Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/QaSsh5EVm2iGIkragX8ndxRPL-M.roa
File:                     QaSsh5EVm2iGIkragX8ndxRPL-M.roa (raw, json)
Hash identifier:          aYRQuu8Qz19tw3W9AjJbmvET0lWCZ6CJ31+Hj7XB1hc=
Subject key identifier:   41:A4:AC:87:91:15:9B:68:86:22:4A:DA:81:7F:27:77:14:4F:2F:E3
Certificate issuer:       /CN=a978c3655c5a609712e755100d98892ae1c8e5eb
Certificate serial:       018CCA2A3497A55F7828FF87AFF6186A89C9
Authority key identifier: A9:78:C3:65:5C:5A:60:97:12:E7:55:10:0D:98:89:2A:E1:C8:E5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/QaSsh5EVm2iGIkragX8ndxRPL-M.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209110
IP address blocks:        5.182.40.0/22 maxlen: 24
                          2a0e:d800::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:34:97:a5:5f:78:28:ff:87:af:f6:18:6a:89:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a978c3655c5a609712e755100d98892ae1c8e5eb
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41a4ac8791159b6886224ada817f2777144f2fe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f1:91:16:84:98:00:6e:b7:31:59:e1:42:f1:
                    d7:f3:b6:6e:40:f0:ec:04:97:62:8b:de:fa:6e:c2:
                    30:a8:38:89:f7:be:27:11:66:86:60:e3:50:2c:16:
                    00:3c:d2:c8:b3:2f:7e:83:71:a7:ac:05:da:e0:81:
                    87:0e:89:ec:cc:64:95:7d:99:82:11:d4:23:66:d4:
                    3f:8b:be:20:54:d1:5d:01:2d:ac:11:81:76:89:6e:
                    13:12:e6:ae:47:92:41:a8:a8:68:17:90:50:14:ff:
                    b0:06:19:9c:02:70:c9:92:be:9f:51:0c:4e:fd:1e:
                    cc:7d:da:22:a9:43:51:80:3b:f8:df:55:59:7e:16:
                    db:35:48:6a:0f:2c:21:66:74:fd:39:9c:3f:86:ce:
                    ec:69:0e:b7:de:36:56:a7:8a:3e:f4:8a:f2:0b:3f:
                    2f:07:2f:da:8a:65:27:14:a4:40:9a:8e:37:8a:64:
                    0f:32:3e:45:38:82:97:37:ba:88:da:5d:65:29:25:
                    92:6a:92:4e:ea:cd:f7:8f:76:c1:28:50:24:07:b1:
                    c9:7d:eb:68:8e:1e:75:2e:9c:27:b7:5e:85:38:df:
                    c8:62:d5:09:b2:a3:b7:a1:92:5b:27:84:76:5d:b3:
                    b6:12:0b:e0:0c:be:c5:fb:39:e3:65:cd:62:2a:03:
                    67:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A4:AC:87:91:15:9B:68:86:22:4A:DA:81:7F:27:77:14:4F:2F:E3
            X509v3 Authority Key Identifier:
                keyid:A9:78:C3:65:5C:5A:60:97:12:E7:55:10:0D:98:89:2A:E1:C8:E5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/QaSsh5EVm2iGIkragX8ndxRPL-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.40.0/22
                IPv6:
