Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/dqk4eEX1gbXe1v0aQ78x0ok4AZA.roa
File:                     dqk4eEX1gbXe1v0aQ78x0ok4AZA.roa (raw, json)
Hash identifier:          XmqkX5rBV7GEdFwf5GAZLLZ2npMSlovyf0TdtacO0so=
Subject key identifier:   76:A9:38:78:45:F5:81:B5:DE:D6:FD:1A:43:BF:31:D2:89:38:01:90
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018E8109290C8CF47DB55BE7F21DD1118584
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/dqk4eEX1gbXe1v0aQ78x0ok4AZA.roa
Signing time:             Wed 27 Mar 2024 17:50:44 +0000
ROA not before:           Wed 27 Mar 2024 17:50:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62095
IP address blocks:        188.132.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:81:09:29:0c:8c:f4:7d:b5:5b:e7:f2:1d:d1:11:85:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Mar 27 17:50:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76a9387845f581b5ded6fd1a43bf31d289380190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ce:45:c2:57:65:63:6a:37:d6:3c:88:f6:70:
                    70:4a:b4:f6:95:4b:24:5c:da:41:d3:12:a1:2e:fa:
                    e9:d8:89:28:b4:e6:9d:63:6f:95:04:85:8c:0f:aa:
                    e9:01:81:02:b6:c5:a7:46:80:d9:95:10:35:34:bb:
                    4f:2f:f2:6f:87:ae:51:a0:29:2e:0c:18:12:ee:99:
                    e0:76:b6:ed:35:3e:69:6c:a8:64:27:75:eb:86:a0:
                    dd:a7:a9:da:72:3c:93:d8:5d:f5:a3:65:b8:70:94:
                    00:b8:dc:ab:bf:42:d5:1b:97:7a:dd:b6:f0:73:0a:
                    89:32:27:27:82:90:a3:1f:84:9f:ff:5c:5e:f6:b9:
                    f0:64:8d:db:25:3b:8a:92:d1:aa:72:e6:8a:1f:00:
                    33:76:76:10:bc:91:bc:90:f5:27:78:1b:1b:5e:6e:
                    62:f0:a6:22:37:70:95:2b:4f:52:06:8a:05:bf:ca:
                    07:47:cc:15:6b:09:9b:bb:39:0c:fa:43:27:f4:92:
                    88:ce:41:f1:c1:a4:51:d4:a0:26:61:f2:8d:ab:3e:
                    3e:ba:92:47:5e:68:03:88:b2:31:b1:40:b9:d6:f5:
                    a3:b7:22:1a:5f:4e:f9:e7:9d:69:dd:23:46:aa:4c:
                    1e:26:26:1f:69:90:5b:2e:c0:e2:9c:3e:b7:59:d0:
                    5b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A9:38:78:45:F5:81:B5:DE:D6:FD:1A:43:BF:31:D2:89:38:01:90
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/dqk4eEX1gbXe1v0aQ78x0ok4AZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:e0:e3:93:c0:e7:0d:5e:0b:9e:96:c5:6f:25:ce:04:92:ab:
         0c:c3:f4:88:10:f2:13:dd:c9:f1:76:79:c8:5b:ff:43:67:de:
         85:e8:d6:d4:e7:98:4e:02:8d:0c:a4:90:7d:4e:06:c7:12:c1:
         e8:b5:f4:b1:5c:d6:96:46:ac:1e:5c:99:a9:42:9e:59:63:db:
         2d:fb:8e:26:5a:61:54:60:4a:11:b5:52:fa:1b:85:80:29:4d:
         cf:81:56:64:db:13:08:ed:b1:34:18:d7:35:fc:3d:e5:84:ab:
         5c:26:77:a8:26:b6:e0:11:d2:a7:49:80:9e:8c:9c:b2:3f:a6:
         72:ea:7f:a7:c1:8c:c7:f8:79:31:89:e3:5d:c2:ee:a8:32:94:
         7a:60:aa:d1:31:fc:ac:19:a9:8b:64:3d:43:74:e9:f2:eb:a3:
         55:1e:0a:d4:1a:32:a9:db:bd:50:3a:23:a7:19:3e:81:d8:a9:
         38:11:5f:56:03:5a:92:c8:ad:97:20:f4:6d:0b:90:3a:bb:66:
         db:df:6c:54:37:16:39:4c:36:23:6d:46:ad:7c:14:01:aa:87:
         34:6b:76:58:ce:bf:e2:61:c7:f0:b0:d0:ec:a2:b0:9e:6d:20:
         7c:6e:a7:fb:e3:16:f6:fe:ef:a8:f4:e8:e2:a3:b5:e0:96:7c:
         21:6d:80:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6BCSkMjPR9tVvn8h3REYWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjQwMzI3MTc1MDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmE5Mzg3ODQ1ZjU4MWI1ZGVkNmZkMWE0M2JmMzFkMjg5MzgwMTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM5FwldlY2o31jyI9nBwSrT2lUsk
XNpB0xKhLvrp2IkotOadY2+VBIWMD6rpAYECtsWnRoDZlRA1NLtPL/Jvh65RoCku
DBgS7pngdrbtNT5pbKhkJ3XrhqDdp6nacjyT2F31o2W4cJQAuNyrv0LVG5d63bbw
cwqJMicngpCjH4Sf/1xe9rnwZI3bJTuKktGqcuaKHwAzdnYQvJG8kPUneBsbXm5i
8KYiN3CVK09SBooFv8oHR8wVawmbuzkM+kMn9JKIzkHxwaRR1KAmYfKNqz4+upJH
XmgDiLIxsUC51vWjtyIaX075551p3SNGqkweJiYfaZBbLsDinD63WdBb6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHapOHhF9YG13tb9GkO/MdKJOAGQMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvZHFrNGVFWDFnYlhlMXYwYVE3OHgwb2s0QVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISxMA0G
CSqGSIb3DQEBCwUAA4IBAQBk4OOTwOcNXguelsVvJc4EkqsMw/SIEPIT3cnxdnnI
W/9DZ96F6NbU55hOAo0MpJB9TgbHEsHotfSxXNaWRqweXJmpQp5ZY9st+44mWmFU
YEoRtVL6G4WAKU3PgVZk2xMI7bE0GNc1/D3lhKtcJneoJrbgEdKnSYCejJyyP6Zy
6n+nwYzH+HkxieNdwu6oMpR6YKrRMfysGamLZD1DdOny66NVHgrUGjKp271QOiOn
GT6B2Kk4EV9WA1qSyK2XIPRtC5A6u2bb32xUNxY5TDYjbUatfBQBqoc0a3ZYzr/i
YcfwsNDsorCebSB8bqf74xb2/u+o9Ojio7XglnwhbYDq
-----END CERTIFICATE-----