Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/Uq1BLdY_T6UaGJVb-MVOZ_hNgK8.roa
File:                     Uq1BLdY_T6UaGJVb-MVOZ_hNgK8.roa (raw, json)
Hash identifier:          3G1iYdJHLTwYZBzBEeSuO8Nm49IMTpecEy9u7o58DzU=
Subject key identifier:   52:AD:41:2D:D6:3F:4F:A5:1A:18:95:5B:F8:C5:4E:67:F8:4D:80:AF
Certificate issuer:       /CN=aa7b6137f5af3c22c85a1908d40b2941ee2c06f4
Certificate serial:       018CC9BCD0EC10B2AB49F782AE2057E2EB62
Authority key identifier: AA:7B:61:37:F5:AF:3C:22:C8:5A:19:08:D4:0B:29:41:EE:2C:06:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/Uq1BLdY_T6UaGJVb-MVOZ_hNgK8.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39704
IP address blocks:        185.168.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d0:ec:10:b2:ab:49:f7:82:ae:20:57:e2:eb:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa7b6137f5af3c22c85a1908d40b2941ee2c06f4
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52ad412dd63f4fa51a18955bf8c54e67f84d80af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c2:16:e7:c3:7e:d5:b1:a8:7c:0d:db:b5:45:
                    4a:b0:ac:92:25:83:a2:1a:b4:17:10:9b:39:2a:6a:
                    21:c9:60:8e:74:1e:bd:4f:c4:66:f2:fb:58:b4:08:
                    a2:c9:34:0b:e2:16:f8:8e:c7:6d:b3:cf:dd:91:0e:
                    b7:ae:12:ff:a7:51:31:8c:c3:2b:b7:85:61:c8:0c:
                    03:4d:7d:b2:ba:52:2e:be:8f:61:aa:5c:f3:25:ab:
                    b3:36:51:b6:84:04:2a:09:eb:5d:21:3a:9a:0d:92:
                    fb:3e:0d:55:d4:ba:f3:82:2d:b6:8a:b4:65:7c:36:
                    99:0d:be:06:ff:cb:c1:60:04:97:27:b3:50:47:aa:
                    41:d4:25:de:9a:b5:71:ea:91:01:05:8f:ab:d3:16:
                    62:ea:27:32:90:7b:f3:bc:e9:52:8e:6d:81:38:0a:
                    4a:98:1f:fe:7c:0c:28:11:af:99:6b:9e:a0:e5:78:
                    ee:32:d6:e3:38:9c:a9:12:65:c6:2f:77:0d:22:ca:
                    75:8e:32:ef:2a:e2:cc:81:90:61:05:3e:09:2a:56:
                    d5:5e:7d:3b:93:42:c4:eb:64:cc:21:3b:30:2f:48:
                    61:95:53:cc:fc:6b:41:cb:b2:8e:d5:62:e0:13:8d:
                    9f:4f:87:13:49:16:38:85:9e:f1:e7:3e:1a:0b:5c:
                    2f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AD:41:2D:D6:3F:4F:A5:1A:18:95:5B:F8:C5:4E:67:F8:4D:80:AF
            X509v3 Authority Key Identifier:
                keyid:AA:7B:61:37:F5:AF:3C:22:C8:5A:19:08:D4:0B:29:41:EE:2C:06:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/Uq1BLdY_T6UaGJVb-MVOZ_hNgK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:be:d0:c9:2f:49:bf:66:69:ff:87:c0:43:f9:ce:49:f2:c4:
