Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/w5KrojTIWmQgzGkNcxYQ9osYuWA.roa
File:                     w5KrojTIWmQgzGkNcxYQ9osYuWA.roa (raw, json)
Hash identifier:          QYM8HM6ATEJO3VQFVzjuVyvmSlaLYV47HQTVPLGorXo=
Subject key identifier:   C3:92:AB:A2:34:C8:5A:64:20:CC:69:0D:73:16:10:F6:8B:18:B9:60
Certificate issuer:       /CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
Certificate serial:       018CC94E22CAA6FFEC8962CDDAC78F4AF1E6
Authority key identifier: 87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/w5KrojTIWmQgzGkNcxYQ9osYuWA.roa
Signing time:             Tue 02 Jan 2024 08:33:10 +0000
ROA not before:           Tue 02 Jan 2024 08:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42346
IP address blocks:        185.59.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:22:ca:a6:ff:ec:89:62:cd:da:c7:8f:4a:f1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
        Validity
            Not Before: Jan  2 08:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c392aba234c85a6420cc690d731610f68b18b960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e8:7e:12:b9:49:ab:b7:fc:56:f1:4e:4d:e9:
                    e5:0d:b1:ec:89:c1:61:e3:b6:ae:b8:e4:02:60:17:
                    9d:ad:6a:7b:48:e1:03:58:8c:92:d6:a0:d8:1f:7a:
                    3a:1e:b7:8e:78:23:f6:2c:50:9d:dc:25:8b:72:c3:
                    39:28:7f:f4:ba:c2:fd:d5:c4:ab:c0:44:70:fe:5d:
                    02:05:00:3e:31:04:07:31:d6:e2:56:72:76:f1:2f:
                    14:7e:74:d3:68:4a:43:8e:88:51:62:78:4d:de:c4:
                    0a:62:24:11:f6:45:49:ef:05:63:a2:32:10:c8:33:
                    0f:4d:67:dd:dc:ed:a2:ee:c0:be:0e:b6:9c:8f:12:
                    06:f8:e5:5e:64:a2:69:67:c2:b2:2b:78:24:c8:f1:
                    a8:6e:17:f5:4b:f5:84:84:28:60:a8:0d:aa:ea:05:
                    6d:cd:00:c0:db:b0:55:1f:7a:e6:c3:79:fa:75:82:
                    f7:7c:16:b4:a7:06:52:0f:5b:2f:c1:3e:f7:f0:ae:
                    0f:e5:65:22:7b:a4:1e:ac:21:24:7c:2a:1a:d1:f0:
                    21:a8:fb:16:bc:98:16:03:f1:12:17:51:eb:35:59:
                    02:b0:b5:1e:49:c9:5c:dd:f7:04:21:72:80:47:dc:
                    9d:4f:5f:16:02:97:12:09:76:b8:55:a5:d2:21:33:
                    49:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:92:AB:A2:34:C8:5A:64:20:CC:69:0D:73:16:10:F6:8B:18:B9:60
            X509v3 Authority Key Identifier:
                keyid:87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/w5KrojTIWmQgzGkNcxYQ9osYuWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:93:f7:e2:4f:ee:d4:b5:4e:b5:9a:8e:ca:5f:47:ee:91:0c:
         a1:21:3e:04:32:da:92:7c:79:f8:b7:3d:c0:7e:24:14:b2:d6:
         d9:5f:88:69:c8:1b:b3:92:c6:a0:91:dd:45:12:5f:12:f6:f9:
         f9:47:3b:e3:36:3e:5f:5e:e0:44:84:75:79:c2:70:5b:8b:9c:
         80:ad:fd:28:6f:64:32:ef:d7:00:52:f0:10:b3:0f:00:70:e1:
         5b:86:d9:9c:0c:08:2d:3c:e9:f1:b2:ce:2c:1a:6f:2a:6b:7d:
         02:64:ac:e8:45:e9:0a:f9:4e:bc:6d:83:ba:25:0b:4b:d7:68:
         49:63:fe:a3:9e:03:42:5d:65:68:97:93:41:0d:41:1c:a3:16:
         fa:66:2f:46:f2:fc:43:ee:c3:3e:0b:8c:ee:a6:88:fc:68:78:
         8a:f2:98:7e:92:2e:95:87:b4:08:4b:02:c8:85:b8:77:96:d1:
         bb:ca:8d:f9:4b:c4:77:ce:1f:fc:d5:78:ca:2b:1d:35:4f:a2:
         f8:b9:b5:be:fd:c5:75:eb:90:07:a9:42:e4:81:7c:1b:86:24:
         06:65:19:fd:84:3a:18:3e:89:ba:00:d9:fd:23:26:b5:4b:26:
         55:c3:6e:e4:0b:f9:71:9c:8c:bf:53:57:d5:82:89:59:dc:8d:
         a3:19:c4:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTiLKpv/siWLN2sePSvHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YzM3ZDAzNWQ5NWZlZmJhMWQ0N2Y5OGI5ZmY0OTczZjE3
ZGY2Y2QwHhcNMjQwMTAyMDgzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzkyYWJhMjM0Yzg1YTY0MjBjYzY5MGQ3MzE2MTBmNjhiMThiOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeh+ErlJq7f8VvFOTenlDbHsicFh
47auuOQCYBedrWp7SOEDWIyS1qDYH3o6HreOeCP2LFCd3CWLcsM5KH/0usL91cSr
wERw/l0CBQA+MQQHMdbiVnJ28S8UfnTTaEpDjohRYnhN3sQKYiQR9kVJ7wVjojIQ
yDMPTWfd3O2i7sC+DracjxIG+OVeZKJpZ8KyK3gkyPGobhf1S/WEhChgqA2q6gVt
zQDA27BVH3rmw3n6dYL3fBa0pwZSD1svwT738K4P5WUie6QerCEkfCoa0fAhqPsW
vJgWA/ESF1HrNVkCsLUeSclc3fcEIXKAR9ydT18WApcSCXa4VaXSITNJgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOSq6I0yFpkIMxpDXMWEPaLGLlgMB8GA1UdIwQY
MBaAFIfDfQNdlf77odR/mLn/SXPxffbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTIt
ZTFiN2M3NjQ5ZmEzLzEvdzVLcm9qVElXbVFnekdrTmN4WVE5b3NZdVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTItZTFiN2M3NjQ5ZmEz
LzEvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTs0MA0G
CSqGSIb3DQEBCwUAA4IBAQBvk/fiT+7UtU61mo7KX0fukQyhIT4EMtqSfHn4tz3A
fiQUstbZX4hpyBuzksagkd1FEl8S9vn5RzvjNj5fXuBEhHV5wnBbi5yArf0ob2Qy
79cAUvAQsw8AcOFbhtmcDAgtPOnxss4sGm8qa30CZKzoRekK+U68bYO6JQtL12hJ
Y/6jngNCXWVol5NBDUEcoxb6Zi9G8vxD7sM+C4zupoj8aHiK8ph+ki6Vh7QISwLI
hbh3ltG7yo35S8R3zh/81XjKKx01T6L4ubW+/cV165AHqULkgXwbhiQGZRn9hDoY
Pom6ANn9Iya1SyZVw27kC/lxnIy/U1fVgolZ3I2jGcS+
-----END CERTIFICATE-----