Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/7eyQavg6f8qdqJunMZm8O-4dNSQ.roa
File:                     7eyQavg6f8qdqJunMZm8O-4dNSQ.roa (raw, json)
Hash identifier:          a9OVhPZqmLBicHCt2z4aNngTTRLfFCMR6cb7/Jpfi4c=
Subject key identifier:   ED:EC:90:6A:F8:3A:7F:CA:9D:A8:9B:A7:31:99:BC:3B:EE:1D:35:24
Certificate issuer:       /CN=62c4c743d5c2afcf27f104eb6e0316116c85c7de
Certificate serial:       018F53C036018F1BBC47A824B665FDACFE59
Authority key identifier: 62:C4:C7:43:D5:C2:AF:CF:27:F1:04:EB:6E:03:16:11:6C:85:C7:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YsTHQ9XCr88n8QTrbgMWEWyFx94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/7eyQavg6f8qdqJunMZm8O-4dNSQ.roa
Signing time:             Tue 07 May 2024 15:50:56 +0000
ROA not before:           Tue 07 May 2024 15:50:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60475
IP address blocks:        5.178.120.0/21 maxlen: 21
                          185.235.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/YsTHQ9XCr88n8QTrbgMWEWyFx94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/YsTHQ9XCr88n8QTrbgMWEWyFx94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YsTHQ9XCr88n8QTrbgMWEWyFx94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:c0:36:01:8f:1b:bc:47:a8:24:b6:65:fd:ac:fe:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62c4c743d5c2afcf27f104eb6e0316116c85c7de
        Validity
            Not Before: May  7 15:50:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edec906af83a7fca9da89ba73199bc3bee1d3524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:66:4d:23:c7:f4:30:84:79:12:bc:13:d0:ca:
                    47:16:36:bf:a0:4a:ff:a2:a1:ba:61:a2:77:14:fd:
                    11:d9:25:8c:76:9c:f0:1a:69:c7:c7:ce:32:86:c5:
                    04:e2:24:d3:c5:e4:ea:be:91:3d:57:db:65:b9:2f:
                    57:43:a3:01:46:35:e0:ed:1d:bb:9e:ca:fa:f3:32:
                    9d:59:c7:ce:ff:f6:ee:23:d4:51:0e:55:97:49:ec:
                    46:29:d0:31:b2:68:01:9c:79:2a:6d:e2:9a:31:54:
                    b5:64:73:be:ee:6b:7d:f4:d1:30:dd:05:6a:41:ce:
                    6c:0b:f0:76:58:d0:0f:5d:85:2a:2f:4a:f0:e7:b5:
                    51:a4:ef:8c:b1:cd:18:a5:87:51:2c:82:ea:27:b4:
                    f0:e2:57:80:1f:2d:d9:a3:99:10:8b:0e:65:98:31:
                    8d:3c:53:dd:4e:0c:8d:8c:24:e4:a5:ce:ec:f4:2f:
                    b9:2e:51:41:7f:c2:82:d3:31:eb:91:63:46:e1:84:
                    ee:ac:bb:c7:43:0d:72:d2:b7:7e:02:97:46:f1:5b:
                    56:d4:7e:b5:fe:c1:2c:7d:6c:ab:f0:c9:d3:10:ea:
                    ca:9d:25:8e:ef:a2:1a:ce:9a:ab:18:ef:fa:a8:24:
                    a1:5d:f3:49:2e:47:6a:9b:18:18:af:ed:94:e9:68:
                    3c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:EC:90:6A:F8:3A:7F:CA:9D:A8:9B:A7:31:99:BC:3B:EE:1D:35:24
            X509v3 Authority Key Identifier:
                keyid:62:C4:C7:43:D5:C2:AF:CF:27:F1:04:EB:6E:03:16:11:6C:85:C7:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsTHQ9XCr88n8QTrbgMWEWyFx94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/7eyQavg6f8qdqJunMZm8O-4dNSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/728c40-f712-4fef-8945-de352a92f6ba/1/YsTHQ9XCr88n8QTrbgMWEWyFx94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.120.0/21
                  185.235.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:4c:13:b5:34:2b:0e:61:d4:78:42:39:c5:7c:72:5e:91:39:
         94:85:84:de:33:57:e0:dc:e6:e9:3d:d6:cc:22:d6:69:95:5e:
         84:ce:a8:b9:53:4e:c2:15:7b:b3:30:06:ce:36:c0:4a:a7:ec:
         e9:17:10:38:93:8e:80:09:da:6b:a6:cd:d1:7b:d4:45:66:bc:
         39:0e:95:0e:a7:6f:79:a2:b5:e2:77:2a:da:a2:1f:53:d8:01:
         f8:27:69:0e:c7:da:07:35:16:f3:a5:90:91:fd:ca:ff:03:92:
         12:c6:ba:83:b8:b8:05:db:80:55:c7:ce:c0:1f:27:b6:75:45:
         ce:a1:b9:b7:21:26:c7:7e:0a:6a:fe:75:ff:a6:61:c8:18:56:
         f1:5b:89:5c:1e:9e:69:28:18:31:5c:cf:a0:13:8a:55:2b:3a:
         15:2c:ae:aa:92:0b:d0:10:9f:d8:8c:c8:df:02:06:c6:c2:54:
         3b:0a:02:04:8e:75:93:61:13:5e:c9:aa:99:a1:22:7c:a7:4b:
         76:51:ee:f6:32:cc:92:cc:17:e7:a4:9f:cc:42:6b:c3:4e:ad:
         c8:78:a3:dd:3f:2c:64:fa:fe:78:77:0c:9c:58:6c:0a:79:14:
         62:1e:47:dd:5e:d2:07:e2:a8:aa:a0:d4:83:b5:2b:59:4f:f5:
         36:5e:0d:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9TwDYBjxu8R6gktmX9rP5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzRjNzQzZDVjMmFmY2YyN2YxMDRlYjZlMDMxNjExNmM4
NWM3ZGUwHhcNMjQwNTA3MTU1MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGVjOTA2YWY4M2E3ZmNhOWRhODliYTczMTk5YmMzYmVlMWQzNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGZNI8f0MIR5ErwT0MpHFja/oEr/
oqG6YaJ3FP0R2SWMdpzwGmnHx84yhsUE4iTTxeTqvpE9V9tluS9XQ6MBRjXg7R27
nsr68zKdWcfO//buI9RRDlWXSexGKdAxsmgBnHkqbeKaMVS1ZHO+7mt99NEw3QVq
Qc5sC/B2WNAPXYUqL0rw57VRpO+Msc0YpYdRLILqJ7Tw4leAHy3Zo5kQiw5lmDGN
PFPdTgyNjCTkpc7s9C+5LlFBf8KC0zHrkWNG4YTurLvHQw1y0rd+ApdG8VtW1H61
/sEsfWyr8MnTEOrKnSWO76IazpqrGO/6qCShXfNJLkdqmxgYr+2U6Wg8ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO3skGr4On/KnaibpzGZvDvuHTUkMB8GA1UdIwQY
MBaAFGLEx0PVwq/PJ/EE624DFhFshcfeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNUSFE5WENyODhuOFFUcmJnTVdFV3lGeDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My83MjhjNDAtZjcxMi00ZmVmLTg5NDUt
ZGUzNTJhOTJmNmJhLzEvN2V5UWF2ZzZmOHFkcUp1bk1abThPLTRkTlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My83MjhjNDAtZjcxMi00ZmVmLTg5NDUtZGUzNTJhOTJmNmJh
LzEvWXNUSFE5WENyODhuOFFUcmJnTVdFV3lGeDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBbJ4AwQC
uesUMA0GCSqGSIb3DQEBCwUAA4IBAQC3TBO1NCsOYdR4QjnFfHJekTmUhYTeM1fg
3ObpPdbMItZplV6Ezqi5U07CFXuzMAbONsBKp+zpFxA4k46ACdprps3Re9RFZrw5
DpUOp295orXidyraoh9T2AH4J2kOx9oHNRbzpZCR/cr/A5ISxrqDuLgF24BVx87A
Hye2dUXOobm3ISbHfgpq/nX/pmHIGFbxW4lcHp5pKBgxXM+gE4pVKzoVLK6qkgvQ
EJ/YjMjfAgbGwlQ7CgIEjnWTYRNeyaqZoSJ8p0t2Ue72MsySzBfnpJ/MQmvDTq3I
eKPdPyxk+v54dwycWGwKeRRiHkfdXtIH4qiqoNSDtStZT/U2Xg1R
-----END CERTIFICATE-----