                  2a0e:d800::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:e8:24:7e:40:10:bd:7d:6a:51:bd:a2:18:4d:e2:bf:b1:30:
         bb:55:24:07:0e:97:5b:22:cb:b9:c4:2c:6e:ed:65:2e:83:8e:
         f1:5e:b1:51:21:be:01:2f:25:94:7b:ea:e4:76:e7:34:78:dd:
         62:5d:fe:fb:39:b3:0e:2b:0c:92:a8:29:ba:29:05:59:35:c6:
         0e:17:1b:d7:d0:9d:ba:ec:00:13:90:e1:71:a0:84:19:05:cb:
         08:33:39:07:4a:32:b6:4c:26:f1:b8:dd:b0:79:f4:15:2e:c0:
         00:89:9d:e0:00:37:7c:ba:3d:0d:c1:df:cd:a2:54:f7:b6:11:
         1c:fb:21:96:8f:a9:8f:f6:e9:67:2b:1c:69:e4:70:45:fc:f4:
         7f:c3:4a:90:b2:7a:96:da:3f:12:ad:5d:73:29:29:16:98:5c:
         28:94:e8:0e:d6:bc:c9:8c:25:ab:c4:9d:02:76:39:bb:c7:f3:
         45:09:bf:d0:18:6b:f6:f2:59:4e:fe:c7:0c:a1:c3:3c:80:51:
         4f:4f:f5:89:22:38:c5:f3:2a:ab:90:38:c3:c8:fb:83:d9:07:
         a1:0b:6b:3f:78:5e:5a:19:fc:c3:17:cd:56:64:ac:a2:d6:f8:
         9e:f4:70:b3:f0:f8:61:c9:87:23:21:c4:8a:a0:9a:12:aa:6b:
         cf:41:3a:75
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKjSXpV94KP+Hr/YYaonJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NzhjMzY1NWM1YTYwOTcxMmU3NTUxMDBkOTg4OTJhZTFj
OGU1ZWIwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWE0YWM4NzkxMTU5YjY4ODYyMjRhZGE4MTdmMjc3NzE0NGYyZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/GRFoSYAG63MVnhQvHX87ZuQPDs
BJdii976bsIwqDiJ974nEWaGYONQLBYAPNLIsy9+g3GnrAXa4IGHDonszGSVfZmC
EdQjZtQ/i74gVNFdAS2sEYF2iW4TEuauR5JBqKhoF5BQFP+wBhmcAnDJkr6fUQxO
/R7MfdoiqUNRgDv431VZfhbbNUhqDywhZnT9OZw/hs7saQ633jZWp4o+9IryCz8v
By/aimUnFKRAmo43imQPMj5FOIKXN7qI2l1lKSWSapJO6s33j3bBKFAkB7HJfeto
jh51Lpwnt16FON/IYtUJsqO3oZJbJ4R2XbO2EgvgDL7F+znjZc1iKgNnuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEGkrIeRFZtohiJK2oF/J3cUTy/jMB8GA1UdIwQY
MBaAFKl4w2VcWmCXEudVEA2YiSrhyOXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVhqRFpWeGFZSmNTNTFVUURaaUpLdUhJNWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kYTYxNGItZGQxOS00MWUwLWE3YzQt
NjZmZDIzZWVjMzRkLzEvUWFTc2g1RVZtMmlHSWtyYWdYOG5keFJQTC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kYTYxNGItZGQxOS00MWUwLWE3YzQtNjZmZDIzZWVjMzRk
LzEvcVhqRFpWeGFZSmNTNTFVUURaaUpLdUhJNWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbYoMA0E
AgACMAcDBQMqDtgAMA0GCSqGSIb3DQEBCwUAA4IBAQBU6CR+QBC9fWpRvaIYTeK/
sTC7VSQHDpdbIsu5xCxu7WUug47xXrFRIb4BLyWUe+rkduc0eN1iXf77ObMOKwyS
qCm6KQVZNcYOFxvX0J267AATkOFxoIQZBcsIMzkHSjK2TCbxuN2wefQVLsAAiZ3g
ADd8uj0Nwd/NolT3thEc+yGWj6mP9ulnKxxp5HBF/PR/w0qQsnqW2j8SrV1zKSkW
mFwolOgO1rzJjCWrxJ0Cdjm7x/NFCb/QGGv28llO/scMocM8gFFPT/WJIjjF8yqr
kDjDyPuD2QehC2s/eF5aGfzDF81WZKyi1vie9HCz8PhhyYcjIcSKoJoSqmvPQTp1
-----END CERTIFICATE-----