Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/qthVK-JMfpDxPTfb6zFjT7cbYi8.roa
File:                     qthVK-JMfpDxPTfb6zFjT7cbYi8.roa (raw, json)
Hash identifier:          Xwp0NZByuFdXZP4JE7OBQ7WhvN6gr6Il95h9QV/NR4s=
Subject key identifier:   AA:D8:55:2B:E2:4C:7E:90:F1:3D:37:DB:EB:31:63:4F:B7:1B:62:2F
Certificate issuer:       /CN=4dbe31b6bedc51f2aa2ec0a6453f2e435e808fb5
Certificate serial:       018CC42545DA347BE09CF9ED2B2EEF2655CF
Authority key identifier: 4D:BE:31:B6:BE:DC:51:F2:AA:2E:C0:A6:45:3F:2E:43:5E:80:8F:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/qthVK-JMfpDxPTfb6zFjT7cbYi8.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.134.32.0/22 maxlen: 24
                          193.8.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:45:da:34:7b:e0:9c:f9:ed:2b:2e:ef:26:55:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dbe31b6bedc51f2aa2ec0a6453f2e435e808fb5
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aad8552be24c7e90f13d37dbeb31634fb71b622f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cf:91:4b:dd:21:55:d8:22:0c:15:35:c1:aa:
                    5e:38:f4:b9:c5:e5:a4:57:51:d6:c5:b4:49:c2:f3:
                    18:48:36:d9:f0:99:e4:1c:f7:2e:06:24:30:d4:80:
                    3a:c0:2b:ee:8b:70:7d:89:0a:79:60:24:c9:b8:06:
                    e3:03:66:fe:c3:33:49:21:9f:97:99:ae:b7:5e:04:
                    c6:e9:cf:e9:a0:54:52:6e:d6:23:5c:26:49:8a:89:
                    4f:66:ad:de:de:0e:bc:80:c4:c2:9a:92:0a:fb:dc:
                    e8:2b:22:11:7c:8a:93:90:5b:ef:d4:95:68:79:e7:
                    23:ae:2a:dc:40:c6:89:ec:4b:57:af:a4:a9:b1:4f:
                    04:f3:8f:94:aa:f7:7d:40:bd:91:4d:25:4f:e6:c0:
                    e2:cb:ea:dd:7d:1f:f4:96:5a:2e:3f:27:85:8c:74:
                    60:d3:13:cd:db:fc:80:12:36:48:da:5d:02:01:8a:
                    5a:bc:d3:7a:7e:58:fe:59:58:1d:43:52:9e:b8:38:
                    fd:8c:fd:71:45:25:b1:ea:31:db:dc:88:b3:b1:06:
                    b0:38:fb:15:c3:7f:08:2a:aa:dc:a6:81:b4:c8:bf:
                    11:14:ad:a2:97:f5:a8:6a:c3:23:95:5a:74:00:46:
                    9e:6a:84:25:4b:91:1e:32:5c:1c:88:e5:d0:91:73:
                    6c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:D8:55:2B:E2:4C:7E:90:F1:3D:37:DB:EB:31:63:4F:B7:1B:62:2F
            X509v3 Authority Key Identifier:
                keyid:4D:BE:31:B6:BE:DC:51:F2:AA:2E:C0:A6:45:3F:2E:43:5E:80:8F:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/qthVK-JMfpDxPTfb6zFjT7cbYi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.128.0/23
