Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/qBimJ_xTI3zsMP3DZW0q9b64J8s.roa
File:                     qBimJ_xTI3zsMP3DZW0q9b64J8s.roa (raw, json)
Hash identifier:          HvmBdVhBYF42ATzFIZjkSUg082Xc4Okka4eSxDJe88s=
Subject key identifier:   A8:18:A6:27:FC:53:23:7C:EC:30:FD:C3:65:6D:2A:F5:BE:B8:27:CB
Certificate issuer:       /CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
Certificate serial:       018CC8014C519B30EDFC2C417FFAFEAC1371
Authority key identifier: D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/qBimJ_xTI3zsMP3DZW0q9b64J8s.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        185.59.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:51:9b:30:ed:fc:2c:41:7f:fa:fe:ac:13:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a818a627fc53237cec30fdc3656d2af5beb827cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d4:c6:4d:e4:48:2e:2f:2e:09:fd:84:67:47:
                    d2:12:0f:76:9c:be:ba:2c:b0:d0:64:9e:75:dc:c8:
                    43:84:98:de:fa:11:f3:4c:86:40:c6:dc:45:f9:9e:
                    cc:3a:db:78:ef:8a:af:61:a2:6b:76:55:72:e9:64:
                    99:94:4c:6b:cf:e3:96:c1:23:8b:ef:87:14:8e:85:
                    ad:e9:97:ea:6c:75:e4:73:10:14:0d:9c:c6:2e:ab:
                    9b:5c:05:57:7f:62:89:cf:76:e4:fd:15:31:81:a7:
                    ae:ec:12:e3:3e:4a:b6:10:fd:3e:f7:1e:b2:b3:34:
                    41:7a:a0:a7:52:a2:ad:d9:1a:2b:3c:92:b2:af:22:
                    93:f5:e6:82:53:08:fa:5b:e2:15:06:f6:d5:55:9c:
                    5a:de:5a:e5:7a:6d:25:32:f7:34:b5:5e:74:ce:01:
                    3d:40:e9:4c:01:bc:af:7f:57:1c:6d:54:35:ee:ce:
                    f4:ea:b6:f0:d9:df:72:bb:8b:4d:24:30:c5:ff:66:
                    99:69:36:ea:76:3d:0c:6a:1e:62:16:b3:7f:6a:4b:
                    75:f7:2f:7e:07:70:8f:4f:ad:a7:73:dc:db:22:e2:
                    ff:0f:35:9a:5d:a6:d6:a4:51:21:38:9f:65:f6:79:
                    3c:f3:b8:e9:8a:ef:d1:41:42:f3:3b:a0:1b:f2:38:
                    22:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:18:A6:27:FC:53:23:7C:EC:30:FD:C3:65:6D:2A:F5:BE:B8:27:CB
            X509v3 Authority Key Identifier:
                keyid:D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/qBimJ_xTI3zsMP3DZW0q9b64J8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:a2:d2:7c:3e:81:46:6e:15:ed:09:e1:db:f4:dd:6f:cd:c7:
         6d:01:a4:10:be:8d:3c:c7:a4:d6:bc:57:a3:10:5b:7e:34:14:
         12:53:ec:76:0a:3a:4e:ee:46:ac:e5:ce:9c:dc:36:d0:48:5c:
         c0:92:f2:5b:78:f1:5e:d4:e4:ad:d1:27:69:e4:45:ef:10:a9:
         9a:69:ac:c9:ef:43:4b:71:87:e0:8a:10:14:bc:ef:e2:73:3f:
         5b:26:ad:50:9a:04:4b:12:7d:83:40:18:23:e1:df:db:17:9e:
         71:a0:2e:bd:ac:bf:1b:84:ba:50:9d:18:a5:fd:3e:18:1b:8f:
         e6:15:e7:27:0f:f3:e2:9c:f0:51:48:d1:f3:79:9a:1c:20:c2:
         da:c6:a8:f4:dc:55:cd:6b:90:16:10:61:d4:18:f0:13:01:ff:
         6a:b1:0f:cf:2a:16:f8:81:0e:8f:e9:09:86:a6:7a:6b:55:b2:
         c5:08:1b:cb:f7:78:19:49:d8:25:b0:96:60:37:16:ad:75:c1:
         5d:7b:01:58:7d:b9:31:8a:3d:a8:f7:56:8b:ad:1f:41:7f:fa:
         e8:af:9d:e8:11:e9:66:09:c7:89:f1:a5:b8:24:8b:05:ef:51:
         80:37:44:65:c8:5a:15:1c:83:ea:20:3f:d1:bc:df:d2:54:b8:
         bf:ef:56:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUxRmzDt/CxBf/r+rBNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZDFjZDQ3YTUzZWY1N2ViYjU2N2JjODgyYWQyOTg2ZmFh
YzVmMGQwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE4YTYyN2ZjNTMyMzdjZWMzMGZkYzM2NTZkMmFmNWJlYjgyN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdTGTeRILi8uCf2EZ0fSEg92nL66
LLDQZJ513MhDhJje+hHzTIZAxtxF+Z7MOtt474qvYaJrdlVy6WSZlExrz+OWwSOL
74cUjoWt6ZfqbHXkcxAUDZzGLqubXAVXf2KJz3bk/RUxgaeu7BLjPkq2EP0+9x6y
szRBeqCnUqKt2RorPJKyryKT9eaCUwj6W+IVBvbVVZxa3lrlem0lMvc0tV50zgE9
QOlMAbyvf1ccbVQ17s706rbw2d9yu4tNJDDF/2aZaTbqdj0Mah5iFrN/akt19y9+
B3CPT62nc9zbIuL/DzWaXabWpFEhOJ9l9nk887jpiu/RQULzO6Ab8jgiZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgYpif8UyN87DD9w2VtKvW+uCfLMB8GA1UdIwQY
MBaAFNXRzUelPvV+u1Z7yIKtKYb6rF8NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYt
ZjRkMDcxZjUwZjFkLzEvcUJpbUpfeFRJM3pzTVAzRFpXMHE5YjY0SjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYtZjRkMDcxZjUwZjFk
LzEvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvaMA0G
CSqGSIb3DQEBCwUAA4IBAQBWotJ8PoFGbhXtCeHb9N1vzcdtAaQQvo08x6TWvFej
EFt+NBQSU+x2CjpO7kas5c6c3DbQSFzAkvJbePFe1OSt0Sdp5EXvEKmaaazJ70NL
cYfgihAUvO/icz9bJq1QmgRLEn2DQBgj4d/bF55xoC69rL8bhLpQnRil/T4YG4/m
FecnD/PinPBRSNHzeZocIMLaxqj03FXNa5AWEGHUGPATAf9qsQ/PKhb4gQ6P6QmG
pnprVbLFCBvL93gZSdglsJZgNxatdcFdewFYfbkxij2o91aLrR9Bf/ror53oEelm
CceJ8aW4JIsF71GAN0RlyFoVHIPqID/RvN/SVLi/71ZM
-----END CERTIFICATE-----