Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/dQjagmJKdx-4hHaLxaMi1s1j9z0.roa
File:                     dQjagmJKdx-4hHaLxaMi1s1j9z0.roa (raw, json)
Hash identifier:          5Qs4mlvKdO7aRLxX7/4CmoY8iS6vux4eU2Cx4CoswBA=
Subject key identifier:   75:08:DA:82:62:4A:77:1F:B8:84:76:8B:C5:A3:22:D6:CD:63:F7:3D
Certificate issuer:       /CN=a81699a5bc6487bd2f1749d133fca2e37fd4da88
Certificate serial:       018CC94AC4B50B991D2891A6D9F8D5B9031A
Authority key identifier: A8:16:99:A5:BC:64:87:BD:2F:17:49:D1:33:FC:A2:E3:7F:D4:DA:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBaZpbxkh70vF0nRM_yi43_U2og.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/dQjagmJKdx-4hHaLxaMi1s1j9z0.roa
Signing time:             Tue 02 Jan 2024 08:29:29 +0000
ROA not before:           Tue 02 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        149.133.4.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/qBaZpbxkh70vF0nRM_yi43_U2og.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/qBaZpbxkh70vF0nRM_yi43_U2og.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBaZpbxkh70vF0nRM_yi43_U2og.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c4:b5:0b:99:1d:28:91:a6:d9:f8:d5:b9:03:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81699a5bc6487bd2f1749d133fca2e37fd4da88
        Validity
            Not Before: Jan  2 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7508da82624a771fb884768bc5a322d6cd63f73d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:49:30:6f:b2:e3:cf:cd:72:38:dc:13:f2:48:
                    1e:c0:c4:94:79:c4:5a:9e:1a:10:d0:fd:91:d5:43:
                    a5:6d:14:47:23:8b:b7:ea:97:d5:8c:8a:ea:b3:3a:
                    b8:a4:ce:82:1e:41:89:0e:13:07:71:c9:4e:cb:08:
                    df:71:1a:83:de:16:a2:ea:ac:b3:19:0a:45:34:eb:
                    11:68:14:ec:f8:10:be:84:ff:90:6c:95:de:d4:7f:
                    31:4f:3d:81:19:a1:f0:6d:62:10:3e:42:d9:88:23:
                    fd:35:cd:d8:3b:56:4b:bf:77:02:14:7e:43:53:83:
                    08:e9:0b:56:e6:9c:54:cd:02:9b:e2:c2:ee:f3:86:
                    91:3c:ef:fb:c2:6e:ad:b7:05:e8:06:f0:5b:cc:1a:
                    ad:f4:c6:7b:70:54:f4:67:0b:33:c9:79:1c:4e:25:
                    22:f5:58:4d:aa:1d:d7:6f:6b:70:d0:42:71:c9:99:
                    22:67:90:97:72:35:a8:9a:8f:8f:08:4a:50:1a:c2:
                    cc:3a:7b:e6:33:d1:8c:f6:85:db:43:33:cb:b7:5d:
                    61:47:27:49:23:22:41:3c:48:44:2a:2d:0b:10:f7:
                    24:4c:e8:88:1b:92:9c:04:cd:ea:d8:77:eb:03:dd:
                    87:d6:8e:44:1c:ad:6d:0d:53:20:61:0d:bf:bc:a6:
                    48:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:08:DA:82:62:4A:77:1F:B8:84:76:8B:C5:A3:22:D6:CD:63:F7:3D
            X509v3 Authority Key Identifier:
