Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/qjD5UoPRmJy4VCs_6AHCZyWT-dU.roa
File:                     qjD5UoPRmJy4VCs_6AHCZyWT-dU.roa (raw, json)
Hash identifier:          5dme5cSENJJ2ltXwBhf7CqmzQ1OE2YO+oVmEGj4ce04=
Subject key identifier:   AA:30:F9:52:83:D1:98:9C:B8:54:2B:3F:E8:01:C2:67:25:93:F9:D5
Certificate issuer:       /CN=da27113db55b63b67a4a627a7008a8afc2bcc42c
Certificate serial:       018CC42521A2698F7EECD7E78D4530825562
Authority key identifier: DA:27:11:3D:B5:5B:63:B6:7A:4A:62:7A:70:08:A8:AF:C2:BC:C4:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/qjD5UoPRmJy4VCs_6AHCZyWT-dU.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        146.66.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:21:a2:69:8f:7e:ec:d7:e7:8d:45:30:82:55:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da27113db55b63b67a4a627a7008a8afc2bcc42c
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa30f95283d1989cb8542b3fe801c2672593f9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8e:89:4e:a0:5e:91:5b:24:8b:ef:9a:31:ac:
                    3b:59:74:06:0a:e8:8b:54:9c:e3:77:d1:60:11:11:
                    c0:13:c6:f0:67:d0:d0:f4:45:51:c6:16:f8:f9:a4:
                    16:cf:b0:12:d9:db:68:42:1a:ec:03:05:9b:69:4a:
                    33:77:bc:f6:72:c8:35:a1:f6:bf:e3:fd:6b:82:30:
                    c3:0b:8d:56:4e:5c:12:f6:4c:17:cd:f6:31:ad:d9:
                    b2:64:b9:ca:ff:12:9d:f0:52:89:f5:5e:79:5f:e8:
                    59:94:fa:3a:c1:db:41:4d:4f:e6:69:a4:71:5f:e0:
                    72:9e:f0:12:ba:ba:e1:a4:d5:a4:ea:db:68:03:3e:
                    29:b8:26:72:65:bc:b6:c5:f7:f7:a4:5d:de:4e:9a:
                    fb:2b:6f:16:63:21:92:3c:45:be:d0:12:87:f7:ed:
                    23:d0:a2:74:5c:7f:53:d6:62:28:44:9c:ba:45:03:
                    cb:1d:d2:69:a6:8c:2c:2d:b2:44:6b:63:e6:69:78:
                    49:3c:8b:da:24:f1:70:04:5e:ce:61:40:93:40:c5:
                    c3:4d:78:30:b3:60:f1:38:9d:78:17:46:d1:ac:7f:
                    c5:8f:5e:a7:c1:64:e1:39:23:f6:67:40:dc:ab:92:
                    28:72:35:95:af:0e:1e:d7:04:7b:a1:20:a7:49:de:
                    71:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:30:F9:52:83:D1:98:9C:B8:54:2B:3F:E8:01:C2:67:25:93:F9:D5
            X509v3 Authority Key Identifier:
                keyid:DA:27:11:3D:B5:5B:63:B6:7A:4A:62:7A:70:08:A8:AF:C2:BC:C4:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/qjD5UoPRmJy4VCs_6AHCZyWT-dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.66.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:14:e7:a6:29:a8:b8:50:e6:9e:f2:47:1c:7b:d1:5f:6d:16:
         4d:b7:71:b8:b3:f8:a0:32:af:56:cb:b5:f6:d9:1a:33:e2:c9:
         63:22:6d:0f:02:70:48:52:3b:be:2f:08:0e:e8:6c:ef:bf:b6:
         ae:07:1e:42:42:46:5d:25:45:b3:cb:38:4a:19:6f:7d:3d:00:
         69:db:a4:7f:ca:ee:28:00:b0:4b:98:8a:4f:72:e7:06:a6:9e:
         60:bf:82:ae:f3:af:03:85:ba:95:51:1d:4f:7a:f0:98:57:25:
         72:64:f8:a5:d3:e8:04:77:dd:2c:01:23:b7:52:e6:e5:80:43:
         ca:ca:76:a8:55:87:c4:fd:8a:a5:91:4c:2d:e6:61:36:5e:9c:
         6b:79:66:6b:62:ab:c5:05:a3:24:dd:2a:eb:05:52:9a:70:b9:
         4c:cd:eb:84:8c:c2:b0:a4:5d:63:89:4e:fa:28:41:5f:56:f2:
         bb:72:26:57:76:83:1d:1f:ee:c3:ac:07:e9:f3:6b:dd:3c:14:
         3e:0b:30:ad:cd:65:2c:c2:d6:d9:ce:ab:c5:52:48:74:00:2f:
         3e:d5:5e:d6:28:9b:24:18:b0:38:49:10:e7:45:8a:e0:5b:00:
         fc:81:d2:0e:cc:29:f8:0c:b3:4a:4c:78:54:82:89:46:05:ce:
         4d:fb:1d:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSGiaY9+7NfnjUUwglViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjcxMTNkYjU1YjYzYjY3YTRhNjI3YTcwMDhhOGFmYzJi
Y2M0MmMwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMwZjk1MjgzZDE5ODljYjg1NDJiM2ZlODAxYzI2NzI1OTNmOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY6JTqBekVski++aMaw7WXQGCuiL
VJzjd9FgERHAE8bwZ9DQ9EVRxhb4+aQWz7AS2dtoQhrsAwWbaUozd7z2csg1ofa/
4/1rgjDDC41WTlwS9kwXzfYxrdmyZLnK/xKd8FKJ9V55X+hZlPo6wdtBTU/maaRx
X+BynvASurrhpNWk6ttoAz4puCZyZby2xff3pF3eTpr7K28WYyGSPEW+0BKH9+0j
0KJ0XH9T1mIoRJy6RQPLHdJppowsLbJEa2PmaXhJPIvaJPFwBF7OYUCTQMXDTXgw
s2DxOJ14F0bRrH/Fj16nwWThOSP2Z0Dcq5IocjWVrw4e1wR7oSCnSd5xmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKow+VKD0ZicuFQrP+gBwmclk/nVMB8GA1UdIwQY
MBaAFNonET21W2O2ekpienAIqK/CvMQsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmljUlBiVmJZN1o2U21KNmNBaW9yOEs4eEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hNWY5MzEtNmZhOC00Y2YwLThmOTct
MjNiMjhmMzlhNjAyLzEvcWpENVVvUFJtSnk0VkNzXzZBSENaeVdULWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hNWY5MzEtNmZhOC00Y2YwLThmOTctMjNiMjhmMzlhNjAy
LzEvMmljUlBiVmJZN1o2U21KNmNBaW9yOEs4eEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkkIDMA0G
CSqGSIb3DQEBCwUAA4IBAQARFOemKai4UOae8kcce9FfbRZNt3G4s/igMq9Wy7X2
2Roz4sljIm0PAnBIUju+LwgO6Gzvv7auBx5CQkZdJUWzyzhKGW99PQBp26R/yu4o
ALBLmIpPcucGpp5gv4Ku868DhbqVUR1PevCYVyVyZPil0+gEd90sASO3UublgEPK
ynaoVYfE/YqlkUwt5mE2XpxreWZrYqvFBaMk3SrrBVKacLlMzeuEjMKwpF1jiU76
KEFfVvK7ciZXdoMdH+7DrAfp82vdPBQ+CzCtzWUswtbZzqvFUkh0AC8+1V7WKJsk
GLA4SRDnRYrgWwD8gdIOzCn4DLNKTHhUgolGBc5N+x0H
-----END CERTIFICATE-----