Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/q-1CGXCjNgF_zVPCrcV95wdn27U.roa
File:                     q-1CGXCjNgF_zVPCrcV95wdn27U.roa (raw, json)
Hash identifier:          7/JtQdIBudRL+Q4ggE1jjYxnGHIiqz48gC6xlapyn7U=
Subject key identifier:   AB:ED:42:19:70:A3:36:01:7F:CD:53:C2:AD:C5:7D:E7:07:67:DB:B5
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018E7B26719C5D411BE86C7DC0B95D9FC8A9
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/q-1CGXCjNgF_zVPCrcV95wdn27U.roa
Signing time:             Tue 26 Mar 2024 14:25:00 +0000
ROA not before:           Tue 26 Mar 2024 14:25:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        171.22.60.0/24 maxlen: 24
                          171.22.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:26:71:9c:5d:41:1b:e8:6c:7d:c0:b9:5d:9f:c8:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Mar 26 14:25:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abed421970a336017fcd53c2adc57de70767dbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:9f:00:5a:be:15:11:21:f9:ee:8c:52:23:
                    88:55:8c:ad:28:92:bf:45:f8:90:7b:26:ca:f3:1c:
                    fe:fb:ae:8c:e4:01:1f:47:21:7a:27:6f:a6:5f:2a:
                    f8:9f:d9:0e:34:d6:dd:13:13:d9:7c:05:47:f5:5e:
                    a6:7e:f3:51:74:ae:26:9a:98:15:bc:96:10:92:bb:
                    46:cb:fb:df:d9:ed:86:f8:2e:c0:08:f2:65:cf:e2:
                    70:e3:9d:ae:85:86:ee:5c:1e:69:a2:bb:d8:b3:c0:
                    08:c5:9a:ea:45:19:cc:c5:8d:93:80:d1:83:79:15:
                    93:24:71:44:5d:30:22:2a:09:32:78:e0:3f:ff:b5:
                    5c:0a:c2:82:62:85:ae:4d:ff:88:3c:0a:17:41:2f:
                    91:17:88:b3:02:ac:b4:3a:28:5d:bf:3c:bb:fb:cd:
                    ce:02:49:87:f8:c0:de:68:86:b4:ec:74:05:7d:7d:
                    94:7e:9d:54:84:2a:af:9a:98:b5:72:98:ec:7a:f3:
                    69:55:cb:36:4e:5e:9b:4a:3d:ab:80:ea:f8:28:9b:
                    ca:4f:0f:a5:5a:dc:99:a0:f8:d9:0f:76:72:9e:7d:
                    38:f2:ae:4c:9f:3d:99:6c:c3:49:be:e8:d7:72:82:
                    c9:2d:45:69:d1:1a:ff:bd:ba:dc:14:0f:bc:cd:de:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:ED:42:19:70:A3:36:01:7F:CD:53:C2:AD:C5:7D:E7:07:67:DB:B5
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/q-1CGXCjNgF_zVPCrcV95wdn27U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:b9:7d:5d:cf:f9:d8:ce:a3:fe:14:be:15:aa:ea:b9:94:8f:
         8c:d5:32:a0:69:0b:65:56:38:1c:5a:53:d6:b7:54:ff:60:94:
         ba:93:bf:90:db:d6:f0:c2:45:98:9c:4e:fd:6b:85:6e:b2:ca:
         f7:0c:35:e1:d8:8e:d9:c7:c0:16:cd:0e:36:99:ff:b6:f0:5a:
         2c:c5:29:fc:0c:32:da:80:e3:55:f0:5b:bb:04:3d:af:e7:db:
         85:0c:56:5a:30:96:91:e3:49:87:38:bb:dc:82:55:9d:2b:ea:
         e7:3c:f1:d4:21:a9:3a:3d:67:ab:b4:3d:6d:40:8d:cb:f4:a1:
         73:c2:dc:ea:d6:15:18:6e:2b:26:29:72:b2:ad:4b:f6:f8:ba:
         ed:90:8e:87:85:f7:33:5c:1d:bf:71:f5:6f:a8:9b:0b:b9:86:
         f9:82:c2:24:2a:5f:b2:aa:e6:8f:70:e3:df:25:16:89:4a:72:
         d6:1b:86:83:e1:0d:ae:f2:e4:f0:3a:aa:f2:0d:36:04:44:08:
         12:c1:1b:0c:c7:c7:a9:76:5d:0c:56:a5:f5:e4:e3:7a:93:0f:
         5a:cb:4f:d2:c0:3c:6f:4a:17:b8:d8:39:48:08:40:72:98:8c:
         4c:c3:c7:c3:6e:0e:8a:fb:2e:75:2b:b2:73:05:5b:0e:c8:29:
         2e:61:66:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57JnGcXUEb6Gx9wLldn8ipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMzI2MTQyNTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmVkNDIxOTcwYTMzNjAxN2ZjZDUzYzJhZGM1N2RlNzA3NjdkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYKfAFq+FREh+e6MUiOIVYytKJK/
RfiQeybK8xz++66M5AEfRyF6J2+mXyr4n9kONNbdExPZfAVH9V6mfvNRdK4mmpgV
vJYQkrtGy/vf2e2G+C7ACPJlz+Jw452uhYbuXB5porvYs8AIxZrqRRnMxY2TgNGD
eRWTJHFEXTAiKgkyeOA//7VcCsKCYoWuTf+IPAoXQS+RF4izAqy0Oihdvzy7+83O
AkmH+MDeaIa07HQFfX2Ufp1UhCqvmpi1cpjsevNpVcs2Tl6bSj2rgOr4KJvKTw+l
WtyZoPjZD3Zynn048q5Mnz2ZbMNJvujXcoLJLUVp0Rr/vbrcFA+8zd4yLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvtQhlwozYBf81Twq3FfecHZ9u1MB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvcS0xQ0dYQ2pOZ0ZfelZQQ3JjVjk1d2RuMjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqxY8MA0G
CSqGSIb3DQEBCwUAA4IBAQBquX1dz/nYzqP+FL4Vquq5lI+M1TKgaQtlVjgcWlPW
t1T/YJS6k7+Q29bwwkWYnE79a4Vussr3DDXh2I7Zx8AWzQ42mf+28FosxSn8DDLa
gONV8Fu7BD2v59uFDFZaMJaR40mHOLvcglWdK+rnPPHUIak6PWertD1tQI3L9KFz
wtzq1hUYbismKXKyrUv2+LrtkI6HhfczXB2/cfVvqJsLuYb5gsIkKl+yquaPcOPf
JRaJSnLWG4aD4Q2u8uTwOqryDTYERAgSwRsMx8epdl0MVqX15ON6kw9ay0/SwDxv
She42DlICEBymIxMw8fDbg6K+y51K7JzBVsOyCkuYWac
-----END CERTIFICATE-----