Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/5qaK5V00YRPAfy43tC1w9C3UYAU.roa
File:                     5qaK5V00YRPAfy43tC1w9C3UYAU.roa (raw, json)
Hash identifier:          DZgYGP7Ls9/15Ttr6E37029mFIH1k9hXrKZf/GRKwsk=
Subject key identifier:   E6:A6:8A:E5:5D:34:61:13:C0:7F:2E:37:B4:2D:70:F4:2D:D4:60:05
Certificate issuer:       /CN=d95413eb29a43d2e45fecdd88ee5396c96bf1cb5
Certificate serial:       018CC2DB43145ADBF0166E5785DAE1FCAE6D
Authority key identifier: D9:54:13:EB:29:A4:3D:2E:45:FE:CD:D8:8E:E5:39:6C:96:BF:1C:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/5qaK5V00YRPAfy43tC1w9C3UYAU.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42184
IP address blocks:        88.218.84.0/22 maxlen: 22
                          185.72.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:43:14:5a:db:f0:16:6e:57:85:da:e1:fc:ae:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d95413eb29a43d2e45fecdd88ee5396c96bf1cb5
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6a68ae55d346113c07f2e37b42d70f42dd46005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d3:e0:c5:63:ce:d9:a8:73:82:d4:e9:b3:d3:
                    ce:45:a0:fa:11:5e:69:13:ee:42:c3:82:d6:5e:5a:
                    7c:1b:d5:3b:0c:fe:53:0b:5d:02:b6:cc:75:0f:73:
                    cb:02:7c:16:ab:af:14:b1:8d:6a:97:ff:92:3c:82:
                    03:72:42:4b:4d:d8:ea:06:06:30:7e:86:6c:12:4e:
                    ea:00:5c:14:3f:2e:e6:91:9b:ee:72:f4:d2:93:57:
                    65:98:4b:c6:4b:8a:1b:d0:d2:8c:1f:05:d6:84:b6:
                    10:8f:78:5e:8a:b8:58:1b:f0:8a:bd:ae:ab:86:86:
                    14:90:5c:6d:96:89:9c:66:c0:33:f9:5d:73:08:e9:
                    da:79:51:a8:0f:0a:f1:34:e5:47:21:85:92:8f:5b:
                    9b:06:c9:f9:91:c3:f1:df:c8:17:b3:17:0a:2e:29:
                    5e:74:42:af:1a:a0:65:41:e7:2c:cf:96:1a:85:32:
                    40:4c:53:62:80:2f:98:ed:ac:f2:02:c6:02:d8:04:
                    c2:3f:2c:55:91:42:c9:10:85:66:fe:44:67:9b:5d:
                    5b:e4:ec:f1:6d:93:ea:26:e4:fc:a0:2f:aa:18:90:
                    22:90:b4:26:90:7e:c4:7d:34:c1:84:e6:0a:57:0b:
                    2d:b7:fc:d6:31:6c:6a:b6:06:39:13:d7:33:c6:6d:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A6:8A:E5:5D:34:61:13:C0:7F:2E:37:B4:2D:70:F4:2D:D4:60:05
            X509v3 Authority Key Identifier:
                keyid:D9:54:13:EB:29:A4:3D:2E:45:FE:CD:D8:8E:E5:39:6C:96:BF:1C:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2VQT6ymkPS5F_s3YjuU5bJa_HLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/5qaK5V00YRPAfy43tC1w9C3UYAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f19c9e-c541-4363-b25b-a806163ec294/1/2VQT6ymkPS5F_s3YjuU5bJa_HLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.84.0/22
