Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/qSJHbp_iF2HpGkhbO8vvCFMLbuA.roa
File:                     qSJHbp_iF2HpGkhbO8vvCFMLbuA.roa (raw, json)
Hash identifier:          PPJnq04JWUT4XKzbit6YVNU0oiGnuS6WXMRzZN2NHfA=
Subject key identifier:   A9:22:47:6E:9F:E2:17:61:E9:1A:48:5B:3B:CB:EF:08:53:0B:6E:E0
Certificate issuer:       /CN=914b7d1e6e72d55c8d1c4a3e8241d71dcf8e3bf1
Certificate serial:       018CC64B33B56925A65656053151C1443261
Authority key identifier: 91:4B:7D:1E:6E:72:D5:5C:8D:1C:4A:3E:82:41:D7:1D:CF:8E:3B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/qSJHbp_iF2HpGkhbO8vvCFMLbuA.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62058
IP address blocks:        185.153.40.0/23 maxlen: 23
                          185.153.40.0/22 maxlen: 22
                          185.153.42.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:33:b5:69:25:a6:56:56:05:31:51:c1:44:32:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914b7d1e6e72d55c8d1c4a3e8241d71dcf8e3bf1
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a922476e9fe21761e91a485b3bcbef08530b6ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:54:6f:fd:45:7a:0a:63:b6:4c:44:c3:81:ef:
                    2e:e5:48:43:05:5c:98:cc:25:5b:c1:a4:b5:d7:4a:
                    fc:be:b9:25:0b:c6:d7:49:ea:e6:e2:a5:f2:5e:62:
                    3a:16:01:3f:58:b3:1e:23:37:7d:bd:e8:f6:ac:a3:
                    da:8e:f8:2c:bd:64:b3:b8:d4:a6:7c:d4:31:25:cf:
                    c0:28:82:7a:62:54:61:a6:17:05:d4:82:c1:b6:e3:
                    92:57:39:d5:2c:4a:fb:11:2a:ab:c9:f3:bc:37:20:
                    91:a3:65:5a:43:3d:7c:02:0f:ca:c1:18:99:3c:e8:
                    fa:d4:90:0a:97:1d:93:c1:52:ff:bf:58:79:91:6a:
                    2a:89:2b:d3:3f:9d:5f:ed:2a:6d:d2:81:cb:8d:a1:
                    d5:4b:c3:83:f9:82:ba:bf:3f:34:da:e0:32:15:92:
                    86:d3:de:fe:96:74:63:fd:9d:50:67:1f:62:eb:e0:
                    70:bb:d7:b3:b9:72:d8:aa:92:a7:06:c4:89:61:c8:
                    07:bc:f3:fb:f1:bd:58:22:6a:3f:be:7b:a2:b6:77:
                    f5:c4:4d:3c:22:4b:99:c9:39:42:37:c8:ec:08:13:
                    b3:4c:b0:7f:22:22:d3:36:6e:5b:f7:75:82:58:61:
                    16:40:b5:a5:5c:94:09:8e:97:0b:d1:d6:91:cb:1a:
                    c2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:22:47:6E:9F:E2:17:61:E9:1A:48:5B:3B:CB:EF:08:53:0B:6E:E0
            X509v3 Authority Key Identifier:
                keyid:91:4B:7D:1E:6E:72:D5:5C:8D:1C:4A:3E:82:41:D7:1D:CF:8E:3B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/qSJHbp_iF2HpGkhbO8vvCFMLbuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:56:56:4e:fd:7d:32:c5:bb:a6:29:21:06:fd:c7:9d:26:d0:
