Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/Q7Z_C-47mFmBzVPPKt9ndhGkngA.roa
File:                     Q7Z_C-47mFmBzVPPKt9ndhGkngA.roa (raw, json)
Hash identifier:          5hjev1gTkriUrKnc1kjfdGceLbBmLUEmu+DPWLn6kqU=
Subject key identifier:   43:B6:7F:0B:EE:3B:98:59:81:CD:53:CF:2A:DF:67:76:11:A4:9E:00
Certificate issuer:       /CN=bc69e6902d4e1c41246f4a121b4a5bdecf86e388
Certificate serial:       018CC8030D3D13207EA3BAA12E35D0B29281
Authority key identifier: BC:69:E6:90:2D:4E:1C:41:24:6F:4A:12:1B:4A:5B:DE:CF:86:E3:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGnmkC1OHEEkb0oSG0pb3s-G44g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/Q7Z_C-47mFmBzVPPKt9ndhGkngA.roa
Signing time:             Tue 02 Jan 2024 02:31:32 +0000
ROA not before:           Tue 02 Jan 2024 02:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201746
IP address blocks:        193.5.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/vGnmkC1OHEEkb0oSG0pb3s-G44g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/vGnmkC1OHEEkb0oSG0pb3s-G44g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGnmkC1OHEEkb0oSG0pb3s-G44g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:0d:3d:13:20:7e:a3:ba:a1:2e:35:d0:b2:92:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc69e6902d4e1c41246f4a121b4a5bdecf86e388
        Validity
            Not Before: Jan  2 02:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43b67f0bee3b985981cd53cf2adf677611a49e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d3:77:4f:90:fa:e5:dc:5c:ec:63:3b:91:55:
                    ba:6c:6b:66:70:1d:ce:b7:e8:4b:b4:7a:92:57:72:
                    0d:82:b9:52:e5:5e:a2:ee:c4:eb:04:ed:76:e6:9b:
                    a4:b2:c1:61:84:cb:80:87:d9:de:d0:7d:de:8b:70:
                    13:85:43:ec:3f:e5:11:e9:a6:56:21:0d:92:1c:0b:
                    6b:41:6c:4a:0a:bf:32:0f:04:7b:4b:eb:ab:c0:89:
                    a1:df:58:23:a5:a1:6a:d3:e6:b5:01:37:77:54:5d:
                    5b:00:ec:fb:cb:dc:cd:2e:a4:46:93:c2:e6:34:77:
                    b0:bf:ea:e6:52:30:0e:83:93:6e:84:ca:85:3b:fc:
                    8c:14:37:c1:42:9e:0c:36:c9:db:62:bd:87:04:cf:
                    cd:1b:ee:56:b8:c3:66:1a:7f:3f:3f:52:de:c2:44:
                    63:ad:d7:05:0e:d2:f1:06:b9:b7:43:82:6f:29:8c:
                    a1:b9:d5:5c:77:8e:b6:10:77:2c:28:c3:b1:53:f3:
                    e5:2e:7d:b3:5e:f5:7d:10:3a:7b:e5:84:9b:ef:43:
                    e0:e8:e4:43:aa:45:17:ac:ce:36:05:b6:22:8b:4d:
                    54:08:02:f1:5d:2b:da:3f:65:83:81:85:3f:55:da:
                    18:b9:7c:3f:02:8f:ee:14:8b:f8:0a:fe:92:94:c0:
                    0c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B6:7F:0B:EE:3B:98:59:81:CD:53:CF:2A:DF:67:76:11:A4:9E:00
            X509v3 Authority Key Identifier:
                keyid:BC:69:E6:90:2D:4E:1C:41:24:6F:4A:12:1B:4A:5B:DE:CF:86:E3:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGnmkC1OHEEkb0oSG0pb3s-G44g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/Q7Z_C-47mFmBzVPPKt9ndhGkngA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e05ab2-23b8-4af2-b488-d3d03797259d/1/vGnmkC1OHEEkb0oSG0pb3s-G44g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ac:6b:10:a7:b1:7d:e7:99:bd:d2:a6:bd:b3:d1:7d:78:be:
         bd:95:f7:46:26:54:89:7c:b0:e9:4f:a5:c4:b2:e7:f9:47:ad:
         91:36:32:9f:21:c6:27:a4:74:9b:b3:f5:25:5f:27:31:75:ba:
         b4:eb:f7:d7:76:ec:73:ec:b6:a4:a9:01:f1:7f:2f:5d:56:50:
         81:86:69:84:bb:9c:79:0e:cd:16:b8:4e:ec:ab:30:eb:a5:08:
         05:06:91:91:2c:32:2c:2a:d8:de:b9:c8:8b:0b:d4:de:4c:53:
         f5:8a:be:02:15:49:ee:8d:f1:70:06:de:fe:61:74:ee:4d:7c:
         b3:16:5d:36:a5:d4:b4:74:ab:11:47:0f:d5:47:02:4d:02:fb:
         1e:dd:4b:5d:6b:1e:11:b9:20:02:44:b4:b6:fe:9d:99:aa:5a:
         0a:e5:1f:a6:16:02:78:24:ee:51:bf:78:c9:1c:8b:db:b2:04:
         e3:cd:7f:0d:3b:97:87:c4:e6:c0:8d:76:d2:c5:05:c3:a8:c9:
         ca:bd:df:59:2a:f5:4b:b1:85:86:61:30:e0:4b:db:5b:8a:67:
         45:d1:cd:56:20:2d:18:7f:b9:be:6d:3b:cd:09:76:33:f8:1e:
         76:46:23:0a:8f:bf:13:21:cd:2d:e1:58:28:e9:b7:3b:b3:50:
         7e:06:25:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAw09EyB+o7qhLjXQspKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjllNjkwMmQ0ZTFjNDEyNDZmNGExMjFiNGE1YmRlY2Y4
NmUzODgwHhcNMjQwMTAyMDIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I2N2YwYmVlM2I5ODU5ODFjZDUzY2YyYWRmNjc3NjExYTQ5ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldN3T5D65dxc7GM7kVW6bGtmcB3O
t+hLtHqSV3INgrlS5V6i7sTrBO125pukssFhhMuAh9ne0H3ei3AThUPsP+UR6aZW
IQ2SHAtrQWxKCr8yDwR7S+urwImh31gjpaFq0+a1ATd3VF1bAOz7y9zNLqRGk8Lm
NHewv+rmUjAOg5NuhMqFO/yMFDfBQp4MNsnbYr2HBM/NG+5WuMNmGn8/P1LewkRj
rdcFDtLxBrm3Q4JvKYyhudVcd462EHcsKMOxU/PlLn2zXvV9EDp75YSb70Pg6ORD
qkUXrM42BbYii01UCALxXSvaP2WDgYU/VdoYuXw/Ao/uFIv4Cv6SlMAMRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO2fwvuO5hZgc1TzyrfZ3YRpJ4AMB8GA1UdIwQY
MBaAFLxp5pAtThxBJG9KEhtKW97PhuOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdubWtDMU9IRUVrYjBvU0cwcGIzcy1HNDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lMDVhYjItMjNiOC00YWYyLWI0ODgt
ZDNkMDM3OTcyNTlkLzEvUTdaX0MtNDdtRm1CelZQUEt0OW5kaEdrbmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lMDVhYjItMjNiOC00YWYyLWI0ODgtZDNkMDM3OTcyNTlk
LzEvdkdubWtDMU9IRUVrYjBvU0cwcGIzcy1HNDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQWWMA0G
CSqGSIb3DQEBCwUAA4IBAQAPrGsQp7F955m90qa9s9F9eL69lfdGJlSJfLDpT6XE
suf5R62RNjKfIcYnpHSbs/UlXycxdbq06/fXduxz7LakqQHxfy9dVlCBhmmEu5x5
Ds0WuE7sqzDrpQgFBpGRLDIsKtjeuciLC9TeTFP1ir4CFUnujfFwBt7+YXTuTXyz
Fl02pdS0dKsRRw/VRwJNAvse3Utdax4RuSACRLS2/p2ZqloK5R+mFgJ4JO5Rv3jJ
HIvbsgTjzX8NO5eHxObAjXbSxQXDqMnKvd9ZKvVLsYWGYTDgS9tbimdF0c1WIC0Y
f7m+bTvNCXYz+B52RiMKj78TIc0t4Vgo6bc7s1B+BiWH
-----END CERTIFICATE-----