Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/q1ryjkY_iEV-oScuIsNNe4pjYwQ.roa
File:                     q1ryjkY_iEV-oScuIsNNe4pjYwQ.roa (raw, json)
Hash identifier:          lX/VP3av7Bj0/RryW9SylhQbD4PNdpXxRi+d7IlrT9c=
Subject key identifier:   AB:5A:F2:8E:46:3F:88:45:7E:A1:27:2E:22:C3:4D:7B:8A:63:63:04
Certificate issuer:       /CN=a3de4c3b6daa5a698bf307cc391282ab2987d617
Certificate serial:       018CC94DD2189B4A9FCD4E3B52553C85DA2E
Authority key identifier: A3:DE:4C:3B:6D:AA:5A:69:8B:F3:07:CC:39:12:82:AB:29:87:D6:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o95MO22qWmmL8wfMORKCqymH1hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/q1ryjkY_iEV-oScuIsNNe4pjYwQ.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57711
IP address blocks:        171.25.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/o95MO22qWmmL8wfMORKCqymH1hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/o95MO22qWmmL8wfMORKCqymH1hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o95MO22qWmmL8wfMORKCqymH1hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d2:18:9b:4a:9f:cd:4e:3b:52:55:3c:85:da:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3de4c3b6daa5a698bf307cc391282ab2987d617
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab5af28e463f88457ea1272e22c34d7b8a636304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c8:fc:51:bc:ae:3c:84:0d:04:57:68:92:4e:
                    65:e0:a0:5b:be:79:d1:3c:52:cd:e2:e9:b9:9a:20:
                    47:08:d3:2d:2e:ff:6f:41:9f:e9:d0:cd:4c:12:19:
                    bf:0e:20:f0:b5:a4:3d:b6:70:9c:1b:b1:a4:0c:92:
                    3f:dc:8d:d9:70:a5:0f:fd:dd:da:65:6b:3d:08:e7:
                    86:24:72:32:19:84:6e:69:a5:c4:5f:74:22:bb:64:
                    0b:4b:8a:d7:29:98:c6:be:a4:44:a5:e8:59:61:15:
                    7d:37:2c:f0:5c:80:0b:45:09:0b:41:79:4a:03:8c:
                    0e:f7:6b:53:0b:d5:36:23:60:bb:97:03:09:12:97:
                    1f:b5:c5:90:31:4f:d8:08:e2:f6:07:bc:3c:1f:43:
                    9c:dd:1d:9f:98:e4:82:51:75:ef:4c:20:b3:c1:23:
                    a2:47:83:ba:d9:88:c0:d9:9c:76:5b:1f:66:b8:e1:
                    f6:92:4c:f8:a8:94:a2:1f:9c:f0:92:f9:4c:88:a1:
                    0e:e3:f9:e9:85:28:c2:95:47:84:96:31:5f:62:45:
                    92:b3:80:62:7c:73:c9:ec:04:19:c2:19:e7:30:65:
                    66:c8:ea:89:d4:93:45:d2:88:41:a6:3e:8e:02:ca:
                    1e:5f:d2:7b:68:c3:d6:1b:37:63:2a:5f:82:ef:76:
                    86:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5A:F2:8E:46:3F:88:45:7E:A1:27:2E:22:C3:4D:7B:8A:63:63:04
            X509v3 Authority Key Identifier:
                keyid:A3:DE:4C:3B:6D:AA:5A:69:8B:F3:07:CC:39:12:82:AB:29:87:D6:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o95MO22qWmmL8wfMORKCqymH1hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/q1ryjkY_iEV-oScuIsNNe4pjYwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4c9fbe-1725-4116-9ef3-0af2c5c4cc0f/1/o95MO22qWmmL8wfMORKCqymH1hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:15:a1:22:34:3e:f5:d5:e0:c4:13:79:e4:62:18:e8:2c:09:
         5d:92:18:34:6a:80:06:c0:d4:96:f0:28:7d:7f:8f:72:66:01:
         69:ba:00:f5:ee:30:cd:35:57:2b:92:33:26:9d:3a:8d:0f:5a:
         66:9d:01:22:7f:3a:68:42:5f:b0:b7:6b:48:46:ad:aa:4f:51:
         8a:db:5b:b1:eb:5c:10:0a:66:eb:7f:67:8c:65:92:c2:11:cd:
         7a:27:1b:c6:73:91:3e:40:82:c5:23:3d:1e:36:e8:56:d0:ec:
         d9:e3:c2:0a:21:00:4f:5e:08:ce:02:ff:4f:e8:2c:ac:bf:d9:
         9f:82:68:78:e4:a1:4b:77:63:6e:94:81:7d:a5:cc:7b:0d:a5:
         5b:e6:ee:13:46:4f:f4:a3:c4:12:7a:3c:81:2b:d5:cc:8f:93:
         98:ce:71:6a:ec:d9:e6:86:75:37:eb:15:e0:0f:48:0e:20:2e:
         48:0b:e7:0f:16:66:8d:3f:2e:07:94:26:9e:4b:4a:fb:32:48:
         33:d7:4a:a2:7e:1d:22:13:22:b1:fa:50:ae:a1:52:22:08:e6:
         c2:00:57:05:da:51:68:d3:d9:5b:1d:cb:86:50:b2:28:9d:b2:
         d0:97:66:e2:4b:6b:6e:f3:72:22:57:b9:4a:90:ed:4a:39:e3:
         63:22:51:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdIYm0qfzU47UlU8hdouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZGU0YzNiNmRhYTVhNjk4YmYzMDdjYzM5MTI4MmFiMjk4
N2Q2MTcwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVhZjI4ZTQ2M2Y4ODQ1N2VhMTI3MmUyMmMzNGQ3YjhhNjM2MzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8j8UbyuPIQNBFdokk5l4KBbvnnR
PFLN4um5miBHCNMtLv9vQZ/p0M1MEhm/DiDwtaQ9tnCcG7GkDJI/3I3ZcKUP/d3a
ZWs9COeGJHIyGYRuaaXEX3Qiu2QLS4rXKZjGvqREpehZYRV9NyzwXIALRQkLQXlK
A4wO92tTC9U2I2C7lwMJEpcftcWQMU/YCOL2B7w8H0Oc3R2fmOSCUXXvTCCzwSOi
R4O62YjA2Zx2Wx9muOH2kkz4qJSiH5zwkvlMiKEO4/nphSjClUeEljFfYkWSs4Bi
fHPJ7AQZwhnnMGVmyOqJ1JNF0ohBpj6OAsoeX9J7aMPWGzdjKl+C73aGvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKta8o5GP4hFfqEnLiLDTXuKY2MEMB8GA1UdIwQY
MBaAFKPeTDttqlppi/MHzDkSgqsph9YXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzk1TU8yMnFXbW1MOHdmTU9SS0NxeW1IMWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80YzlmYmUtMTcyNS00MTE2LTllZjMt
MGFmMmM1YzRjYzBmLzEvcTFyeWprWV9pRVYtb1NjdUlzTk5lNHBqWXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80YzlmYmUtMTcyNS00MTE2LTllZjMtMGFmMmM1YzRjYzBm
LzEvbzk1TU8yMnFXbW1MOHdmTU9SS0NxeW1IMWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxn4MA0G
CSqGSIb3DQEBCwUAA4IBAQAhFaEiND711eDEE3nkYhjoLAldkhg0aoAGwNSW8Ch9
f49yZgFpugD17jDNNVcrkjMmnTqND1pmnQEifzpoQl+wt2tIRq2qT1GK21ux61wQ
Cmbrf2eMZZLCEc16JxvGc5E+QILFIz0eNuhW0OzZ48IKIQBPXgjOAv9P6Cysv9mf
gmh45KFLd2NulIF9pcx7DaVb5u4TRk/0o8QSejyBK9XMj5OYznFq7NnmhnU36xXg
D0gOIC5IC+cPFmaNPy4HlCaeS0r7Mkgz10qifh0iEyKx+lCuoVIiCObCAFcF2lFo
09lbHcuGULIonbLQl2biS2tu83IiV7lKkO1KOeNjIlEd
-----END CERTIFICATE-----