Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/hSqmARz-A1S_rmVxu1wQxPjcjh0.roa
File:                     hSqmARz-A1S_rmVxu1wQxPjcjh0.roa (raw, json)
Hash identifier:          kQm2kM/Z0Ve45j66IdFykNCvM10IFyMLBST5lIJr1kI=
Subject key identifier:   85:2A:A6:01:1C:FE:03:54:BF:AE:65:71:BB:5C:10:C4:F8:DC:8E:1D
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       018F961DC5AB9825C8CE6E74C9B7B0EB7628
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/hSqmARz-A1S_rmVxu1wQxPjcjh0.roa
Signing time:             Mon 20 May 2024 13:08:04 +0000
ROA not before:           Mon 20 May 2024 13:08:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198885
IP address blocks:        5.61.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:1d:c5:ab:98:25:c8:ce:6e:74:c9:b7:b0:eb:76:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: May 20 13:08:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=852aa6011cfe0354bfae6571bb5c10c4f8dc8e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d2:a4:f6:98:f6:e1:40:24:a0:20:85:8a:73:
                    90:ed:9f:81:83:5f:25:71:61:2d:63:bb:3c:2a:a5:
                    79:0e:f6:2c:ad:bf:4e:97:ae:d9:59:a0:42:ba:99:
                    6c:ea:0d:3b:76:2d:1a:4c:30:62:e4:73:1b:27:cf:
                    8c:af:48:ea:78:de:ba:8a:1f:af:b9:73:41:85:3b:
                    30:79:b0:de:47:60:9d:08:58:8d:4e:60:56:73:67:
                    c9:98:cc:b3:06:94:32:83:1b:7e:7e:82:3c:60:2f:
                    63:d6:81:a6:fe:b9:84:6a:9f:71:17:85:f7:fe:84:
                    fd:36:ed:a9:0e:38:96:09:62:9d:fa:f0:58:ca:06:
                    65:3a:8b:18:c6:95:21:11:87:d9:64:3b:aa:14:db:
                    75:f1:f3:4d:c4:ca:d8:f6:a0:e0:36:ae:ce:50:cd:
                    65:ce:2b:37:16:86:cd:9c:55:93:68:b4:01:28:63:
                    44:ac:b3:0c:fe:2e:ed:d8:ca:3f:c9:4c:f4:fb:a8:
                    61:18:a3:68:4b:7f:a7:c4:ed:45:07:ae:fe:d4:7d:
                    70:2c:e3:9e:6a:aa:b1:cb:f5:6a:d4:df:8b:a5:21:
                    18:bd:55:b4:fd:97:a1:84:80:b0:61:a6:fa:a1:b5:
                    bb:8d:75:ad:7b:ad:9b:4f:a0:30:3e:60:c3:30:94:
                    59:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:2A:A6:01:1C:FE:03:54:BF:AE:65:71:BB:5C:10:C4:F8:DC:8E:1D
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/hSqmARz-A1S_rmVxu1wQxPjcjh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:95:31:bf:7c:f9:16:1e:2d:d7:c2:9d:24:33:4f:93:78:1a:
         6a:89:ec:48:52:25:d8:12:d4:ce:70:7b:a0:28:d8:89:3d:19:
         bd:2e:3a:b5:94:00:4c:1d:db:72:2f:b5:af:d0:84:ca:fb:65:
         4d:67:df:53:92:0d:0f:76:9e:e7:2f:d5:70:65:4d:1a:6c:f4:
         1d:a5:0f:b4:ab:c6:72:3e:e7:34:45:6f:89:48:55:39:54:75:
         d4:08:e9:6c:d0:75:7f:28:6a:9a:92:ca:bb:8b:c7:95:99:fd:
         23:cd:16:2a:c7:44:23:15:df:84:30:e7:d2:eb:ce:a3:4b:b3:
         00:75:2e:50:a0:7a:f1:0e:17:d2:de:c3:65:eb:69:f9:eb:a3:
         73:0a:d6:b7:e8:1b:53:f2:c8:e4:74:c3:08:86:6d:4a:c9:4f:
         fd:1b:8c:6a:9e:bc:bc:82:99:97:53:49:c9:ae:8d:86:a4:c0:
         aa:b7:2c:94:ed:8c:96:67:5d:32:84:40:17:90:fc:08:95:db:
         9c:25:fe:a8:2e:dd:58:86:21:2f:da:2c:4e:67:1d:f2:93:3a:
         63:98:ea:f0:dc:2d:24:73:2f:1c:64:ce:67:82:c8:db:78:9c:
         5a:d0:99:3f:61:16:87:96:37:95:71:db:f9:73:2b:ee:4b:56:
         e7:cc:b1:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+WHcWrmCXIzm50ybew63YoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjQwNTIwMTMwODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTJhYTYwMTFjZmUwMzU0YmZhZTY1NzFiYjVjMTBjNGY4ZGM4ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9Kk9pj24UAkoCCFinOQ7Z+Bg18l
cWEtY7s8KqV5DvYsrb9Ol67ZWaBCupls6g07di0aTDBi5HMbJ8+Mr0jqeN66ih+v
uXNBhTswebDeR2CdCFiNTmBWc2fJmMyzBpQygxt+foI8YC9j1oGm/rmEap9xF4X3
/oT9Nu2pDjiWCWKd+vBYygZlOosYxpUhEYfZZDuqFNt18fNNxMrY9qDgNq7OUM1l
zis3FobNnFWTaLQBKGNErLMM/i7t2Mo/yUz0+6hhGKNoS3+nxO1FB67+1H1wLOOe
aqqxy/Vq1N+LpSEYvVW0/ZehhICwYab6obW7jXWte62bT6AwPmDDMJRZyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUqpgEc/gNUv65lcbtcEMT43I4dMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvaFNxbUFSei1BMVNfcm1WeHUxd1F4UGpjamgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT3LMA0G
CSqGSIb3DQEBCwUAA4IBAQCIlTG/fPkWHi3Xwp0kM0+TeBpqiexIUiXYEtTOcHug
KNiJPRm9Ljq1lABMHdtyL7Wv0ITK+2VNZ99Tkg0Pdp7nL9VwZU0abPQdpQ+0q8Zy
Puc0RW+JSFU5VHXUCOls0HV/KGqaksq7i8eVmf0jzRYqx0QjFd+EMOfS686jS7MA
dS5QoHrxDhfS3sNl62n566NzCta36BtT8sjkdMMIhm1KyU/9G4xqnry8gpmXU0nJ
ro2GpMCqtyyU7YyWZ10yhEAXkPwIlducJf6oLt1YhiEv2ixOZx3ykzpjmOrw3C0k
cy8cZM5ngsjbeJxa0Jk/YRaHljeVcdv5cyvuS1bnzLEK
-----END CERTIFICATE-----