         f6:45:d2:6e:12:9d:d4:29:c3:a0:91:8d:c3:8a:c5:32:18:64:
         ac:4b:e6:59:2c:ae:a3:89:54:d7:31:79:c9:58:4e:f6:8b:4e:
         a4:05:37:a1:c8:48:b4:b6:34:5c:1c:77:1f:22:f7:18:2c:b4:
         80:62:10:de:f2:50:88:18:5b:a8:f1:90:b9:96:3e:5d:ec:2e:
         a3:b0:05:41:6e:e8:64:cf:b4:d2:90:7f:7d:ed:0f:65:b1:e3:
         c6:b1:61:f9:dd:bb:78:54:b6:a8:1a:7e:42:19:34:ee:0b:ca:
         7c:33:fd:02:51:8d:d8:cf:9d:cc:d1:73:ce:3a:03:ad:51:31:
         df:cf:06:8d:f7:fc:34:64:f5:70:c9:bb:da:96:a9:03:ff:94:
         63:0c:77:f5:17:c5:3d:7b:62:e6:eb:a0:dc:1a:e6:99:c9:24:
         fa:8e:66:1e:c8:cd:b0:8e:76:5f:bc:b2:60:d5:f8:11:17:46:
         94:79:46:d2:a7:36:b1:de:c8:3f:0d:a2:be:ee:c9:91:ed:04:
         a7:b0:0e:d8:24:58:23:35:14:c9:e7:b2:3b:f1:e7:ea:5e:76:
         c9:43:21:bc:7d:10:db:74:0a:88:e6:9a:44:36:2f:fa:76:09:
         05:71:7a:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNDsELKrSfeCriBX4utiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhN2I2MTM3ZjVhZjNjMjJjODVhMTkwOGQ0MGIyOTQxZWUy
YzA2ZjQwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmFkNDEyZGQ2M2Y0ZmE1MWExODk1NWJmOGM1NGU2N2Y4NGQ4MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsIW58N+1bGofA3btUVKsKySJYOi
GrQXEJs5KmohyWCOdB69T8Rm8vtYtAiiyTQL4hb4jsdts8/dkQ63rhL/p1ExjMMr
t4VhyAwDTX2yulIuvo9hqlzzJauzNlG2hAQqCetdITqaDZL7Pg1V1Lrzgi22irRl
fDaZDb4G/8vBYASXJ7NQR6pB1CXemrVx6pEBBY+r0xZi6icykHvzvOlSjm2BOApK
mB/+fAwoEa+Za56g5XjuMtbjOJypEmXGL3cNIsp1jjLvKuLMgZBhBT4JKlbVXn07
k0LE62TMITswL0hhlVPM/GtBy7KO1WLgE42fT4cTSRY4hZ7x5z4aC1wvVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKtQS3WP0+lGhiVW/jFTmf4TYCvMB8GA1UdIwQY
MBaAFKp7YTf1rzwiyFoZCNQLKUHuLAb0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW50aE5fV3ZQQ0xJV2hrSTFBc3BRZTRzQnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81ZTA2ZmEtMzdmOS00YTFjLTgxMWEt
ZDZhMzA1Y2JmNDZjLzEvVXExQkxkWV9UNlVhR0pWYi1NVk9aX2hOZ0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81ZTA2ZmEtMzdmOS00YTFjLTgxMWEtZDZhMzA1Y2JmNDZj
LzEvcW50aE5fV3ZQQ0xJV2hrSTFBc3BRZTRzQnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagEMA0G
CSqGSIb3DQEBCwUAA4IBAQCOvtDJL0m/Zmn/h8BD+c5J8sT2RdJuEp3UKcOgkY3D
isUyGGSsS+ZZLK6jiVTXMXnJWE72i06kBTehyEi0tjRcHHcfIvcYLLSAYhDe8lCI
GFuo8ZC5lj5d7C6jsAVBbuhkz7TSkH997Q9lsePGsWH53bt4VLaoGn5CGTTuC8p8
M/0CUY3Yz53M0XPOOgOtUTHfzwaN9/w0ZPVwybvalqkD/5RjDHf1F8U9e2Lm66Dc
GuaZyST6jmYeyM2wjnZfvLJg1fgRF0aUeUbSpzax3sg/DaK+7smR7QSnsA7YJFgj
NRTJ57I78efqXnbJQyG8fRDbdAqI5ppENi/6dgkFcXo/
-----END CERTIFICATE-----