Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/hQPrlrAL41ehUyQuSVdLoAZgl_s.roa
File:                     hQPrlrAL41ehUyQuSVdLoAZgl_s.roa (raw, json)
Hash identifier:          QYn4t474bjI2G32M9JZa/5LhS0gkReLvPrGy2d/iw40=
Subject key identifier:   85:03:EB:96:B0:0B:E3:57:A1:53:24:2E:49:57:4B:A0:06:60:97:FB
Certificate issuer:       /CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
Certificate serial:       01901596605FECE220313E433D84B5339F3C
Authority key identifier: 5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/hQPrlrAL41ehUyQuSVdLoAZgl_s.roa
Signing time:             Fri 14 Jun 2024 07:11:34 +0000
ROA not before:           Fri 14 Jun 2024 07:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61316
IP address blocks:        185.10.208.0/22 maxlen: 22
                          193.33.212.0/23 maxlen: 23
                          2a03:6540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:96:60:5f:ec:e2:20:31:3e:43:3d:84:b5:33:9f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
        Validity
            Not Before: Jun 14 07:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8503eb96b00be357a153242e49574ba0066097fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:28:a1:a2:a8:f0:2f:84:15:e5:48:7d:e9:2a:
                    da:b0:59:04:37:fd:1f:cc:e5:f8:5f:6a:49:89:b1:
                    51:e9:d4:83:3c:04:13:e3:43:8a:1a:a1:df:ae:a0:
                    9d:24:04:ec:ac:eb:0c:0f:bb:5b:4c:9e:b6:88:d2:
                    97:9e:b5:09:67:cb:bc:05:89:1d:93:4f:15:65:d4:
                    36:3a:bd:68:c1:d9:e4:76:9d:4f:e9:1b:43:79:ab:
                    95:39:9a:3e:f3:36:5f:71:12:ed:05:28:b4:92:3e:
                    29:39:39:0b:71:f5:b4:f9:4a:68:dc:1c:2f:7c:11:
                    5c:21:7e:f0:fb:4b:2f:97:f2:fb:94:f3:ae:74:9f:
                    4a:22:9a:72:53:a5:36:6b:6c:52:9f:05:56:95:54:
                    b7:c6:42:bc:99:14:a6:b5:be:b5:76:5b:78:e1:49:
                    91:f0:b4:e0:8c:f1:68:ab:8a:78:a6:50:71:ac:dd:
                    0e:e0:84:fc:94:82:f3:07:a2:36:79:56:8c:ee:41:
                    8f:ec:d8:47:e0:6d:4c:c0:1f:1d:c4:36:fe:4b:eb:
                    99:69:fa:fa:7e:6d:87:94:36:a9:98:54:f7:c3:1d:
                    84:16:f9:81:27:01:05:37:8f:5c:09:1f:35:3b:b2:
                    07:80:7a:7f:c2:3b:ab:f7:b6:6b:76:b9:20:13:79:
                    c7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:03:EB:96:B0:0B:E3:57:A1:53:24:2E:49:57:4B:A0:06:60:97:FB
            X509v3 Authority Key Identifier:
                keyid:5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/hQPrlrAL41ehUyQuSVdLoAZgl_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.208.0/22
                  193.33.212.0/23
                IPv6:
                  2a03:6540::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:ab:f2:b1:ed:74:83:5e:76:d7:53:ef:3f:2f:d7:78:55:c0:
         a0:59:28:0c:f4:a9:c1:6e:3c:a1:b6:b0:50:67:9b:c5:64:9e:
         0e:a6:e8:dd:ab:f8:f3:a9:38:9a:6e:81:33:7b:25:d6:50:77:
         85:9a:d8:73:4b:29:07:13:5e:d8:57:1c:ba:75:37:f4:a8:88:
         14:be:00:3e:8e:26:6f:b4:00:34:c2:a5:59:62:7e:e3:72:cc:
         ed:dc:e4:b6:a5:06:ad:9c:f2:69:03:b6:d4:4d:e0:7d:cb:2e:
         8f:73:d4:9c:34:5b:bf:35:69:51:87:15:ec:67:c9:7a:d7:48:
         db:63:fc:03:13:f1:10:f9:cb:0b:fd:9b:29:b3:a3:9a:94:ca:
         18:8b:6a:f5:9f:7a:54:f5:28:11:2f:e8:21:0d:93:48:20:0b:
         8b:8d:0f:b4:46:93:7b:13:2d:23:c4:55:34:53:cf:05:d3:12:
         94:40:e2:64:75:7a:b8:d6:03:94:16:7a:65:8a:f4:ae:13:6d:
         80:96:02:c1:26:8f:76:0f:4c:43:4c:ad:3d:cb:7b:2c:00:54:
         2a:7c:f8:39:d6:21:9d:57:fc:42:bc:33:3e:3c:fc:f5:ff:07:
         ca:87:7a:1e:fc:10:d1:2a:8a:13:a0:a3:28:20:b9:5c:66:41:
         a9:1b:81:ff
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZAVlmBf7OIgMT5DPYS1M588MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjM1MThmYWE5Yjk0YTQyZDFhM2I0ZDlmNjNiOTc0Mzk0
ZDA2NjIwHhcNMjQwNjE0MDcxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTAzZWI5NmIwMGJlMzU3YTE1MzI0MmU0OTU3NGJhMDA2NjA5N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCihoqjwL4QV5Uh96SrasFkEN/0f
zOX4X2pJibFR6dSDPAQT40OKGqHfrqCdJATsrOsMD7tbTJ62iNKXnrUJZ8u8BYkd
k08VZdQ2Or1owdnkdp1P6RtDeauVOZo+8zZfcRLtBSi0kj4pOTkLcfW0+Upo3Bwv
fBFcIX7w+0svl/L7lPOudJ9KIppyU6U2a2xSnwVWlVS3xkK8mRSmtb61dlt44UmR
8LTgjPFoq4p4plBxrN0O4IT8lILzB6I2eVaM7kGP7NhH4G1MwB8dxDb+S+uZafr6
fm2HlDapmFT3wx2EFvmBJwEFN49cCR81O7IHgHp/wjur97ZrdrkgE3nHqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIUD65awC+NXoVMkLklXS6AGYJf7MB8GA1UdIwQY
MBaAFF4jUY+qm5SkLRo7TZ9juXQ5TQZiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUt
YTQ4YWMzMWRiYmYwLzEvaFFQcmxyQUw0MWVoVXlRdVNWZExvQVpnbF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUtYTQ4YWMzMWRiYmYw
LzEvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQrQAwQB
wSHUMA0EAgACMAcDBQAqA2VAMA0GCSqGSIb3DQEBCwUAA4IBAQCaq/Kx7XSDXnbX
U+8/L9d4VcCgWSgM9KnBbjyhtrBQZ5vFZJ4Opujdq/jzqTiaboEzeyXWUHeFmthz
SykHE17YVxy6dTf0qIgUvgA+jiZvtAA0wqVZYn7jcszt3OS2pQatnPJpA7bUTeB9
yy6Pc9ScNFu/NWlRhxXsZ8l610jbY/wDE/EQ+csL/Zsps6OalMoYi2r1n3pU9SgR
L+ghDZNIIAuLjQ+0RpN7Ey0jxFU0U88F0xKUQOJkdXq41gOUFnplivSuE22AlgLB
Jo92D0xDTK09y3ssAFQqfPg51iGdV/xCvDM+PPz1/wfKh3oe/BDRKooToKMoILlc
ZkGpG4H/
-----END CERTIFICATE-----