Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa
File:                     QxKeepNX2YsA4fWBre47KEa_xkg.roa (raw, json)
Hash identifier:          E2/pABhFo/7ZxSFw/BJn/VApJP1hMLpoFcOYCUqGkQk=
Subject key identifier:   43:12:9E:7A:93:57:D9:8B:00:E1:F5:81:AD:EE:3B:28:46:BF:C6:48
Certificate issuer:       /CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
Certificate serial:       018CCA29E4A4B2FAAFFFD196EBBBD96A4DC9
Authority key identifier: CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        2001:67c:2c24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e4:a4:b2:fa:af:ff:d1:96:eb:bb:d9:6a:4d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43129e7a9357d98b00e1f581adee3b2846bfc648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:8d:b5:73:43:1f:e2:24:3c:48:cb:2b:58:
                    9b:76:72:bc:34:c1:e7:fe:5b:0a:05:31:fb:9c:3c:
                    32:9f:2b:96:58:8a:63:9e:44:4c:87:74:e5:98:0f:
                    cd:7f:c9:b6:dc:31:8b:15:91:2e:46:8d:31:55:10:
                    97:f1:63:55:f6:5f:99:7d:4f:c1:42:51:3e:64:37:
                    c4:d5:a7:30:91:20:4c:4d:ca:99:5e:83:90:59:78:
                    00:4a:4b:ae:35:5a:c5:f3:ce:9c:82:06:dc:7f:99:
                    19:fa:80:af:97:95:cd:80:de:be:65:cb:1d:ea:78:
                    41:b5:a2:3b:45:36:36:f5:c8:41:ed:35:75:a6:7b:
                    e3:88:03:4b:e2:f1:22:b5:be:d3:2e:d8:54:b2:9c:
                    38:24:be:82:cc:96:bf:56:41:bd:d8:7b:c9:7a:a1:
                    ab:f1:14:5c:d3:fb:9e:a3:e2:f9:35:cc:8a:e8:e7:
                    fa:05:97:6f:09:1b:91:6a:5b:49:ad:19:2a:61:60:
                    48:d3:8d:86:0b:ea:3f:fc:b2:1e:ca:9f:c7:92:a3:
                    3a:79:72:30:5f:9f:50:d3:bb:fb:db:7e:09:0b:d4:
                    42:e5:79:7b:5f:40:14:85:33:43:1a:ea:ef:30:a0:
                    14:77:f4:e6:c1:3c:cc:51:94:af:89:48:9f:9f:fa:
                    7c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:12:9E:7A:93:57:D9:8B:00:E1:F5:81:AD:EE:3B:28:46:BF:C6:48
            X509v3 Authority Key Identifier:
                keyid:CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c24::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:c4:b2:7c:ed:87:c8:56:ca:b3:6b:ee:82:f7:63:1f:0c:47:
         f8:5e:83:06:e1:46:1a:23:52:65:2e:da:f8:55:9b:04:8d:01:
         16:52:9d:76:a7:7c:da:be:96:e7:b8:0a:da:69:d4:e1:06:d2:
         f8:46:31:5c:f0:c1:31:63:7c:a7:07:8f:6a:89:4b:65:5d:41:
         56:34:27:61:62:5a:d7:6f:35:4d:b3:cb:05:cf:4a:a2:86:a7:
         0d:17:ac:59:08:65:49:30:36:da:7f:26:4f:f6:40:af:33:30:
         dc:b7:3d:87:a2:6e:6a:69:81:0f:4a:0b:c0:62:7d:50:13:fb:
         2f:61:9c:97:9d:52:6f:bb:3e:ff:bc:ad:fe:9b:80:32:c5:68:
         0a:a0:fc:ad:4c:7e:e4:13:e0:71:d6:6f:36:79:5c:c5:0d:f8:
         28:d2:ea:52:9d:01:4e:90:3b:84:9e:ee:73:b0:28:31:62:e1:
         7b:17:48:b1:25:02:25:6d:09:4b:54:fb:c6:b2:91:e2:00:31:
         d9:68:e7:85:ca:e3:5c:cd:0d:13:d5:66:8c:68:f4:18:6c:04:
         3d:7f:aa:70:6b:ef:06:c7:de:f3:1b:65:0a:bd:09:68:20:41:
         6e:e8:0d:c8:88:5c:ef:1c:c3:92:61:7e:e6:ba:b0:7a:10:61:
         a5:a5:86:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKeSksvqv/9GW67vZak3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZmE4OGMyMmIxZTdjNTJkZTcxYTM3NjQzZGVhM2MzZmNk
ZDQ5NTQwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzEyOWU3YTkzNTdkOThiMDBlMWY1ODFhZGVlM2IyODQ2YmZjNjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbCNtXNDH+IkPEjLK1ibdnK8NMHn
/lsKBTH7nDwynyuWWIpjnkRMh3TlmA/Nf8m23DGLFZEuRo0xVRCX8WNV9l+ZfU/B
QlE+ZDfE1acwkSBMTcqZXoOQWXgASkuuNVrF886cggbcf5kZ+oCvl5XNgN6+Zcsd
6nhBtaI7RTY29chB7TV1pnvjiANL4vEitb7TLthUspw4JL6CzJa/VkG92HvJeqGr
8RRc0/ueo+L5NcyK6Of6BZdvCRuRaltJrRkqYWBI042GC+o//LIeyp/HkqM6eXIw
X59Q07v7234JC9RC5Xl7X0AUhTNDGurvMKAUd/TmwTzMUZSviUifn/p8YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEMSnnqTV9mLAOH1ga3uOyhGv8ZIMB8GA1UdIwQY
MBaAFMz6iMIrHnxS3nGjdkPeo8P83UlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2Yjkt
ODI3YjY0M2FmM2Q3LzEvUXhLZWVwTlgyWXNBNGZXQnJlNDdLRWFfeGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2YjktODI3YjY0M2FmM2Q3
LzEvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCwk
MA0GCSqGSIb3DQEBCwUAA4IBAQAfxLJ87YfIVsqza+6C92MfDEf4XoMG4UYaI1Jl
Ltr4VZsEjQEWUp12p3zavpbnuAraadThBtL4RjFc8MExY3ynB49qiUtlXUFWNCdh
YlrXbzVNs8sFz0qihqcNF6xZCGVJMDbafyZP9kCvMzDctz2Hom5qaYEPSgvAYn1Q
E/svYZyXnVJvuz7/vK3+m4AyxWgKoPytTH7kE+Bx1m82eVzFDfgo0upSnQFOkDuE
nu5zsCgxYuF7F0ixJQIlbQlLVPvGspHiADHZaOeFyuNczQ0T1WaMaPQYbAQ9f6pw
a+8Gx97zG2UKvQloIEFu6A3IiFzvHMOSYX7murB6EGGlpYbD
-----END CERTIFICATE-----