Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/vdaq1AuIDT5gbw_uR_axS0AEd5Q.roa
File:                     vdaq1AuIDT5gbw_uR_axS0AEd5Q.roa (raw, json)
Hash identifier:          tb0EUoBzC9EWXc32fZRZKWbfF16DCOf5eb0yf+xFNoY=
Subject key identifier:   BD:D6:AA:D4:0B:88:0D:3E:60:6F:0F:EE:47:F6:B1:4B:40:04:77:94
Certificate issuer:       /CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
Certificate serial:       018CC649A7E0E2EF5E562E1627E8922AEB70
Authority key identifier: AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/vdaq1AuIDT5gbw_uR_axS0AEd5Q.roa
Signing time:             Mon 01 Jan 2024 18:29:25 +0000
ROA not before:           Mon 01 Jan 2024 18:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        5.175.60.0/24 maxlen: 24
                          5.175.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a7:e0:e2:ef:5e:56:2e:16:27:e8:92:2a:eb:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
        Validity
            Not Before: Jan  1 18:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdd6aad40b880d3e606f0fee47f6b14b40047794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:99:bd:90:6f:0f:db:68:b2:2a:52:c6:a6:50:
                    c9:e9:d3:f4:4d:e5:9c:a7:c7:68:b4:83:04:df:44:
                    3d:79:1b:17:6f:21:64:f2:13:a6:87:41:73:bb:ca:
                    ef:1d:f7:1e:09:80:03:a5:5f:2e:7b:9c:c7:52:6b:
                    36:90:dd:b2:59:61:14:24:a1:d5:55:8d:ed:79:c2:
                    4b:d0:09:34:f9:62:8a:2d:31:b5:43:39:3e:fe:c2:
                    aa:06:ea:3e:71:67:56:f5:92:6d:50:c8:8f:7b:e8:
                    4c:fe:11:bf:f6:64:b6:0b:7c:73:3c:39:9d:2c:13:
                    27:ac:fb:6e:dc:0f:97:17:d8:97:7e:52:40:fa:ae:
                    79:19:7e:33:90:0f:db:8a:d1:17:a4:d2:85:54:80:
                    10:91:f9:07:96:9d:f5:22:2d:a7:1e:49:a0:42:06:
                    f8:24:9b:2a:45:14:6a:9c:5c:00:b1:d0:eb:ea:c3:
                    f0:4a:cf:b8:d9:11:05:04:52:f2:89:f4:c5:04:54:
                    df:c8:a2:f7:ed:9a:8a:96:dc:4b:42:3b:a7:21:2b:
                    56:7b:25:cf:b9:7b:f1:d5:cf:19:12:0a:c4:a4:df:
                    27:36:42:42:99:ae:b8:d9:58:a7:dd:4e:65:75:63:
                    be:61:b0:f9:f9:46:69:a4:5b:30:9f:91:11:76:07:
                    d6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D6:AA:D4:0B:88:0D:3E:60:6F:0F:EE:47:F6:B1:4B:40:04:77:94
            X509v3 Authority Key Identifier:
                keyid:AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/vdaq1AuIDT5gbw_uR_axS0AEd5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.60.0/24
                  5.175.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:30:1e:2b:00:f4:25:19:2e:f3:d8:97:f3:51:ff:a5:c8:6e:
         2f:97:03:e5:27:85:83:40:b0:73:1e:f1:d5:1f:04:93:43:2f:
         4e:1b:82:ee:ef:1f:41:41:6a:2f:bc:4a:d8:9b:22:10:47:c4:
         0e:f5:10:29:b7:b0:7f:1b:84:16:7d:2e:7e:33:a8:b3:66:cc:
         cd:63:6b:a0:1c:bf:fc:a1:5b:f0:6f:46:3a:23:29:25:fe:8e:
         56:6c:c3:82:e0:c2:f0:b6:7b:64:f0:5f:1c:a0:60:13:f0:63:
         1c:0a:2b:80:13:a5:e3:7d:f9:3d:d9:7e:7f:ca:47:4b:38:92:
         a1:32:dc:fd:48:b1:11:2e:28:8c:9e:9a:32:af:3c:66:bd:3d:
         0d:34:37:d6:51:2a:4f:8a:11:e2:cf:39:5f:52:a1:98:1e:d3:
         9f:2c:9d:8b:29:5e:42:00:67:7c:f4:32:fb:35:1f:59:ac:80:
         9c:2d:de:63:3b:4f:d9:42:4f:92:00:f6:c6:1f:f1:9c:da:6f:
         a1:0c:45:52:dd:7d:2a:20:67:b7:79:69:76:21:d2:e6:fe:fd:
         f5:0e:8f:11:a3:eb:9a:2a:57:92:42:c9:fa:08:53:71:ce:fe:
         49:5d:de:29:76:65:b6:72:ef:a6:84:5c:08:47:cf:fe:3a:2a:
         c5:39:2b:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSafg4u9eVi4WJ+iSKutwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTRjNDc2M2VhMDE4YzNkYzcwMjAzZDA0ZWZlNzFmZDRi
MWIwNjYwHhcNMjQwMTAxMTgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQ2YWFkNDBiODgwZDNlNjA2ZjBmZWU0N2Y2YjE0YjQwMDQ3Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJm9kG8P22iyKlLGplDJ6dP0TeWc
p8dotIME30Q9eRsXbyFk8hOmh0Fzu8rvHfceCYADpV8ue5zHUms2kN2yWWEUJKHV
VY3tecJL0Ak0+WKKLTG1Qzk+/sKqBuo+cWdW9ZJtUMiPe+hM/hG/9mS2C3xzPDmd
LBMnrPtu3A+XF9iXflJA+q55GX4zkA/bitEXpNKFVIAQkfkHlp31Ii2nHkmgQgb4
JJsqRRRqnFwAsdDr6sPwSs+42REFBFLyifTFBFTfyKL37ZqKltxLQjunIStWeyXP
uXvx1c8ZEgrEpN8nNkJCma642Vin3U5ldWO+YbD5+UZppFswn5ERdgfWsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL3WqtQLiA0+YG8P7kf2sUtABHeUMB8GA1UdIwQY
MBaAFKpUxHY+oBjD3HAgPQTv5x/UsbBmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQt
ZGUzNzY3M2M0MDljLzEvdmRhcTFBdUlEVDVnYndfdVJfYXhTMEFFZDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQtZGUzNzY3M2M0MDlj
LzEvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa88AwQA
Ba8+MA0GCSqGSIb3DQEBCwUAA4IBAQB8MB4rAPQlGS7z2JfzUf+lyG4vlwPlJ4WD
QLBzHvHVHwSTQy9OG4Lu7x9BQWovvErYmyIQR8QO9RApt7B/G4QWfS5+M6izZszN
Y2ugHL/8oVvwb0Y6Iykl/o5WbMOC4MLwtntk8F8coGAT8GMcCiuAE6Xjffk92X5/
ykdLOJKhMtz9SLERLiiMnpoyrzxmvT0NNDfWUSpPihHizzlfUqGYHtOfLJ2LKV5C
AGd89DL7NR9ZrICcLd5jO0/ZQk+SAPbGH/Gc2m+hDEVS3X0qIGe3eWl2IdLm/v31
Do8Ro+uaKleSQsn6CFNxzv5JXd4pdmW2cu+mhFwIR8/+OirFOSuC
-----END CERTIFICATE-----