         4b:7e:7b:d5:57:46:34:ce:07:55:d7:7d:62:cf:59:97:40:01:
         56:4a:55:9a:89:8d:e5:5f:eb:c3:cf:b2:60:14:7c:b3:70:db:
         45:af:0e:ee:f3:3d:27:22:dd:ce:8d:03:04:98:d5:70:9a:72:
         e5:55:e4:3d:b9:d9:ed:56:07:78:c8:96:02:33:72:0f:21:6b:
         01:25:a8:14:83:ea:e9:12:fe:ab:ee:6f:69:3a:89:62:93:e4:
         dd:ea:22:ca:1e:04:ec:51:a3:50:af:c1:3d:71:85:02:14:18:
         78:e8:16:ba:c6:92:76:d6:37:21:7c:4f:6a:68:ff:e1:b5:f5:
         d7:e4:a4:2c:57:86:03:c1:57:07:0c:e1:6c:3e:6a:8f:c0:1c:
         85:28:f3:61:da:f6:55:6a:e3:37:a9:0e:fb:d7:5c:3d:01:6a:
         a9:03:8f:72:03:56:85:de:64:43:a1:cf:e9:69:26:2c:6f:a8:
         78:38:9e:36:ff:9b:ec:e9:07:95:6d:7e:98:81:fe:46:ef:76:
         66:31:3e:b1:6c:a3:63:67:17:33:55:b7:38:eb:41:38:cb:54:
         cc:b0:8d:f5:ca:ca:15:c2:7e:37:ad:02:bf:4e:49:9f:30:d3:
         35:81:7d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzO1aSWmVlYFMVHBRDJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGI3ZDFlNmU3MmQ1NWM4ZDFjNGEzZTgyNDFkNzFkY2Y4
ZTNiZjEwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIyNDc2ZTlmZTIxNzYxZTkxYTQ4NWIzYmNiZWYwODUzMGI2ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFRv/UV6CmO2TETDge8u5UhDBVyY
zCVbwaS110r8vrklC8bXSerm4qXyXmI6FgE/WLMeIzd9vej2rKPajvgsvWSzuNSm
fNQxJc/AKIJ6YlRhphcF1ILBtuOSVznVLEr7ESqryfO8NyCRo2VaQz18Ag/KwRiZ
POj61JAKlx2TwVL/v1h5kWoqiSvTP51f7Spt0oHLjaHVS8OD+YK6vz802uAyFZKG
097+lnRj/Z1QZx9i6+Bwu9ezuXLYqpKnBsSJYcgHvPP78b1YImo/vnuitnf1xE08
IkuZyTlCN8jsCBOzTLB/IiLTNm5b93WCWGEWQLWlXJQJjpcL0daRyxrC3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkiR26f4hdh6RpIWzvL7whTC27gMB8GA1UdIwQY
MBaAFJFLfR5uctVcjRxKPoJB1x3PjjvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1V0OUhtNXkxVnlOSEVvLWdrSFhIYy1PT19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MzQ5ZTQtNjljYy00MTQwLWE3NDQt
YWJlZDc0NDE1YjhmLzEvcVNKSGJwX2lGMkhwR2toYk84dnZDRk1MYnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MzQ5ZTQtNjljYy00MTQwLWE3NDQtYWJlZDc0NDE1Yjhm
LzEva1V0OUhtNXkxVnlOSEVvLWdrSFhIYy1PT19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZkoMA0G
CSqGSIb3DQEBCwUAA4IBAQB+VlZO/X0yxbumKSEG/cedJtBLfnvVV0Y0zgdV131i
z1mXQAFWSlWaiY3lX+vDz7JgFHyzcNtFrw7u8z0nIt3OjQMEmNVwmnLlVeQ9udnt
Vgd4yJYCM3IPIWsBJagUg+rpEv6r7m9pOolik+Td6iLKHgTsUaNQr8E9cYUCFBh4
6Ba6xpJ21jchfE9qaP/htfXX5KQsV4YDwVcHDOFsPmqPwByFKPNh2vZVauM3qQ77
11w9AWqpA49yA1aF3mRDoc/paSYsb6h4OJ42/5vs6QeVbX6Ygf5G73ZmMT6xbKNj
ZxczVbc460E4y1TMsI31ysoVwn43rQK/TkmfMNM1gX2E
-----END CERTIFICATE-----