Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/KQI8dRLirQatqsxjgc3mS1BCCIs.roa
File:                     KQI8dRLirQatqsxjgc3mS1BCCIs.roa (raw, json)
Hash identifier:          qxBIfgIFeYVVup/miZjV1QuETPdRYzT74jCv5RpDkrg=
Subject key identifier:   29:02:3C:75:12:E2:AD:06:AD:AA:CC:63:81:CD:E6:4B:50:42:08:8B
Certificate issuer:       /CN=f4de891474b4befd3eb2150b54759d6bed664196
Certificate serial:       018D5FAB03EA76EFA833CE5B5EAC5B91DF43
Authority key identifier: F4:DE:89:14:74:B4:BE:FD:3E:B2:15:0B:54:75:9D:6B:ED:66:41:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9N6JFHS0vv0-shULVHWda-1mQZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/KQI8dRLirQatqsxjgc3mS1BCCIs.roa
Signing time:             Wed 31 Jan 2024 13:17:39 +0000
ROA not before:           Wed 31 Jan 2024 13:17:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202798
IP address blocks:        2001:67c:db8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/9N6JFHS0vv0-shULVHWda-1mQZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/9N6JFHS0vv0-shULVHWda-1mQZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9N6JFHS0vv0-shULVHWda-1mQZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:ab:03:ea:76:ef:a8:33:ce:5b:5e:ac:5b:91:df:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4de891474b4befd3eb2150b54759d6bed664196
        Validity
            Not Before: Jan 31 13:17:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29023c7512e2ad06adaacc6381cde64b5042088b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:46:bc:27:77:9c:ef:f1:9c:e0:94:4b:46:3a:
                    26:25:3e:45:4a:3d:83:8f:cf:c0:2e:b8:c3:ea:e6:
                    e8:f1:cc:43:d6:51:0e:88:68:dd:c2:95:9d:13:66:
                    cd:4b:da:f5:71:31:7b:11:3a:9d:b9:83:a5:cf:b4:
                    74:e3:53:97:c6:de:60:b4:2b:27:30:eb:23:e1:9e:
                    a8:50:8b:69:a1:a6:0e:0c:db:42:98:f9:f4:60:d0:
                    1c:db:ca:c1:cf:79:7a:b3:dc:96:4e:92:ec:2f:6b:
                    4a:5e:c1:cc:ea:d5:06:13:eb:3f:bf:49:37:92:0a:
                    b0:3f:7a:e8:23:c7:92:be:07:02:09:dd:fc:eb:bd:
                    75:37:8b:a1:dd:fa:17:1c:df:ce:09:f2:4c:6f:ff:
                    da:05:fc:b5:45:3b:23:5f:00:14:cd:d5:24:64:6f:
                    ef:61:a7:3b:9c:ae:45:26:98:fa:88:92:54:99:a9:
                    bb:16:59:80:40:13:63:04:98:b0:cd:9b:94:c5:13:
                    13:8b:a1:a4:09:0b:4c:15:ad:cb:55:ad:40:b7:f0:
                    51:b7:40:e5:2c:d6:2d:34:b0:d4:d7:74:7a:e0:23:
                    fe:ba:57:68:e9:87:25:4e:62:ad:c7:99:f2:bd:60:
                    a3:34:45:9f:4c:80:b1:b6:c6:1d:2b:f8:50:29:06:
                    c2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:02:3C:75:12:E2:AD:06:AD:AA:CC:63:81:CD:E6:4B:50:42:08:8B
            X509v3 Authority Key Identifier:
