Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/sQNDcHW13J70rqzSh2ETUsIeDlg.roa
File:                     sQNDcHW13J70rqzSh2ETUsIeDlg.roa (raw, json)
Hash identifier:          m89L5xju804VLcf4HxXm5UNeOnrLAu9bigPb+VdTLQQ=
Subject key identifier:   B1:03:43:70:75:B5:DC:9E:F4:AE:AC:D2:87:61:13:52:C2:1E:0E:58
Certificate issuer:       /CN=aa35f907ec7dbf9c65b815aa3d7202b6dfae3148
Certificate serial:       018CC9BC5128F1B90851B57263533E1FD7B5
Authority key identifier: AA:35:F9:07:EC:7D:BF:9C:65:B8:15:AA:3D:72:02:B6:DF:AE:31:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/sQNDcHW13J70rqzSh2ETUsIeDlg.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208559
IP address blocks:        2a02:f28:23::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:51:28:f1:b9:08:51:b5:72:63:53:3e:1f:d7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa35f907ec7dbf9c65b815aa3d7202b6dfae3148
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b103437075b5dc9ef4aeacd287611352c21e0e58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a6:e8:d3:fe:86:ab:bb:c4:bf:48:fb:fd:07:
                    6a:2c:46:b8:66:f2:b6:7d:d7:15:df:42:17:98:29:
                    82:05:a1:fa:43:a8:fe:2c:c5:a4:df:a9:24:18:2a:
                    61:43:21:41:ea:69:02:1d:44:91:2d:40:7d:d4:56:
                    11:3d:4c:6b:c9:25:e9:d6:08:50:a8:75:53:cd:7b:
                    7b:ce:e2:f2:ba:39:2d:f7:fd:c6:4d:c8:f2:44:63:
                    15:5c:f7:5b:48:f3:a9:0c:a0:f3:6e:16:82:81:39:
                    81:a9:43:40:2d:13:e9:f9:9d:22:50:29:7e:68:4b:
                    dc:78:45:f5:05:0b:c3:dc:93:3a:93:83:05:1e:fa:
                    98:48:5a:eb:ab:59:7a:a9:44:57:5c:0f:a9:1b:2c:
                    4e:86:f9:cc:8f:1d:bb:34:0d:37:04:d8:0e:b2:48:
                    b4:af:6e:2c:92:63:9b:87:0a:d8:2d:0b:31:42:51:
                    49:5b:f1:b0:2f:a0:09:63:4b:fd:a7:51:90:6a:26:
                    0d:66:0c:b9:47:b6:c1:43:f0:fd:5e:fd:56:b8:ec:
                    a9:c2:0f:7e:a4:56:4b:60:f7:ca:cb:88:24:a1:d4:
                    69:1f:60:a4:1c:ea:97:81:1e:89:a1:74:a4:0e:09:
                    1f:35:35:0d:e4:bd:af:c5:75:a6:7d:ea:5f:46:47:
                    53:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:03:43:70:75:B5:DC:9E:F4:AE:AC:D2:87:61:13:52:C2:1E:0E:58
            X509v3 Authority Key Identifier:
                keyid:AA:35:F9:07:EC:7D:BF:9C:65:B8:15:AA:3D:72:02:B6:DF:AE:31:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/sQNDcHW13J70rqzSh2ETUsIeDlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:f28:23::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:00:21:6d:4a:d8:25:a5:98:d9:d1:a5:05:1c:8d:62:a5:7f:
         7d:e8:60:52:68:83:a9:b4:5f:0d:5a:a8:56:f4:2b:a7:2f:eb:
         74:9d:3e:1d:4a:24:ad:5e:0e:f4:7d:78:bb:2d:78:a7:ba:7f:
         6d:fe:20:74:0c:aa:65:d8:a2:99:30:81:cc:74:41:80:cb:a9:
         f7:e6:9b:d1:c1:85:6d:a6:ca:c7:70:9b:28:54:02:07:4a:82:
         1c:99:b8:39:36:ab:fa:8b:29:4e:ab:be:99:e1:a2:fb:70:d1:
         47:48:4a:cb:08:99:51:fd:a1:3a:94:73:6a:24:bb:71:f6:03:
         c1:7e:f5:01:f6:0b:7e:8e:6a:1b:e6:56:dd:bb:94:46:83:43:
         ba:56:7b:d5:40:48:8f:ef:2e:78:8a:29:a4:24:8b:16:f3:3a:
         94:81:38:a2:b0:89:3b:54:41:b1:f7:d5:14:e8:0d:8b:a0:2f:
         ef:26:00:ef:53:f4:87:36:53:68:ac:b5:9a:45:89:13:ac:60:
         58:00:ad:fe:4d:44:25:c8:26:d3:6d:31:d8:39:63:86:0c:92:
         ff:1a:4d:b1:0c:2d:11:ee:2b:87:44:22:11:60:30:6e:af:cc:
         70:06:58:3f:a5:a3:a2:cf:70:37:88:78:d1:05:a5:3d:04:02:
         99:8d:0d:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvFEo8bkIUbVyY1M+H9e1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzVmOTA3ZWM3ZGJmOWM2NWI4MTVhYTNkNzIwMmI2ZGZh
ZTMxNDgwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTAzNDM3MDc1YjVkYzllZjRhZWFjZDI4NzYxMTM1MmMyMWUwZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6bo0/6Gq7vEv0j7/QdqLEa4ZvK2
fdcV30IXmCmCBaH6Q6j+LMWk36kkGCphQyFB6mkCHUSRLUB91FYRPUxrySXp1ghQ
qHVTzXt7zuLyujkt9/3GTcjyRGMVXPdbSPOpDKDzbhaCgTmBqUNALRPp+Z0iUCl+
aEvceEX1BQvD3JM6k4MFHvqYSFrrq1l6qURXXA+pGyxOhvnMjx27NA03BNgOski0
r24skmObhwrYLQsxQlFJW/GwL6AJY0v9p1GQaiYNZgy5R7bBQ/D9Xv1WuOypwg9+
pFZLYPfKy4gkodRpH2CkHOqXgR6JoXSkDgkfNTUN5L2vxXWmfepfRkdT1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLEDQ3B1tdye9K6s0odhE1LCHg5YMB8GA1UdIwQY
MBaAFKo1+Qfsfb+cZbgVqj1yArbfrjFIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpYNUIteDl2NXhsdUJXcVBYSUN0dC11TVVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iMWM1MGUtYWYyNy00YTYyLWFlMjMt
YjZmMWNmYWE2OTg1LzEvc1FORGNIVzEzSjcwcnF6U2gyRVRVc0llRGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iMWM1MGUtYWYyNy00YTYyLWFlMjMtYjZmMWNmYWE2OTg1
LzEvcWpYNUIteDl2NXhsdUJXcVBYSUN0dC11TVVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIPKAAj
MA0GCSqGSIb3DQEBCwUAA4IBAQBcACFtStglpZjZ0aUFHI1ipX996GBSaIOptF8N
WqhW9CunL+t0nT4dSiStXg70fXi7LXinun9t/iB0DKpl2KKZMIHMdEGAy6n35pvR
wYVtpsrHcJsoVAIHSoIcmbg5Nqv6iylOq76Z4aL7cNFHSErLCJlR/aE6lHNqJLtx
9gPBfvUB9gt+jmob5lbdu5RGg0O6VnvVQEiP7y54iimkJIsW8zqUgTiisIk7VEGx
99UU6A2LoC/vJgDvU/SHNlNorLWaRYkTrGBYAK3+TUQlyCbTbTHYOWOGDJL/Gk2x
DC0R7iuHRCIRYDBur8xwBlg/paOiz3A3iHjRBaU9BAKZjQ3L
-----END CERTIFICATE-----