                keyid:A8:16:99:A5:BC:64:87:BD:2F:17:49:D1:33:FC:A2:E3:7F:D4:DA:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBaZpbxkh70vF0nRM_yi43_U2og.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/dQjagmJKdx-4hHaLxaMi1s1j9z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fd7493-7599-43b6-8559-787c0632cfea/1/qBaZpbxkh70vF0nRM_yi43_U2og.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.133.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:4e:f3:c3:25:0f:ad:21:ab:b3:36:fa:ad:9d:d6:17:ef:65:
         b5:03:a3:65:95:de:8f:c6:1c:52:51:c0:77:44:88:90:3f:0f:
         74:2a:71:fd:1c:4d:28:14:31:7c:80:61:2c:28:d6:bd:09:27:
         b3:80:42:11:7d:f1:b9:97:b9:e1:70:c0:07:11:67:ff:46:bd:
         c9:07:23:40:ee:fb:a7:32:19:9c:d4:2b:b0:45:db:b5:03:90:
         5c:73:fb:5f:3c:68:87:d9:19:ee:00:ea:49:0d:65:cf:22:f2:
         44:da:49:1f:cd:de:79:a5:d8:1a:d7:c5:0a:bc:33:ac:69:63:
         ab:ee:15:44:cc:46:59:dd:29:b0:70:72:06:f9:04:28:d1:27:
         d9:2b:3f:31:8b:d2:d6:5f:1f:de:a2:d7:2e:c2:f7:44:47:f3:
         93:d3:28:11:69:b7:b9:85:2c:91:9b:82:e7:22:38:12:df:a9:
         32:4c:dc:50:23:3f:5b:4f:e3:dc:83:57:9c:5d:96:28:08:a0:
         87:df:f0:ff:b6:d6:6f:3f:03:0c:6c:01:5b:de:21:77:19:54:
         48:8c:6c:f3:52:df:0f:08:b5:c6:f0:4c:70:6a:2a:ec:47:23:
         22:72:cd:86:f0:96:cc:d3:07:cb:76:00:5f:cf:aa:7f:fc:79:
         43:76:c8:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsS1C5kdKJGm2fjVuQMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTY5OWE1YmM2NDg3YmQyZjE3NDlkMTMzZmNhMmUzN2Zk
NGRhODgwHhcNMjQwMTAyMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA4ZGE4MjYyNGE3NzFmYjg4NDc2OGJjNWEzMjJkNmNkNjNmNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkkwb7Ljz81yONwT8kgewMSUecRa
nhoQ0P2R1UOlbRRHI4u36pfVjIrqszq4pM6CHkGJDhMHcclOywjfcRqD3hai6qyz
GQpFNOsRaBTs+BC+hP+QbJXe1H8xTz2BGaHwbWIQPkLZiCP9Nc3YO1ZLv3cCFH5D
U4MI6QtW5pxUzQKb4sLu84aRPO/7wm6ttwXoBvBbzBqt9MZ7cFT0ZwszyXkcTiUi
9VhNqh3Xb2tw0EJxyZkiZ5CXcjWomo+PCEpQGsLMOnvmM9GM9oXbQzPLt11hRydJ
IyJBPEhEKi0LEPckTOiIG5KcBM3q2HfrA92H1o5EHK1tDVMgYQ2/vKZIzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUI2oJiSncfuIR2i8WjItbNY/c9MB8GA1UdIwQY
MBaAFKgWmaW8ZIe9LxdJ0TP8ouN/1NqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJhWnBieGtoNzB2RjBuUk1feWk0M19VMm9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9mZDc0OTMtNzU5OS00M2I2LTg1NTkt
Nzg3YzA2MzJjZmVhLzEvZFFqYWdtSktkeC00aEhhTHhhTWkxczFqOXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9mZDc0OTMtNzU5OS00M2I2LTg1NTktNzg3YzA2MzJjZmVh
LzEvcUJhWnBieGtoNzB2RjBuUk1feWk0M19VMm9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBlYUEMA0G
CSqGSIb3DQEBCwUAA4IBAQA5TvPDJQ+tIauzNvqtndYX72W1A6Nlld6PxhxSUcB3
RIiQPw90KnH9HE0oFDF8gGEsKNa9CSezgEIRffG5l7nhcMAHEWf/Rr3JByNA7vun
Mhmc1CuwRdu1A5Bcc/tfPGiH2RnuAOpJDWXPIvJE2kkfzd55pdga18UKvDOsaWOr
7hVEzEZZ3SmwcHIG+QQo0SfZKz8xi9LWXx/eotcuwvdER/OT0ygRabe5hSyRm4Ln
IjgS36kyTNxQIz9bT+Pcg1ecXZYoCKCH3/D/ttZvPwMMbAFb3iF3GVRIjGzzUt8P
CLXG8ExwairsRyMics2G8JbM0wfLdgBfz6p//HlDdsgc
-----END CERTIFICATE-----