                  185.72.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:e4:11:92:89:17:cf:8f:42:a2:09:4d:9f:f7:7a:e9:8a:27:
         1c:59:a9:b3:41:f7:d5:32:3c:b5:2a:c5:d9:cc:67:64:22:a5:
         9c:9f:90:6c:10:6e:61:21:ba:0d:1d:49:5d:56:e2:62:09:aa:
         8e:15:89:61:c0:b3:22:8c:c4:10:64:7f:28:62:34:b5:f2:6f:
         e4:0c:86:f4:59:75:59:50:aa:2b:a3:98:1c:c6:5a:6c:f8:88:
         c4:4f:dc:ca:c3:06:93:82:51:a4:09:96:c1:18:45:8f:81:c7:
         d3:0d:26:e9:48:b6:4a:56:4e:97:93:7f:c8:a3:50:89:b3:c6:
         9a:6b:9e:23:87:eb:2e:d7:fc:22:43:77:90:77:d7:3d:07:e1:
         cf:4c:31:3c:ca:21:96:69:ce:a0:d2:53:2f:c3:32:a8:e5:b2:
         50:ca:2b:31:2b:4a:49:0d:53:89:a0:6e:b1:75:8d:b9:f8:8a:
         fc:61:52:5a:bf:56:33:e1:7c:ca:a1:10:6f:82:19:68:50:35:
         87:c7:ff:ab:96:03:9e:c2:e6:4a:91:29:75:79:8f:19:b6:6b:
         16:7f:b9:99:98:09:98:f2:da:67:f6:a0:37:7c:3b:e3:e1:23:
         3f:39:06:87:fd:5a:52:6d:0e:e5:32:9f:30:a3:76:50:ce:1d:
         4e:67:61:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC20MUWtvwFm5Xhdrh/K5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTQxM2ViMjlhNDNkMmU0NWZlY2RkODhlZTUzOTZjOTZi
ZjFjYjUwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE2OGFlNTVkMzQ2MTEzYzA3ZjJlMzdiNDJkNzBmNDJkZDQ2MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9PgxWPO2ahzgtTps9PORaD6EV5p
E+5Cw4LWXlp8G9U7DP5TC10Ctsx1D3PLAnwWq68UsY1ql/+SPIIDckJLTdjqBgYw
foZsEk7qAFwUPy7mkZvucvTSk1dlmEvGS4ob0NKMHwXWhLYQj3heirhYG/CKva6r
hoYUkFxtlomcZsAz+V1zCOnaeVGoDwrxNOVHIYWSj1ubBsn5kcPx38gXsxcKLile
dEKvGqBlQecsz5YahTJATFNigC+Y7azyAsYC2ATCPyxVkULJEIVm/kRnm11b5Ozx
bZPqJuT8oC+qGJAikLQmkH7EfTTBhOYKVwstt/zWMWxqtgY5E9czxm220wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOamiuVdNGETwH8uN7QtcPQt1GAFMB8GA1UdIwQY
MBaAFNlUE+sppD0uRf7N2I7lOWyWvxy1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZRVDZ5bWtQUzVGX3MzWWp1VTViSmFfSExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9mMTljOWUtYzU0MS00MzYzLWIyNWIt
YTgwNjE2M2VjMjk0LzEvNXFhSzVWMDBZUlBBZnk0M3RDMXc5QzNVWUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9mMTljOWUtYzU0MS00MzYzLWIyNWItYTgwNjE2M2VjMjk0
LzEvMlZRVDZ5bWtQUzVGX3MzWWp1VTViSmFfSExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWNpUAwQC
uUjIMA0GCSqGSIb3DQEBCwUAA4IBAQBV5BGSiRfPj0KiCU2f93rpiiccWamzQffV
Mjy1KsXZzGdkIqWcn5BsEG5hIboNHUldVuJiCaqOFYlhwLMijMQQZH8oYjS18m/k
DIb0WXVZUKoro5gcxlps+IjET9zKwwaTglGkCZbBGEWPgcfTDSbpSLZKVk6Xk3/I
o1CJs8aaa54jh+su1/wiQ3eQd9c9B+HPTDE8yiGWac6g0lMvwzKo5bJQyisxK0pJ
DVOJoG6xdY25+Ir8YVJav1Yz4XzKoRBvghloUDWHx/+rlgOewuZKkSl1eY8ZtmsW
f7mZmAmY8tpn9qA3fDvj4SM/OQaH/VpSbQ7lMp8wo3ZQzh1OZ2G2
-----END CERTIFICATE-----