Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/hqSJmNvyWy93FBBYpesr43pOvZY.roa
File:                     hqSJmNvyWy93FBBYpesr43pOvZY.roa (raw, json)
Hash identifier:          UoCzQPaDQpFe1N1zjuSFecmlCY09TsxVwueE3zw5z1c=
Subject key identifier:   86:A4:89:98:DB:F2:5B:2F:77:14:10:58:A5:EB:2B:E3:7A:4E:BD:96
Certificate issuer:       /CN=210da9e7af01de75448f4906aac41bd2964e8847
Certificate serial:       018CC3B6EF259F8441C2F14BF9DFAE852529
Authority key identifier: 21:0D:A9:E7:AF:01:DE:75:44:8F:49:06:AA:C4:1B:D2:96:4E:88:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQ2p568B3nVEj0kGqsQb0pZOiEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/hqSJmNvyWy93FBBYpesr43pOvZY.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        159.100.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/IQ2p568B3nVEj0kGqsQb0pZOiEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/IQ2p568B3nVEj0kGqsQb0pZOiEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQ2p568B3nVEj0kGqsQb0pZOiEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ef:25:9f:84:41:c2:f1:4b:f9:df:ae:85:25:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=210da9e7af01de75448f4906aac41bd2964e8847
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86a48998dbf25b2f77141058a5eb2be37a4ebd96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d9:e9:23:a5:5e:1a:14:23:63:1d:19:a5:11:
                    56:6b:9c:e5:2b:08:bf:a5:68:f3:fb:bf:a2:54:56:
                    f8:fb:d7:21:fd:19:e7:0a:99:fd:f0:85:58:d0:a2:
                    c3:14:bf:b9:1b:5d:a9:ee:b2:d3:e8:63:8e:e2:1f:
                    f1:d9:7c:9a:74:ca:c9:56:a3:57:80:cf:5d:2c:fb:
                    e5:5c:52:85:df:f2:71:60:32:25:77:4f:82:6d:c3:
                    0a:d9:f3:72:6d:32:94:e5:54:c7:e8:9d:55:c4:a8:
                    3c:28:27:bb:63:6f:63:e1:8e:d5:0b:33:94:a6:94:
                    13:63:f0:b4:e2:b0:65:df:32:66:2a:9e:f3:e8:cc:
                    7e:a1:07:04:14:70:87:29:e1:96:29:9d:0f:aa:0a:
                    e2:95:c1:bd:ad:e2:3d:fd:bf:fb:60:a0:83:ee:81:
                    df:52:0a:f4:bc:2c:5f:0d:7e:59:7a:b5:6d:7d:c3:
                    56:e4:0c:e2:de:33:43:a3:28:7c:36:95:f0:8c:6d:
                    16:d1:35:a0:e7:e7:e0:d1:c1:d9:41:65:be:2a:56:
                    0a:73:10:90:ec:92:2c:dd:b7:08:cf:ca:e0:5a:f4:
                    2a:4e:f2:4d:d9:ef:30:d0:39:14:63:f9:5b:2d:b0:
                    0f:d1:ec:93:ab:24:e8:4b:c3:6a:0f:5c:08:72:cf:
                    65:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A4:89:98:DB:F2:5B:2F:77:14:10:58:A5:EB:2B:E3:7A:4E:BD:96
            X509v3 Authority Key Identifier:
