473b02431a37ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7b:3b:e1:26:f6:d7:b7:ef:0c:92:a9:ac:87:
                    20:6a:89:e5:39:be:de:ae:a4:b2:3c:46:f3:3b:e1:
                    05:57:4d:56:fe:09:07:79:a2:16:38:d7:91:c0:99:
                    e5:58:1d:88:72:9a:e0:e5:3d:40:fd:2a:47:db:60:
                    d6:09:e3:38:98:02:8e:bc:e7:48:fd:f0:22:e9:63:
                    90:32:65:42:e2:54:cb:1a:c2:c3:8f:98:eb:66:99:
                    40:f4:58:9c:5e:2c:0e:b5:66:84:fb:85:96:bf:2d:
                    29:2e:c7:ba:b0:59:c9:a4:03:1d:fc:ec:40:b7:62:
                    5d:6b:b3:92:b2:55:a6:cc:03:35:26:64:0a:34:bf:
                    d6:9a:8a:1f:f4:34:43:3b:cb:6c:07:ff:65:9e:30:
                    c5:cf:0d:c3:41:ba:6f:48:40:e0:73:47:4f:ed:70:
                    f5:b8:43:c9:b2:d5:42:96:c7:f2:bc:36:1f:57:dc:
                    e9:7d:d2:b5:48:eb:8e:6d:5e:8a:31:e5:82:ad:0e:
                    f7:f1:ca:2b:19:b5:a1:8b:c7:e2:60:0d:ba:9f:62:
                    57:1f:33:a2:0b:ff:89:86:31:fe:c3:a9:37:48:8d:
                    50:95:a2:ce:37:84:a1:7d:db:63:42:0b:f5:ef:05:
                    b4:08:41:e0:cc:a5:fe:cc:71:e5:26:38:10:dc:75:
                    99:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:40:06:11:5C:7E:E8:82:26:45:BF:3D:16:47:3B:02:43:1A:37:EE
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/QkAGEVx-6IImRb89Fkc7AkMaN-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:59c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:42:db:f5:eb:07:c0:5b:42:18:34:e3:9d:91:9e:79:5d:72:
         72:03:90:87:ff:0c:c6:f2:1e:ea:90:b2:8c:49:51:d9:17:b9:
         06:a9:0c:1c:f6:ef:e9:0b:c8:2d:a1:69:45:6c:87:94:65:2f:
         84:77:3a:92:ea:c7:c1:0d:fd:5c:6f:45:ba:15:58:53:91:b4:
         cc:4c:8d:2e:d2:74:a9:99:b6:9c:0b:3d:1d:23:0f:14:39:e7:
         8b:72:c7:47:c7:50:2b:b2:d6:60:4c:11:f8:c8:cc:4c:86:33:
         b2:f4:c4:8b:e7:c3:1a:83:58:1f:c1:fc:97:1f:47:18:02:3d:
         ff:f4:6b:49:07:1c:ff:5d:26:47:bb:35:ba:0d:7e:4a:8b:78:
         c6:77:30:48:d6:9e:7d:59:97:1e:b1:60:e7:6d:41:3e:c6:bd:
         0d:09:43:f6:64:9e:5c:33:a7:0c:08:c0:28:e7:99:00:4d:fc:
         f3:5b:f6:40:02:a5:b7:4d:81:b5:38:a2:cc:85:84:41:c3:f9:
         d2:8f:12:37:4e:cf:01:d4:9a:30:04:ab:a6:c1:d2:2a:52:ab:
         c4:b6:57:be:d7:e0:dd:41:38:7f:6c:a1:f2:d9:51:d8:4d:6c:
         22:6d:34:7c:d4:c8:fa:e7:b8:fc:07:98:1d:bc:8b:27:12:56:
         ee:be:2d:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTDaxYs3jd79vPTjh07UUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwMTAyMDgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjQwMDYxMTVjN2VlODgyMjY0NWJmM2QxNjQ3M2IwMjQzMWEzN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3s74Sb217fvDJKprIcgaonlOb7e
rqSyPEbzO+EFV01W/gkHeaIWONeRwJnlWB2Icprg5T1A/SpH22DWCeM4mAKOvOdI
/fAi6WOQMmVC4lTLGsLDj5jrZplA9FicXiwOtWaE+4WWvy0pLse6sFnJpAMd/OxA
t2Jda7OSslWmzAM1JmQKNL/Wmoof9DRDO8tsB/9lnjDFzw3DQbpvSEDgc0dP7XD1
uEPJstVClsfyvDYfV9zpfdK1SOuObV6KMeWCrQ738corGbWhi8fiYA26n2JXHzOi
C/+JhjH+w6k3SI1QlaLON4ShfdtjQgv17wW0CEHgzKX+zHHlJjgQ3HWZDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEJABhFcfuiCJkW/PRZHOwJDGjfuMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvUWtBR0VWeC02SUltUmI4OUZrYzdBa01hTi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhBZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQkLb9esHwFtCGDTjnZGeeV1ycgOQh/8MxvIe6pCy
jElR2Re5BqkMHPbv6QvILaFpRWyHlGUvhHc6kurHwQ39XG9FuhVYU5G0zEyNLtJ0
qZm2nAs9HSMPFDnni3LHR8dQK7LWYEwR+MjMTIYzsvTEi+fDGoNYH8H8lx9HGAI9
//RrSQcc/10mR7s1ug1+Sot4xncwSNaefVmXHrFg521BPsa9DQlD9mSeXDOnDAjA
KOeZAE3881v2QAKlt02BtTiizIWEQcP50o8SN07PAdSaMASrpsHSKlKrxLZXvtfg
3UE4f2yh8tlR2E1sIm00fNTI+ue4/AeYHbyLJxJW7r4tow==
-----END CERTIFICATE-----