Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/qSGma9mRcaAnlqhpG_Wu9n6s9Cc.roa
File:                     qSGma9mRcaAnlqhpG_Wu9n6s9Cc.roa (raw, json)
Hash identifier:          J25rBIkF5/dJA+rYoGVRJ8hW04kT0p4HDWTHMpTKXRg=
Subject key identifier:   A9:21:A6:6B:D9:91:71:A0:27:96:A8:69:1B:F5:AE:F6:7E:AC:F4:27
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018E37E9611A7C4D2EB42720B1EA42AF2C63
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/qSGma9mRcaAnlqhpG_Wu9n6s9Cc.roa
Signing time:             Wed 13 Mar 2024 13:03:45 +0000
ROA not before:           Wed 13 Mar 2024 13:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62262
IP address blocks:        5.159.208.0/21 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          195.88.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:e9:61:1a:7c:4d:2e:b4:27:20:b1:ea:42:af:2c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Mar 13 13:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a921a66bd99171a02796a8691bf5aef67eacf427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:64:8b:ab:18:de:21:bb:38:52:04:a5:40:
                    33:65:d3:7d:63:7a:dd:a3:bd:5f:07:7e:f2:73:87:
                    9d:98:45:a4:90:ce:8c:91:08:25:e8:43:b9:79:cf:
                    01:36:18:4e:07:64:6f:ac:f4:46:6f:fb:bf:f7:c1:
                    b6:0b:2c:09:9d:de:ab:93:24:d4:df:af:8a:98:94:
                    c8:a2:1e:22:06:f9:d9:c4:15:18:ad:ee:e8:86:96:
                    0c:d4:3f:68:91:da:a0:c9:a0:31:51:86:bb:bf:61:
                    07:43:48:90:51:df:71:dc:05:e9:64:2b:de:ea:37:
                    df:cc:8d:a1:7f:9f:c2:60:0c:0f:96:41:61:70:8c:
                    bc:6e:e0:bd:fb:46:56:31:5f:cf:d9:23:87:2a:c8:
                    3d:e8:9e:dc:a3:f8:83:d2:b9:21:88:a5:ac:f8:4c:
                    0e:2d:af:59:b8:e3:b0:4e:20:39:22:bd:3c:19:c4:
                    cb:9b:fd:d7:3c:ea:a4:0a:cc:e3:be:c9:f7:73:56:
                    a9:d0:ae:d6:1e:97:b6:7c:60:eb:d4:f5:98:60:30:
                    76:a1:a7:bf:93:df:c8:6a:7e:b4:b6:79:75:a6:6a:
                    56:7f:76:d2:d1:d1:d3:e5:2c:3b:2a:55:ea:0e:a3:
                    79:37:dc:fa:09:27:66:5e:62:a4:13:f2:86:ad:a3:
                    40:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:21:A6:6B:D9:91:71:A0:27:96:A8:69:1B:F5:AE:F6:7E:AC:F4:27
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/qSGma9mRcaAnlqhpG_Wu9n6s9Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.208.0/21
                  185.145.88.0/22
                  195.88.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:39:5d:bb:ad:98:0d:f1:cd:ca:ec:9e:cb:00:a2:17:58:67:
         f5:ec:76:1f:1f:c3:aa:e4:b4:4a:ad:86:a0:9c:0c:ab:d4:8a:
         46:97:24:a2:be:25:09:d7:2f:60:2e:36:cd:1d:57:06:59:15:
         86:58:3c:66:30:96:6c:6f:a5:bc:a3:7f:a5:69:79:ce:ab:3f:
         4b:13:08:c2:f1:bb:a5:77:10:88:19:9a:0f:6e:b4:28:c4:6d:
         c7:67:ae:d9:39:cc:25:f9:0b:29:38:61:f8:ec:71:ab:a4:a7:
         a0:2a:fc:60:f1:d7:e7:f5:92:63:18:9e:63:f0:ab:6b:89:85:
         f1:43:99:4f:77:06:e4:1d:df:d2:32:c3:13:f3:7f:71:88:c3:
         c7:0d:bf:62:ca:59:4f:48:8e:d6:bf:62:f9:a9:1e:e5:d3:0b:
         ee:c9:ee:8b:80:9c:7d:e3:94:c5:b7:12:47:50:65:ce:13:e4:
         eb:7d:96:be:5a:14:5d:78:3a:75:46:b0:a5:7d:63:bd:88:37:
         24:3e:46:5a:33:ab:f3:49:39:d2:ba:ec:4d:53:31:e6:d8:ef:
         c4:c0:84:03:65:c7:3d:c1:61:41:99:c5:48:1f:93:5c:48:e1:
         16:a7:76:f9:48:a6:82:07:31:85:10:35:09:12:d0:23:39:2f:
         0f:d9:51:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY436WEafE0utCcgsepCryxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwMzEzMTMwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIxYTY2YmQ5OTE3MWEwMjc5NmE4NjkxYmY1YWVmNjdlYWNmNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvtki6sY3iG7OFIEpUAzZdN9Y3rd
o71fB37yc4edmEWkkM6MkQgl6EO5ec8BNhhOB2RvrPRGb/u/98G2CywJnd6rkyTU
36+KmJTIoh4iBvnZxBUYre7ohpYM1D9okdqgyaAxUYa7v2EHQ0iQUd9x3AXpZCve
6jffzI2hf5/CYAwPlkFhcIy8buC9+0ZWMV/P2SOHKsg96J7co/iD0rkhiKWs+EwO
La9ZuOOwTiA5Ir08GcTLm/3XPOqkCszjvsn3c1ap0K7WHpe2fGDr1PWYYDB2oae/
k9/Ian60tnl1pmpWf3bS0dHT5Sw7KlXqDqN5N9z6CSdmXmKkE/KGraNAIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKkhpmvZkXGgJ5aoaRv1rvZ+rPQnMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvcVNHbWE5bVJjYUFubHFocEdfV3U5bjZzOUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBZ/QAwQC
uZFYAwQBw1gIMA0GCSqGSIb3DQEBCwUAA4IBAQA8OV27rZgN8c3K7J7LAKIXWGf1
7HYfH8Oq5LRKrYagnAyr1IpGlySiviUJ1y9gLjbNHVcGWRWGWDxmMJZsb6W8o3+l
aXnOqz9LEwjC8buldxCIGZoPbrQoxG3HZ67ZOcwl+QspOGH47HGrpKegKvxg8dfn
9ZJjGJ5j8KtriYXxQ5lPdwbkHd/SMsMT839xiMPHDb9iyllPSI7Wv2L5qR7l0wvu
ye6LgJx945TFtxJHUGXOE+TrfZa+WhRdeDp1RrClfWO9iDckPkZaM6vzSTnSuuxN
UzHm2O/EwIQDZcc9wWFBmcVIH5NcSOEWp3b5SKaCBzGFEDUJEtAjOS8P2VHK
-----END CERTIFICATE-----