Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/qQ752WHgphU1_D2adYNf_WSH-IU.roa
File:                     qQ752WHgphU1_D2adYNf_WSH-IU.roa (raw, json)
Hash identifier:          e0GEiNM9NV+Uvpqj7IDnpt3K8BjOYSEWp4h37Xz7qiI=
Subject key identifier:   A9:0E:F9:D9:61:E0:A6:15:35:FC:3D:9A:75:83:5F:FD:64:87:F8:85
Certificate issuer:       /CN=59785a21e2d07c68ff317558c69ef118cc75805a
Certificate serial:       018CC50036511C5EEF3D52084BAB7E7D570E
Authority key identifier: 59:78:5A:21:E2:D0:7C:68:FF:31:75:58:C6:9E:F1:18:CC:75:80:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXhaIeLQfGj_MXVYxp7xGMx1gFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/qQ752WHgphU1_D2adYNf_WSH-IU.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25206
IP address blocks:        83.97.64.0/21 maxlen: 24
                          84.201.192.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/WXhaIeLQfGj_MXVYxp7xGMx1gFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/WXhaIeLQfGj_MXVYxp7xGMx1gFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXhaIeLQfGj_MXVYxp7xGMx1gFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:36:51:1c:5e:ef:3d:52:08:4b:ab:7e:7d:57:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59785a21e2d07c68ff317558c69ef118cc75805a
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a90ef9d961e0a61535fc3d9a75835ffd6487f885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:17:b0:72:de:bd:87:98:57:0d:d2:cc:20:d0:
                    01:ad:09:be:82:f0:68:99:30:47:98:06:63:7c:9a:
                    66:5c:97:3e:86:fc:5d:00:a9:3c:9f:ec:90:24:29:
                    2a:c9:cc:20:bc:7f:2b:03:3b:06:dc:d0:f4:0d:82:
                    89:32:ce:86:11:cf:e2:5b:0f:3f:77:a7:b5:ca:fb:
                    84:0d:5e:6d:66:80:c6:9e:1a:7c:a9:c3:49:87:29:
                    c0:20:50:ee:81:74:d4:ed:51:d7:11:85:81:7b:73:
                    54:ab:24:8a:56:6e:c5:35:37:99:cf:a9:83:90:94:
                    06:8c:85:f6:de:5f:b4:4b:bc:78:c8:f7:26:2b:d1:
                    c2:13:9f:05:6a:2d:bb:ee:ee:1e:61:ca:56:87:6f:
                    9e:10:56:d6:86:86:cb:23:c7:db:23:a7:30:36:3f:
                    99:73:93:d7:ca:88:7f:48:92:b6:3f:3b:98:bb:25:
                    83:90:97:36:cc:ef:8d:e2:3d:3a:46:a9:a0:a1:73:
                    c3:2b:3b:34:1d:fd:6b:00:aa:7a:35:84:cc:58:2b:
                    7c:e2:e4:80:2c:5f:76:93:3a:9f:63:9f:1b:cd:42:
                    55:d1:b3:27:b8:81:99:5a:59:8e:cf:5c:4d:62:c7:
                    5c:06:6c:f9:aa:d8:02:27:71:c5:c6:3b:05:24:f8:
                    1b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0E:F9:D9:61:E0:A6:15:35:FC:3D:9A:75:83:5F:FD:64:87:F8:85
            X509v3 Authority Key Identifier:
                keyid:59:78:5A:21:E2:D0:7C:68:FF:31:75:58:C6:9E:F1:18:CC:75:80:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXhaIeLQfGj_MXVYxp7xGMx1gFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/qQ752WHgphU1_D2adYNf_WSH-IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e3267b-f780-4187-8057-75f4fca86ae4/1/WXhaIeLQfGj_MXVYxp7xGMx1gFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.64.0/21
                  84.201.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5d:6f:8d:ca:1d:fa:de:1b:22:2c:a3:3e:8e:f7:a1:c4:61:09:
         37:68:a0:ba:91:ea:7b:36:51:88:6d:03:69:c1:3c:8b:08:9b:
         70:1e:27:08:a9:8d:37:04:12:ee:12:01:7c:a3:c7:be:0f:07:
         11:2a:78:87:24:eb:aa:b1:94:64:3d:65:4d:06:4d:a2:8c:35:
         a6:3d:fb:5a:ff:4a:27:e0:cb:11:1a:1d:29:8a:c5:fa:2d:62:
         39:76:cd:55:22:05:75:8a:46:e9:2e:0f:09:07:47:81:67:10:
         0a:2e:66:5c:c1:92:cd:89:21:64:3e:ff:75:ad:54:85:d3:1c:
         11:3a:25:b1:f7:c9:d3:52:d2:85:53:4b:52:90:74:6c:6b:38:
         ab:5f:bb:d1:3b:9d:26:5c:0b:99:96:39:22:60:ec:ff:cc:22:
         0b:67:8f:70:ce:4e:f7:13:c5:cc:96:5a:ea:dc:d7:66:67:e8:
         de:49:43:a9:72:64:cb:3b:a6:af:a8:e1:28:47:6f:fe:80:1d:
         d5:0a:a7:54:1a:d9:37:bd:e8:50:60:b9:b4:5e:17:6d:9d:19:
         3e:79:e5:ba:ea:17:33:34:c0:f7:4f:ea:1d:38:89:01:0b:41:
         06:18:5f:68:12:21:64:4d:6c:d9:ed:30:ad:44:b1:c9:25:75:
         1f:82:c1:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFADZRHF7vPVIIS6t+fVcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Nzg1YTIxZTJkMDdjNjhmZjMxNzU1OGM2OWVmMTE4Y2M3
NTgwNWEwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTBlZjlkOTYxZTBhNjE1MzVmYzNkOWE3NTgzNWZmZDY0ODdmODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBewct69h5hXDdLMINABrQm+gvBo
mTBHmAZjfJpmXJc+hvxdAKk8n+yQJCkqycwgvH8rAzsG3ND0DYKJMs6GEc/iWw8/
d6e1yvuEDV5tZoDGnhp8qcNJhynAIFDugXTU7VHXEYWBe3NUqySKVm7FNTeZz6mD
kJQGjIX23l+0S7x4yPcmK9HCE58Fai277u4eYcpWh2+eEFbWhobLI8fbI6cwNj+Z
c5PXyoh/SJK2PzuYuyWDkJc2zO+N4j06RqmgoXPDKzs0Hf1rAKp6NYTMWCt84uSA
LF92kzqfY58bzUJV0bMnuIGZWlmOz1xNYsdcBmz5qtgCJ3HFxjsFJPgbKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKkO+dlh4KYVNfw9mnWDX/1kh/iFMB8GA1UdIwQY
MBaAFFl4WiHi0Hxo/zF1WMae8RjMdYBaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hoYUllTFFmR2pfTVhWWXhwN3hHTXgxZ0ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9lMzI2N2ItZjc4MC00MTg3LTgwNTct
NzVmNGZjYTg2YWU0LzEvcVE3NTJXSGdwaFUxX0QyYWRZTmZfV1NILUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9lMzI2N2ItZjc4MC00MTg3LTgwNTctNzVmNGZjYTg2YWU0
LzEvV1hoYUllTFFmR2pfTVhWWXhwN3hHTXgxZ0ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDU2FAAwQE
VMnAMA0GCSqGSIb3DQEBCwUAA4IBAQBdb43KHfreGyIsoz6O96HEYQk3aKC6kep7
NlGIbQNpwTyLCJtwHicIqY03BBLuEgF8o8e+DwcRKniHJOuqsZRkPWVNBk2ijDWm
Pfta/0on4MsRGh0pisX6LWI5ds1VIgV1ikbpLg8JB0eBZxAKLmZcwZLNiSFkPv91
rVSF0xwROiWx98nTUtKFU0tSkHRsazirX7vRO50mXAuZljkiYOz/zCILZ49wzk73
E8XMllrq3NdmZ+jeSUOpcmTLO6avqOEoR2/+gB3VCqdUGtk3vehQYLm0XhdtnRk+
eeW66hczNMD3T+odOIkBC0EGGF9oEiFkTWzZ7TCtRLHJJXUfgsEk
-----END CERTIFICATE-----