Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/QKJXBuj0YgwQYhI-HUF5YUSngCo.roa
File:                     QKJXBuj0YgwQYhI-HUF5YUSngCo.roa (raw, json)
Hash identifier:          Lo/DfnO4pc6PKNXS7S37SEkAm0vBSLvnVWRB3lrWmqA=
Subject key identifier:   40:A2:57:06:E8:F4:62:0C:10:62:12:3E:1D:41:79:61:44:A7:80:2A
Certificate issuer:       /CN=5bb1c57055c29d669f289a9f68f392823942132a
Certificate serial:       018CC2DAE639884D082AE063F83793F013C3
Authority key identifier: 5B:B1:C5:70:55:C2:9D:66:9F:28:9A:9F:68:F3:92:82:39:42:13:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/QKJXBuj0YgwQYhI-HUF5YUSngCo.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202709
IP address blocks:        5.253.215.0/24 maxlen: 24
                          5.253.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e6:39:88:4d:08:2a:e0:63:f8:37:93:f0:13:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bb1c57055c29d669f289a9f68f392823942132a
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40a25706e8f4620c1062123e1d41796144a7802a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:42:8c:36:fb:13:1c:3b:49:66:90:d6:96:20:
                    c3:c4:67:7e:e0:02:9a:8b:0f:55:40:ea:98:d0:83:
                    a9:f7:60:f1:f8:1e:06:b3:6f:d9:dd:7a:d3:6d:c2:
                    cf:43:3f:7b:9b:9e:a9:55:e3:84:61:7d:db:a8:7d:
                    1e:b0:35:01:5d:f4:95:2d:e6:0a:02:c2:70:fd:db:
                    db:6d:19:27:f0:13:c9:c7:09:05:8f:3f:dc:67:76:
                    af:9f:6b:5e:a4:21:03:98:82:15:dc:f3:fe:57:71:
                    59:1d:af:2d:17:71:76:0a:f9:19:c5:0e:37:a3:ff:
                    c4:dd:bd:c3:e1:d5:80:a7:0f:18:86:31:2a:3a:17:
                    c9:52:00:6d:62:86:a3:92:70:f5:34:fc:41:38:22:
                    c3:e1:27:55:69:0f:d0:6e:19:c0:f6:d9:26:14:17:
                    4b:1a:25:95:13:b6:32:e0:64:64:a1:cb:d6:29:1b:
                    60:df:46:7c:70:e5:89:bb:74:93:58:44:b8:e0:7d:
                    0d:59:d5:0e:47:64:c7:ed:de:82:e3:b1:35:94:da:
                    71:3d:59:df:c9:10:a3:4e:d2:10:f5:a6:a1:13:f6:
                    e9:85:6a:56:a2:db:e7:37:35:3b:13:ff:0c:0d:de:
                    4c:cc:ff:9e:ce:c6:fc:c2:4b:f1:26:01:b1:2f:d8:
                    2e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A2:57:06:E8:F4:62:0C:10:62:12:3E:1D:41:79:61:44:A7:80:2A
            X509v3 Authority Key Identifier:
                keyid:5B:B1:C5:70:55:C2:9D:66:9F:28:9A:9F:68:F3:92:82:39:42:13:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/QKJXBuj0YgwQYhI-HUF5YUSngCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:ae:2a:a8:56:58:1f:a2:a3:16:6c:e4:7a:1b:91:3f:25:ff:
