Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QGLAHh3PhXTmiUHxcyw34qL_zss.roa
File:                     QGLAHh3PhXTmiUHxcyw34qL_zss.roa (raw, json)
Hash identifier:          bIrDIqhlLiodWFK843WYAJ+d2qj7Zy8jz70Kxb2fZoc=
Subject key identifier:   40:62:C0:1E:1D:CF:85:74:E6:89:41:F1:73:2C:37:E2:A2:FF:CE:CB
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019054FE6F7000C26AC1AB32B69278B5994F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QGLAHh3PhXTmiUHxcyw34qL_zss.roa
Signing time:             Wed 26 Jun 2024 14:41:19 +0000
ROA not before:           Wed 26 Jun 2024 14:41:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215817
IP address blocks:        163.5.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:fe:6f:70:00:c2:6a:c1:ab:32:b6:92:78:b5:99:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 26 14:41:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4062c01e1dcf8574e68941f1732c37e2a2ffcecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d8:76:8b:9a:29:75:c6:15:5a:68:83:fa:e7:
                    c1:9f:10:82:c8:6a:a0:ff:83:9a:79:1a:fa:c3:78:
                    a7:53:9a:f6:9c:77:48:5f:7f:78:1c:28:0b:29:b3:
                    02:e4:c7:16:61:b3:42:b2:b3:75:ed:f2:0b:28:f5:
                    4a:35:50:97:4d:29:0e:12:27:a1:fa:13:71:de:c2:
                    2c:44:fc:51:16:0b:4a:c2:12:02:13:53:92:d2:b2:
                    12:2d:d9:37:db:cb:63:69:36:15:49:cd:7f:db:8d:
                    95:b9:6e:39:f6:fd:ac:9b:99:5f:a4:0a:65:4a:f6:
                    c9:f8:cc:5b:62:ef:6a:8e:9a:e3:50:32:50:a4:f3:
                    d2:fd:83:c7:dc:75:77:6e:5e:70:72:64:ea:96:92:
                    ba:5a:f7:26:7e:b2:dd:50:0b:71:ad:0e:5b:c3:0f:
                    60:e0:a0:35:07:25:07:4d:2d:c7:25:ba:f8:75:11:
                    54:30:3d:47:38:43:eb:2a:8b:f5:f0:35:b6:4b:75:
                    b9:28:88:7d:1f:11:cf:b7:be:d9:b9:7c:84:32:5e:
                    52:86:b4:e6:66:f0:90:85:0c:98:da:31:75:86:db:
                    31:3e:89:1e:35:13:79:86:54:18:88:b8:23:27:de:
                    33:a0:85:7a:40:2b:dd:8e:ef:cf:07:71:97:49:5b:
                    48:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:62:C0:1E:1D:CF:85:74:E6:89:41:F1:73:2C:37:E2:A2:FF:CE:CB
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QGLAHh3PhXTmiUHxcyw34qL_zss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:43:25:6d:14:bb:31:8c:8d:cb:58:57:0a:30:25:7a:af:8e:
         1f:fd:54:c8:6b:00:5f:fa:d5:1b:e3:35:dc:80:16:20:0b:a2:
         8a:3e:f9:7f:10:cf:61:37:40:c0:82:01:be:8c:a0:5a:b8:d3:
         e9:d8:45:1c:53:6a:7d:34:70:56:7b:57:9a:0c:11:5c:27:87:
         2d:3b:27:62:d2:5a:f5:aa:8e:95:a8:3f:c0:10:1a:c4:83:94:
         46:e8:95:b8:e9:40:99:e7:f7:f4:8d:82:e8:02:38:e1:85:a5:
         70:37:cc:8b:b6:d4:39:f5:69:63:fe:29:c3:eb:97:bd:44:25:
         39:f1:bf:3a:97:9b:f2:c6:e6:f4:4c:03:1e:28:0a:1d:0f:5f:
         9e:f6:dd:82:09:d5:59:63:f8:21:81:d8:de:64:64:94:d1:88:
         de:bc:fc:18:67:e4:2a:69:cf:6d:a6:b6:a4:a2:51:1e:a7:04:
         92:ee:3e:8c:ea:9d:da:05:1a:23:3b:df:ea:c3:e6:c0:dc:6e:
         4b:94:3a:96:ee:d5:18:5f:98:0e:19:fb:49:f5:af:b7:53:83:
         76:e0:b5:45:5b:47:9e:56:b6:e9:84:5a:6f:66:60:25:d1:6d:
         b7:e9:61:96:bb:fb:42:57:76:08:28:8b:6c:72:a2:55:da:1d:
         71:0b:6d:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBU/m9wAMJqwasytpJ4tZlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNjI2MTQ0MTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDYyYzAxZTFkY2Y4NTc0ZTY4OTQxZjE3MzJjMzdlMmEyZmZjZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNh2i5opdcYVWmiD+ufBnxCCyGqg
/4OaeRr6w3inU5r2nHdIX394HCgLKbMC5McWYbNCsrN17fILKPVKNVCXTSkOEieh
+hNx3sIsRPxRFgtKwhICE1OS0rISLdk328tjaTYVSc1/242VuW459v2sm5lfpApl
SvbJ+MxbYu9qjprjUDJQpPPS/YPH3HV3bl5wcmTqlpK6WvcmfrLdUAtxrQ5bww9g
4KA1ByUHTS3HJbr4dRFUMD1HOEPrKov18DW2S3W5KIh9HxHPt77ZuXyEMl5ShrTm
ZvCQhQyY2jF1htsxPokeNRN5hlQYiLgjJ94zoIV6QCvdju/PB3GXSVtIAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBiwB4dz4V05olB8XMsN+Ki/87LMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUUdMQUhoM1BoWFRtaVVIeGN5dzM0cUxfenNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWdMA0G
CSqGSIb3DQEBCwUAA4IBAQChQyVtFLsxjI3LWFcKMCV6r44f/VTIawBf+tUb4zXc
gBYgC6KKPvl/EM9hN0DAggG+jKBauNPp2EUcU2p9NHBWe1eaDBFcJ4ctOydi0lr1
qo6VqD/AEBrEg5RG6JW46UCZ5/f0jYLoAjjhhaVwN8yLttQ59Wlj/inD65e9RCU5
8b86l5vyxub0TAMeKAodD1+e9t2CCdVZY/ghgdjeZGSU0YjevPwYZ+Qqac9tprak
olEepwSS7j6M6p3aBRojO9/qw+bA3G5LlDqW7tUYX5gOGftJ9a+3U4N24LVFW0ee
VrbphFpvZmAl0W236WGWu/tCV3YIKItscqJV2h1xC22b
-----END CERTIFICATE-----