                keyid:21:0D:A9:E7:AF:01:DE:75:44:8F:49:06:AA:C4:1B:D2:96:4E:88:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQ2p568B3nVEj0kGqsQb0pZOiEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/hqSJmNvyWy93FBBYpesr43pOvZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/f27821-4ccf-4d2e-8b15-6e12774f851e/1/IQ2p568B3nVEj0kGqsQb0pZOiEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.100.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:4f:78:81:0c:31:f2:20:8f:7f:39:0f:28:72:1f:6b:bd:4e:
         33:d8:8c:0c:ae:66:7f:c0:3f:f3:fa:c3:27:6d:95:6c:af:0d:
         95:a8:1f:e4:94:93:54:96:26:be:b4:c5:1b:8b:6a:4a:8a:b5:
         cf:e9:6b:6c:83:a7:8d:5d:b2:92:8e:3f:03:a0:c0:ab:03:a1:
         c0:1e:b2:98:b8:8c:e7:69:28:d8:e2:6a:94:b5:e8:28:89:c6:
         bf:e1:cd:a0:27:b7:27:7b:66:91:1b:5e:93:b0:d0:a9:0f:82:
         60:39:14:e6:e3:4e:e4:f0:8d:af:87:2e:c5:08:62:3f:f9:64:
         6c:72:23:aa:73:38:d3:82:0f:d1:b8:c6:29:22:47:b8:0c:19:
         af:95:6a:33:2d:7b:f1:41:29:f6:ab:84:0a:28:75:60:c9:ec:
         24:a9:7a:96:b1:46:48:30:f3:d5:6a:e4:1d:fd:8b:ec:4f:a9:
         e9:e5:04:0b:90:f5:71:fd:2a:85:24:2a:3d:32:c3:47:0b:58:
         8e:8e:46:12:09:b4:4a:ee:60:21:ba:90:38:7c:71:24:79:64:
         bf:e7:5a:cf:e4:46:ac:06:a6:72:6d:b3:42:cb:c1:ab:df:7c:
         94:1e:5f:12:30:df:7c:a1:53:db:3f:9e:ed:41:21:56:6e:c4:
         72:45:d1:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtu8ln4RBwvFL+d+uhSUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMGRhOWU3YWYwMWRlNzU0NDhmNDkwNmFhYzQxYmQyOTY0
ZTg4NDcwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmE0ODk5OGRiZjI1YjJmNzcxNDEwNThhNWViMmJlMzdhNGViZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptnpI6VeGhQjYx0ZpRFWa5zlKwi/
pWjz+7+iVFb4+9ch/RnnCpn98IVY0KLDFL+5G12p7rLT6GOO4h/x2XyadMrJVqNX
gM9dLPvlXFKF3/JxYDIld0+CbcMK2fNybTKU5VTH6J1VxKg8KCe7Y29j4Y7VCzOU
ppQTY/C04rBl3zJmKp7z6Mx+oQcEFHCHKeGWKZ0PqgrilcG9reI9/b/7YKCD7oHf
Ugr0vCxfDX5ZerVtfcNW5Azi3jNDoyh8NpXwjG0W0TWg5+fg0cHZQWW+KlYKcxCQ
7JIs3bcIz8rgWvQqTvJN2e8w0DkUY/lbLbAP0eyTqyToS8NqD1wIcs9l7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIakiZjb8lsvdxQQWKXrK+N6Tr2WMB8GA1UdIwQY
MBaAFCENqeevAd51RI9JBqrEG9KWTohHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVEycDU2OEIzblZFajBrR3FzUWIwcFpPaUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9mMjc4MjEtNGNjZi00ZDJlLThiMTUt
NmUxMjc3NGY4NTFlLzEvaHFTSm1OdnlXeTkzRkJCWXBlc3I0M3BPdlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9mMjc4MjEtNGNjZi00ZDJlLThiMTUtNmUxMjc3NGY4NTFl
LzEvSVEycDU2OEIzblZFajBrR3FzUWIwcFpPaUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCn2Q8MA0G
CSqGSIb3DQEBCwUAA4IBAQAqT3iBDDHyII9/OQ8och9rvU4z2IwMrmZ/wD/z+sMn
bZVsrw2VqB/klJNUlia+tMUbi2pKirXP6Wtsg6eNXbKSjj8DoMCrA6HAHrKYuIzn
aSjY4mqUtegoica/4c2gJ7cne2aRG16TsNCpD4JgORTm407k8I2vhy7FCGI/+WRs
ciOqczjTgg/RuMYpIke4DBmvlWozLXvxQSn2q4QKKHVgyewkqXqWsUZIMPPVauQd
/YvsT6np5QQLkPVx/SqFJCo9MsNHC1iOjkYSCbRK7mAhupA4fHEkeWS/51rP5Eas
BqZybbNCy8Gr33yUHl8SMN98oVPbP57tQSFWbsRyRdHN
-----END CERTIFICATE-----