                keyid:F4:DE:89:14:74:B4:BE:FD:3E:B2:15:0B:54:75:9D:6B:ED:66:41:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9N6JFHS0vv0-shULVHWda-1mQZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/KQI8dRLirQatqsxjgc3mS1BCCIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/45fc7c-69ec-4290-960b-2c51d90c4ffe/1/9N6JFHS0vv0-shULVHWda-1mQZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:db8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:eb:94:d4:43:72:53:6c:10:e1:8b:93:2f:a2:56:00:93:df:
         d1:50:f0:81:38:ba:42:cf:17:f8:54:a1:a3:18:d0:bc:85:48:
         60:c0:eb:a9:e5:bb:a6:07:a8:02:15:a9:52:e1:20:26:5f:3d:
         4d:8d:2d:a4:41:9e:56:c0:ce:c4:2f:33:2a:1d:e3:0b:91:01:
         d0:04:fc:e4:e2:92:4d:46:8a:b9:9e:4b:03:6f:bb:97:7c:20:
         2d:c3:19:c4:b0:99:c7:63:ad:8e:f7:ea:37:bb:61:a5:95:b7:
         a8:fb:d6:35:00:30:1a:ff:d4:41:1a:6d:90:76:d2:85:e7:94:
         ac:ce:c2:cd:11:b6:be:84:80:c5:56:69:f1:2a:cb:98:8c:32:
         1b:fc:b1:52:39:8d:28:91:ec:5c:4e:e1:e7:c4:0b:c9:90:c1:
         07:f7:66:21:84:49:e6:a0:ab:39:f4:8b:44:c8:e8:7b:c9:ae:
         64:e6:1b:8a:2c:dc:d5:50:62:5a:b9:f5:f7:cd:43:09:d3:80:
         01:58:f9:47:a2:7e:fd:0b:77:4b:21:55:9a:69:4e:a2:4a:bb:
         5f:eb:f0:98:3d:24:1d:82:62:b2:6e:b9:d8:c2:76:0d:7e:34:
         cb:41:4f:7a:aa:39:20:54:ff:b3:08:f2:b2:35:82:4b:45:a9:
         17:21:c6:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1fqwPqdu+oM85bXqxbkd9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZGU4OTE0NzRiNGJlZmQzZWIyMTUwYjU0NzU5ZDZiZWQ2
NjQxOTYwHhcNMjQwMTMxMTMxNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTAyM2M3NTEyZTJhZDA2YWRhYWNjNjM4MWNkZTY0YjUwNDIwODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUa8J3ec7/Gc4JRLRjomJT5FSj2D
j8/ALrjD6ubo8cxD1lEOiGjdwpWdE2bNS9r1cTF7ETqduYOlz7R041OXxt5gtCsn
MOsj4Z6oUItpoaYODNtCmPn0YNAc28rBz3l6s9yWTpLsL2tKXsHM6tUGE+s/v0k3
kgqwP3roI8eSvgcCCd386711N4uh3foXHN/OCfJMb//aBfy1RTsjXwAUzdUkZG/v
Yac7nK5FJpj6iJJUmam7FlmAQBNjBJiwzZuUxRMTi6GkCQtMFa3LVa1At/BRt0Dl
LNYtNLDU13R64CP+uldo6YclTmKtx5nyvWCjNEWfTICxtsYdK/hQKQbCZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCkCPHUS4q0GrarMY4HN5ktQQgiLMB8GA1UdIwQY
MBaAFPTeiRR0tL79PrIVC1R1nWvtZkGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU42SkZIUzB2djAtc2hVTFZIV2RhLTFtUVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80NWZjN2MtNjllYy00MjkwLTk2MGIt
MmM1MWQ5MGM0ZmZlLzEvS1FJOGRSTGlyUWF0cXN4amdjM21TMUJDQ0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80NWZjN2MtNjllYy00MjkwLTk2MGItMmM1MWQ5MGM0ZmZl
LzEvOU42SkZIUzB2djAtc2hVTFZIV2RhLTFtUVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA24
MA0GCSqGSIb3DQEBCwUAA4IBAQCM65TUQ3JTbBDhi5MvolYAk9/RUPCBOLpCzxf4
VKGjGNC8hUhgwOup5bumB6gCFalS4SAmXz1NjS2kQZ5WwM7ELzMqHeMLkQHQBPzk
4pJNRoq5nksDb7uXfCAtwxnEsJnHY62O9+o3u2Gllbeo+9Y1ADAa/9RBGm2QdtKF
55SszsLNEba+hIDFVmnxKsuYjDIb/LFSOY0okexcTuHnxAvJkMEH92YhhEnmoKs5
9ItEyOh7ya5k5huKLNzVUGJaufX3zUMJ04ABWPlHon79C3dLIVWaaU6iSrtf6/CY
PSQdgmKybrnYwnYNfjTLQU96qjkgVP+zCPKyNYJLRakXIca/
-----END CERTIFICATE-----