                  193.134.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:95:d0:a9:23:d9:be:98:c9:29:a7:62:59:ef:82:bd:88:0e:
         db:1d:68:4e:ff:5d:49:3c:1e:70:a1:02:3c:8f:0a:a1:ec:4b:
         26:2c:79:1f:53:cc:8b:f3:a0:7c:c7:83:40:57:95:90:d5:a6:
         fc:52:96:33:df:7e:69:af:05:88:1c:9e:21:fa:c5:56:3c:4e:
         03:df:4c:9e:e2:47:da:9b:f5:89:20:de:7c:52:58:d4:be:54:
         7e:78:5b:45:65:fb:3d:a5:25:a5:b5:52:cd:e9:c6:c3:3c:d2:
         44:2c:42:cb:94:25:eb:5a:e3:f7:c3:06:7f:03:6d:a3:76:19:
         78:c8:b8:2d:b3:ad:6b:2e:bd:fd:d6:25:75:b7:f6:c8:9e:36:
         92:79:f2:ba:e1:d4:be:6a:8e:a0:1b:0e:46:e1:17:02:e1:d8:
         c2:cf:b5:a0:b7:dd:2c:21:a0:d9:c9:2b:88:e7:71:32:f4:80:
         e7:fb:7b:e2:e2:48:ae:79:0e:00:32:10:b8:2e:05:f0:14:8d:
         0a:d8:eb:bc:49:89:cc:64:b8:cb:87:4f:53:e7:cf:b4:3d:59:
         7a:02:b5:c9:10:38:8d:7c:69:7b:5b:12:43:a3:f7:02:3b:a2:
         53:fd:2b:d5:17:db:43:5d:b5:28:1a:06:09:d0:16:77:01:77:
         c9:af:41:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJUXaNHvgnPntKy7vJlXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYmUzMWI2YmVkYzUxZjJhYTJlYzBhNjQ1M2YyZTQzNWU4
MDhmYjUwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWQ4NTUyYmUyNGM3ZTkwZjEzZDM3ZGJlYjMxNjM0ZmI3MWI2MjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs+RS90hVdgiDBU1wapeOPS5xeWk
V1HWxbRJwvMYSDbZ8JnkHPcuBiQw1IA6wCvui3B9iQp5YCTJuAbjA2b+wzNJIZ+X
ma63XgTG6c/poFRSbtYjXCZJiolPZq3e3g68gMTCmpIK+9zoKyIRfIqTkFvv1JVo
eecjrircQMaJ7EtXr6SpsU8E84+Uqvd9QL2RTSVP5sDiy+rdfR/0llouPyeFjHRg
0xPN2/yAEjZI2l0CAYpavNN6flj+WVgdQ1KeuDj9jP1xRSWx6jHb3IizsQawOPsV
w38IKqrcpoG0yL8RFK2il/WoasMjlVp0AEaeaoQlS5EeMlwciOXQkXNsLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKrYVSviTH6Q8T032+sxY0+3G2IvMB8GA1UdIwQY
MBaAFE2+Mba+3FHyqi7ApkU/LkNegI+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGI0eHRyN2NVZktxTHNDbVJUOHVRMTZBajdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xZDI3ODgtZGE0MC00MzFhLTk3ZDAt
ZmJkNDZkOWNhMzcyLzEvcXRoVkstSk1mcER4UFRmYjZ6RmpUN2NiWWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xZDI3ODgtZGE0MC00MzFhLTk3ZDAtZmJkNDZkOWNhMzcy
LzEvVGI0eHRyN2NVZktxTHNDbVJUOHVRMTZBajdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwQiAAwQC
wYYgMA0GCSqGSIb3DQEBCwUAA4IBAQCpldCpI9m+mMkpp2JZ74K9iA7bHWhO/11J
PB5woQI8jwqh7EsmLHkfU8yL86B8x4NAV5WQ1ab8UpYz335prwWIHJ4h+sVWPE4D
30ye4kfam/WJIN58UljUvlR+eFtFZfs9pSWltVLN6cbDPNJELELLlCXrWuP3wwZ/
A22jdhl4yLgts61rLr391iV1t/bInjaSefK64dS+ao6gGw5G4RcC4djCz7Wgt90s
IaDZySuI53Ey9IDn+3vi4kiueQ4AMhC4LgXwFI0K2Ou8SYnMZLjLh09T58+0PVl6
ArXJEDiNfGl7WxJDo/cCO6JT/SvVF9tDXbUoGgYJ0BZ3AXfJr0Hv
-----END CERTIFICATE-----