Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/5tIRJUWhSgC6K3fbONY0TlHh_Ug.roa
File:                     5tIRJUWhSgC6K3fbONY0TlHh_Ug.roa (raw, json)
Hash identifier:          exZXlC5tp5Ncby035mIkwRxEgXIOaUuOizKj1xfLuAE=
Subject key identifier:   E6:D2:11:25:45:A1:4A:00:BA:2B:77:DB:38:D6:34:4E:51:E1:FD:48
Certificate issuer:       /CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
Certificate serial:       018CC3B67FE6064B8CEA9D9FD2D2003C8173
Authority key identifier: 75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/5tIRJUWhSgC6K3fbONY0TlHh_Ug.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62000
IP address blocks:        185.163.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7f:e6:06:4b:8c:ea:9d:9f:d2:d2:00:3c:81:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6d2112545a14a00ba2b77db38d6344e51e1fd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ec:95:d7:c5:d2:1b:74:bc:13:13:e0:66:7b:
                    68:d3:ab:a4:c0:f0:e7:14:4e:00:e6:ba:26:09:30:
                    a3:13:b3:6c:34:0c:b2:09:a0:98:75:7b:f7:f3:20:
                    44:a2:66:c6:1e:ab:03:0e:9a:b1:4e:b8:9a:4a:2c:
                    e2:01:ff:53:8c:5e:fe:a1:a6:e0:08:b6:0b:c6:f9:
                    15:94:a2:e8:be:b3:28:f7:60:f8:cf:86:70:d1:55:
                    15:88:64:98:84:cb:fd:ad:b4:ed:f1:47:ab:e9:33:
                    49:20:51:c3:c7:ac:35:49:87:81:76:8c:75:6f:89:
                    22:17:b4:ce:cf:d9:18:4e:3e:ef:02:fe:65:a2:1d:
                    1a:c2:ba:ba:e7:cf:4d:10:0f:66:e2:73:a4:ed:a7:
                    30:16:37:c2:6f:da:b8:51:d5:61:b0:f4:da:e6:6e:
                    74:a3:48:fb:9f:b9:81:2c:ed:07:27:67:53:76:e9:
                    1a:be:20:56:c7:f1:69:ca:8f:a5:d3:d6:64:cc:b4:
                    01:05:00:cf:21:7d:e4:33:3d:2b:2d:e7:31:3b:69:
                    08:54:72:36:87:f2:be:25:95:53:6a:49:fa:d5:7c:
                    9f:e8:88:9c:7b:64:df:2b:a3:39:0b:22:f8:bf:a9:
                    b2:95:60:1d:27:6e:92:ec:da:ba:26:09:8b:75:8d:
                    2f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D2:11:25:45:A1:4A:00:BA:2B:77:DB:38:D6:34:4E:51:E1:FD:48
            X509v3 Authority Key Identifier:
                keyid:75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/5tIRJUWhSgC6K3fbONY0TlHh_Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:2a:d5:94:f3:19:63:da:b5:f1:de:a0:67:2b:01:0f:e3:17:
         29:1a:e1:8a:2b:03:a7:ca:35:5b:0e:a4:4f:71:77:e5:2a:09:
         5b:4c:da:54:21:02:51:aa:88:e4:72:31:ee:65:2c:b9:fc:c5:
         0e:94:fa:92:b3:cc:81:84:12:ab:1e:14:de:f0:62:22:8b:cd:
         24:87:7f:37:78:ab:f3:33:04:8b:42:cb:4c:7f:2d:7d:99:64:
         d5:2a:02:87:25:14:89:20:52:83:c8:11:da:13:40:18:80:70:
         d9:16:bc:20:95:c2:7a:3c:d5:51:3f:f8:19:70:d8:47:c2:21:
         7a:8a:07:c8:72:af:36:8d:95:4c:95:b4:28:ce:5b:c9:ff:be:
         0c:c5:4f:6c:10:66:ff:91:26:23:ee:0e:44:09:0f:41:0f:e2:
         46:58:21:0b:6d:ff:e1:0a:c8:35:49:4d:2e:0c:ad:98:e0:31:
         22:85:b9:c0:62:de:fc:1f:48:2c:ba:bf:e6:8f:60:f4:81:2b:
         a9:99:bb:20:7e:90:65:d5:39:4d:7b:18:26:4c:fc:0f:0f:bb:
         8b:66:87:5c:e5:fd:57:0e:47:e7:6d:5a:85:2c:b6:57:72:dd:
         b6:89:8c:5b:d7:21:06:86:c5:26:aa:29:28:a1:84:20:6d:f6:
         52:0b:50:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtn/mBkuM6p2f0tIAPIFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Mzg2YTZmYWUxZTU1ZjU3NmE0MDViZDc0YjdmMDhlN2E2
YzQ2NTMwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmQyMTEyNTQ1YTE0YTAwYmEyYjc3ZGIzOGQ2MzQ0ZTUxZTFmZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uyV18XSG3S8ExPgZnto06ukwPDn
FE4A5romCTCjE7NsNAyyCaCYdXv38yBEombGHqsDDpqxTriaSiziAf9TjF7+oabg
CLYLxvkVlKLovrMo92D4z4Zw0VUViGSYhMv9rbTt8Uer6TNJIFHDx6w1SYeBdox1
b4kiF7TOz9kYTj7vAv5loh0awrq6589NEA9m4nOk7acwFjfCb9q4UdVhsPTa5m50
o0j7n7mBLO0HJ2dTdukaviBWx/Fpyo+l09ZkzLQBBQDPIX3kMz0rLecxO2kIVHI2
h/K+JZVTakn61Xyf6Iice2TfK6M5CyL4v6mylWAdJ26S7Nq6JgmLdY0vOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObSESVFoUoAuit32zjWNE5R4f1IMB8GA1UdIwQY
MBaAFHU4am+uHlX1dqQFvXS38I56bEZTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEt
Zjg3OTJmNTc3YjlhLzEvNXRJUkpVV2hTZ0M2SzNmYk9OWTBUbEhoX1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEtZjg3OTJmNTc3Yjlh
LzEvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfKtWU8xlj2rXx3qBnKwEP4xcpGuGKKwOnyjVbDqRP
cXflKglbTNpUIQJRqojkcjHuZSy5/MUOlPqSs8yBhBKrHhTe8GIii80kh383eKvz
MwSLQstMfy19mWTVKgKHJRSJIFKDyBHaE0AYgHDZFrwglcJ6PNVRP/gZcNhHwiF6
igfIcq82jZVMlbQozlvJ/74MxU9sEGb/kSYj7g5ECQ9BD+JGWCELbf/hCsg1SU0u
DK2Y4DEihbnAYt78H0gsur/mj2D0gSupmbsgfpBl1TlNexgmTPwPD7uLZodc5f1X
DkfnbVqFLLZXct22iYxb1yEGhsUmqikooYQgbfZSC1A+
-----END CERTIFICATE-----