Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BAOQzdYO52x5pHX4hBMM3XiCEcM.roa
File:                     BAOQzdYO52x5pHX4hBMM3XiCEcM.roa (raw, json)
Hash identifier:          2IOWLlDaPWkY3HIF7qq9PR5LxTzh41NtrMS4tChz3zM=
Subject key identifier:   04:03:90:CD:D6:0E:E7:6C:79:A4:75:F8:84:13:0C:DD:78:82:11:C3
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       018CC26D3304494372CCCC76C3766B897226
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BAOQzdYO52x5pHX4hBMM3XiCEcM.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205659
IP address blocks:        64.190.252.0/22 maxlen: 22
                          216.246.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:33:04:49:43:72:cc:cc:76:c3:76:6b:89:72:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=040390cdd60ee76c79a475f884130cdd788211c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4a:9d:81:da:ef:02:33:c2:aa:0b:0b:cd:2c:
                    ea:41:19:d6:d9:a1:b0:52:b0:3c:95:95:b0:a1:2d:
                    e4:c5:23:d4:1b:26:53:e0:78:67:9c:4f:56:b2:24:
                    c4:1e:a7:61:83:97:1b:f1:02:47:8c:a3:b6:4b:dc:
                    10:39:e5:61:39:d3:0d:79:2b:c2:7d:3b:a4:21:73:
                    1a:6e:72:19:ea:3e:e8:ef:59:b6:1e:fe:8c:d3:25:
                    9c:9e:40:ab:1c:68:f7:e1:85:84:e8:53:8d:bf:72:
                    9c:23:66:88:0e:26:f2:d3:f2:4f:3e:b5:9d:c3:cb:
                    7b:3b:37:3f:dd:27:65:dc:48:26:8d:92:e3:d3:d3:
                    ed:fe:67:83:36:d8:6c:b1:8c:82:41:69:6b:24:49:
                    a3:b0:f5:3a:90:91:55:c7:8d:15:83:b7:67:63:92:
                    61:3b:fa:bb:36:00:0d:72:dd:a8:6f:d5:9a:09:2c:
                    2e:54:aa:d4:58:13:1f:f0:66:4a:33:16:df:c5:b9:
                    a9:48:c6:de:1a:44:cd:b9:ff:94:79:f7:1b:74:43:
                    61:70:91:37:c3:9b:fe:c5:50:ec:03:cd:a4:d2:e2:
                    3a:f7:ac:a1:f0:fc:fb:3f:ee:a7:76:94:6e:0a:5d:
                    f5:40:31:c4:0a:66:64:de:95:9b:8b:c0:70:87:5a:
                    cd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:03:90:CD:D6:0E:E7:6C:79:A4:75:F8:84:13:0C:DD:78:82:11:C3
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BAOQzdYO52x5pHX4hBMM3XiCEcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.252.0/22
                  216.246.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:25:61:36:a6:48:b5:fc:e9:eb:2a:f9:8b:d6:a8:1f:30:5b:
         c2:1b:03:94:37:a1:b7:94:26:bd:53:da:59:f5:49:eb:7c:10:
         02:28:77:a8:97:a1:b2:84:a6:b4:70:a7:35:eb:38:83:6d:7c:
         aa:0b:e8:72:0a:ca:3b:3c:a3:ad:4d:8f:17:fa:29:de:9b:34:
         9c:b4:e6:63:3d:1b:25:00:bc:1d:f8:29:31:10:a0:66:81:35:
         52:94:48:82:cf:c3:6d:97:e3:9b:46:37:df:72:af:eb:d0:54:
         19:df:34:ce:cf:e6:5f:98:d3:95:2d:ca:7b:60:4b:61:d9:13:
         eb:a4:e2:40:7a:5c:20:00:7d:40:e1:3e:c1:5f:61:59:38:b8:
         2d:c5:48:b1:d0:9d:0c:fd:a3:a8:9a:e5:a4:65:ca:21:e2:25:
         56:73:df:d1:cb:68:13:fd:d3:a6:31:71:fc:bf:b8:3d:96:10:
         6e:14:8c:03:b3:2f:c5:29:e9:a8:7c:6c:ad:80:3d:f6:06:76:
         97:00:00:84:7b:53:1b:37:ae:fb:77:37:ea:41:43:57:f6:ee:
         a4:09:6a:d6:0b:da:71:cc:ba:39:46:e4:7b:1e:87:b7:19:78:
         5f:4c:32:cd:f7:19:37:ee:2e:da:48:84:95:32:f6:7b:d5:f1:
         be:88:14:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbTMESUNyzMx2w3ZriXImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDAzOTBjZGQ2MGVlNzZjNzlhNDc1Zjg4NDEzMGNkZDc4ODIxMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqdgdrvAjPCqgsLzSzqQRnW2aGw
UrA8lZWwoS3kxSPUGyZT4HhnnE9WsiTEHqdhg5cb8QJHjKO2S9wQOeVhOdMNeSvC
fTukIXMabnIZ6j7o71m2Hv6M0yWcnkCrHGj34YWE6FONv3KcI2aIDiby0/JPPrWd
w8t7Ozc/3Sdl3EgmjZLj09Pt/meDNthssYyCQWlrJEmjsPU6kJFVx40Vg7dnY5Jh
O/q7NgANct2ob9WaCSwuVKrUWBMf8GZKMxbfxbmpSMbeGkTNuf+UefcbdENhcJE3
w5v+xVDsA82k0uI696yh8Pz7P+6ndpRuCl31QDHECmZk3pWbi8Bwh1rNKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQDkM3WDudseaR1+IQTDN14ghHDMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvQkFPUXpkWU81Mng1cEhYNGhCTU0zWGlDRWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQL78AwQC
2PbUMA0GCSqGSIb3DQEBCwUAA4IBAQAsJWE2pki1/OnrKvmL1qgfMFvCGwOUN6G3
lCa9U9pZ9UnrfBACKHeol6GyhKa0cKc16ziDbXyqC+hyCso7PKOtTY8X+inemzSc
tOZjPRslALwd+CkxEKBmgTVSlEiCz8Ntl+ObRjffcq/r0FQZ3zTOz+ZfmNOVLcp7
YEth2RPrpOJAelwgAH1A4T7BX2FZOLgtxUix0J0M/aOomuWkZcoh4iVWc9/Ry2gT
/dOmMXH8v7g9lhBuFIwDsy/FKemofGytgD32BnaXAACEe1MbN677dzfqQUNX9u6k
CWrWC9pxzLo5RuR7Hoe3GXhfTDLN9xk37i7aSISVMvZ71fG+iBTt
-----END CERTIFICATE-----