Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Qj3_y2HustLh9UCOLzopGWvsTOg.roa
File:                     Qj3_y2HustLh9UCOLzopGWvsTOg.roa (raw, json)
Hash identifier:          FQ/8MZGUCx8i4nA/JiiDUcpqFF5YCEasXFrWk5861O4=
Subject key identifier:   42:3D:FF:CB:61:EE:B2:D2:E1:F5:40:8E:2F:3A:29:19:6B:EC:4C:E8
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7944EFF701874409875FBFD0B5C0E74
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Qj3_y2HustLh9UCOLzopGWvsTOg.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5822
IP address blocks:        85.185.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4e:ff:70:18:74:40:98:75:fb:fd:0b:5c:0e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=423dffcb61eeb2d2e1f5408e2f3a29196bec4ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5d:ff:4e:9a:11:8f:fe:5c:76:95:2d:2e:39:
                    9b:dd:d5:12:0d:87:2b:91:9b:2e:34:6f:f4:5f:f1:
                    01:2a:3c:49:a0:6a:42:cd:92:09:5f:96:fc:5e:34:
                    c7:1c:11:cd:95:e5:ca:d1:1c:f8:6b:0e:9a:8d:d9:
                    8a:14:9a:15:48:22:97:08:3f:a2:92:37:aa:12:a9:
                    0d:98:b1:6e:61:c5:ab:5c:9b:f4:43:af:bb:39:9c:
                    bc:c6:d7:cb:f7:68:f9:9d:89:e2:79:80:07:40:64:
                    66:66:c7:e5:8c:e0:a3:97:f9:cd:b2:26:5e:bb:23:
                    5c:0b:8b:46:59:ee:4d:c1:4f:4a:b4:d3:70:77:e4:
                    47:91:20:a2:81:a2:a4:16:65:5a:ad:a1:58:38:99:
                    cf:b8:c1:46:95:b6:7a:be:bf:c2:03:a5:3c:3a:39:
                    1e:db:db:1f:d3:28:94:f3:94:17:33:2a:c4:1e:23:
                    6a:64:a9:5b:84:10:37:6c:e4:42:2d:41:ed:dd:81:
                    3c:60:ae:08:5e:62:d2:88:1c:93:aa:c0:3b:fd:43:
                    cc:f0:ff:00:e4:6b:19:0a:46:61:4a:76:5e:ab:40:
                    a0:9e:92:a1:71:58:69:5b:de:64:2d:8c:17:10:38:
                    1b:86:8e:68:fa:7a:4e:54:6f:d3:fe:22:3a:d1:17:
                    e8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3D:FF:CB:61:EE:B2:D2:E1:F5:40:8E:2F:3A:29:19:6B:EC:4C:E8
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Qj3_y2HustLh9UCOLzopGWvsTOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.185.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:7c:2a:b2:b5:58:09:b5:26:34:63:b0:6f:cf:48:35:63:61:
         6e:96:66:85:0c:c7:1b:c9:18:49:ea:00:d1:3f:36:cd:53:f1:
         44:50:3d:c1:e4:93:de:79:03:a7:b6:ea:0c:8c:c0:4e:de:91:
         f0:23:e5:f2:a8:90:95:8b:b0:d5:1e:e7:57:76:b2:25:98:3f:
         75:11:d8:48:c1:88:62:f9:19:d1:09:33:3e:56:a8:84:9a:09:
         50:dc:26:26:71:af:e4:cc:2f:29:03:0e:bd:91:3a:49:83:5a:
         28:40:0d:b4:87:a6:4d:fa:26:13:28:07:51:53:99:47:44:65:
         7f:c1:b4:31:d6:f3:61:dd:22:e3:56:78:c5:57:1d:07:86:2e:
         d6:0b:18:5a:8b:d0:7f:98:d8:06:68:2a:fc:59:68:4f:b7:b5:
         6c:0e:ae:d1:42:a8:3b:da:48:15:b5:80:4e:5d:f5:55:1b:f6:
         38:63:d2:d5:7a:95:3b:93:d9:b9:3e:80:e8:dd:2d:72:57:e0:
         00:42:38:e0:d0:24:2d:62:96:56:c2:9e:b3:ff:11:3e:0f:26:
         b5:ab:9d:bd:ff:cf:b8:4b:f8:92:7c:5c:98:2d:7d:1d:65:df:
         6e:96:3b:17:7e:15:ae:e5:01:50:d7:ea:9a:0a:bf:67:3b:f9:
         57:61:93:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlE7/cBh0QJh1+/0LXA50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjNkZmZjYjYxZWViMmQyZTFmNTQwOGUyZjNhMjkxOTZiZWM0Y2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp13/TpoRj/5cdpUtLjmb3dUSDYcr
kZsuNG/0X/EBKjxJoGpCzZIJX5b8XjTHHBHNleXK0Rz4aw6ajdmKFJoVSCKXCD+i
kjeqEqkNmLFuYcWrXJv0Q6+7OZy8xtfL92j5nYnieYAHQGRmZsfljOCjl/nNsiZe
uyNcC4tGWe5NwU9KtNNwd+RHkSCigaKkFmVaraFYOJnPuMFGlbZ6vr/CA6U8Ojke
29sf0yiU85QXMyrEHiNqZKlbhBA3bORCLUHt3YE8YK4IXmLSiByTqsA7/UPM8P8A
5GsZCkZhSnZeq0CgnpKhcVhpW95kLYwXEDgbho5o+npOVG/T/iI60RfodQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI9/8th7rLS4fVAji86KRlr7EzoMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvUWozX3kySHVzdExoOVVDT0x6b3BHV3ZzVE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVbkwMA0G
CSqGSIb3DQEBCwUAA4IBAQB4fCqytVgJtSY0Y7Bvz0g1Y2FulmaFDMcbyRhJ6gDR
PzbNU/FEUD3B5JPeeQOntuoMjMBO3pHwI+XyqJCVi7DVHudXdrIlmD91EdhIwYhi
+RnRCTM+VqiEmglQ3CYmca/kzC8pAw69kTpJg1ooQA20h6ZN+iYTKAdRU5lHRGV/
wbQx1vNh3SLjVnjFVx0Hhi7WCxhai9B/mNgGaCr8WWhPt7VsDq7RQqg72kgVtYBO
XfVVG/Y4Y9LVepU7k9m5PoDo3S1yV+AAQjjg0CQtYpZWwp6z/xE+Dya1q529/8+4
S/iSfFyYLX0dZd9uljsXfhWu5QFQ1+qaCr9nO/lXYZMm
-----END CERTIFICATE-----