         a7:b6:52:26:e5:64:3d:07:b4:34:b8:4e:12:71:a2:79:d4:06:
         d3:c5:41:1e:7a:dc:4c:9d:67:8b:9b:8b:60:c7:3f:1e:41:8b:
         c0:0c:0b:63:50:86:4a:51:44:28:b9:07:cf:7c:0b:f5:8d:c8:
         f9:da:54:1b:70:6c:7c:00:5e:06:54:6d:b6:c1:a4:bb:4d:9e:
         e4:71:64:24:9f:4e:71:b1:54:78:20:14:14:d4:d3:c2:da:af:
         47:8d:20:dc:ba:ac:07:e3:ee:6b:1d:1d:1c:7a:f3:cb:56:c9:
         f5:e4:af:55:a6:e1:b3:76:b6:7c:4a:04:64:7b:fc:29:b3:a9:
         bb:0f:5b:e6:09:69:06:9d:3f:19:18:95:a7:66:e6:d0:e5:5c:
         9c:09:c4:1a:71:12:dd:63:32:9c:6d:e5:27:03:9d:80:f0:f9:
         9f:67:d6:ed:b7:87:fb:cc:86:fb:87:b7:00:ca:2e:34:60:18:
         4a:b3:4e:c2:5d:78:8c:14:78:76:54:82:75:25:e4:41:90:fb:
         d5:a4:16:9c:09:af:c5:41:c6:6a:95:0a:f6:d6:f7:d4:f6:85:
         75:7e:0b:1b:fd:e7:e4:d9:ea:c8:eb:bc:57:dc:7a:75:39:69:
         73:79:94:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uY5iE0IKuBj+DeT8BPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYjFjNTcwNTVjMjlkNjY5ZjI4OWE5ZjY4ZjM5MjgyMzk0
MjEzMmEwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGEyNTcwNmU4ZjQ2MjBjMTA2MjEyM2UxZDQxNzk2MTQ0YTc4MDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikKMNvsTHDtJZpDWliDDxGd+4AKa
iw9VQOqY0IOp92Dx+B4Gs2/Z3XrTbcLPQz97m56pVeOEYX3bqH0esDUBXfSVLeYK
AsJw/dvbbRkn8BPJxwkFjz/cZ3avn2tepCEDmIIV3PP+V3FZHa8tF3F2CvkZxQ43
o//E3b3D4dWApw8YhjEqOhfJUgBtYoajknD1NPxBOCLD4SdVaQ/QbhnA9tkmFBdL
GiWVE7Yy4GRkocvWKRtg30Z8cOWJu3STWES44H0NWdUOR2TH7d6C47E1lNpxPVnf
yRCjTtIQ9aahE/bphWpWotvnNzU7E/8MDd5MzP+ezsb8wkvxJgGxL9guWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECiVwbo9GIMEGISPh1BeWFEp4AqMB8GA1UdIwQY
MBaAFFuxxXBVwp1mnyian2jzkoI5QhMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzdIRmNGWENuV2FmS0pxZmFQT1NnamxDRXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84MjIzNzYtODA4YS00NjVjLWE4N2Yt
NWNlYWUxOWY5NGY5LzEvUUtKWEJ1ajBZZ3dRWWhJLUhVRjVZVVNuZ0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84MjIzNzYtODA4YS00NjVjLWE4N2YtNWNlYWUxOWY5NGY5
LzEvVzdIRmNGWENuV2FmS0pxZmFQT1NnamxDRXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBf3WMA0G
CSqGSIb3DQEBCwUAA4IBAQAOriqoVlgfoqMWbOR6G5E/Jf+ntlIm5WQ9B7Q0uE4S
caJ51AbTxUEeetxMnWeLm4tgxz8eQYvADAtjUIZKUUQouQfPfAv1jcj52lQbcGx8
AF4GVG22waS7TZ7kcWQkn05xsVR4IBQU1NPC2q9HjSDcuqwH4+5rHR0cevPLVsn1
5K9VpuGzdrZ8SgRke/wps6m7D1vmCWkGnT8ZGJWnZubQ5VycCcQacRLdYzKcbeUn
A52A8PmfZ9btt4f7zIb7h7cAyi40YBhKs07CXXiMFHh2VIJ1JeRBkPvVpBacCa/F
QcZqlQr21vfU9oV1fgsb/efk2erI67xX3Hp1OWlzeZT2
-----END CERTIFICATE-----