Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/QEI21wgd6CGqV3wRnK_DeDNJa38.roa
File:                     QEI21wgd6CGqV3wRnK_DeDNJa38.roa (raw, json)
Hash identifier:          J7n7b21iQixdjZbFjgvYBjJg0SMcswX+2qRZt9hfTvU=
Subject key identifier:   40:42:36:D7:08:1D:E8:21:AA:57:7C:11:9C:AF:C3:78:33:49:6B:7F
Certificate issuer:       /CN=7b6d28404044239ef58242f210e0b16667eb40d0
Certificate serial:       018CC493326B3205388AC2E5E3F1BB6D1E94
Authority key identifier: 7B:6D:28:40:40:44:23:9E:F5:82:42:F2:10:E0:B1:66:67:EB:40:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e20oQEBEI571gkLyEOCxZmfrQNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/QEI21wgd6CGqV3wRnK_DeDNJa38.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        193.5.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/e20oQEBEI571gkLyEOCxZmfrQNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/e20oQEBEI571gkLyEOCxZmfrQNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e20oQEBEI571gkLyEOCxZmfrQNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:32:6b:32:05:38:8a:c2:e5:e3:f1:bb:6d:1e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b6d28404044239ef58242f210e0b16667eb40d0
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404236d7081de821aa577c119cafc37833496b7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0a:8f:b3:c9:26:94:83:44:ce:3d:8f:5d:76:
                    04:e4:4a:9c:94:0b:11:72:dc:23:5a:1d:5c:e4:47:
                    dd:1d:cb:25:a5:87:ce:1b:2d:13:b7:d8:8e:c7:c2:
                    3e:fc:42:c8:2b:c2:79:82:5d:fd:5e:2b:f5:b0:c6:
                    8f:ed:85:59:d7:c2:57:1a:cd:26:c7:ab:a9:36:0e:
                    ca:03:c6:0c:c8:cd:86:b8:21:0d:e9:ce:dc:d0:be:
                    fe:ac:d6:b9:4e:a5:33:38:77:d4:1c:7e:df:89:9b:
                    a6:a1:ff:42:e6:6b:5a:5f:ec:3b:dd:09:0e:a9:b7:
                    b6:94:28:60:17:cb:87:df:ee:c3:d8:8e:2d:d9:ae:
                    f7:0b:9e:6c:fa:1e:b8:b9:99:da:b3:7c:42:75:c5:
                    ea:44:cf:72:b6:c7:4b:89:cd:b7:c9:cf:fb:20:c4:
                    79:a9:90:10:08:d3:94:01:e2:e7:b5:47:f8:ec:ff:
                    7b:65:62:32:4b:d4:af:cd:e0:68:82:ab:84:58:c4:
                    81:0c:a2:b1:cc:f1:30:59:30:95:9a:3c:c4:32:08:
                    11:50:2d:c2:da:9f:f8:f5:03:f8:90:3b:13:8d:24:
                    e7:6d:6d:1d:87:60:f3:a6:ea:f1:86:82:a0:d5:41:
                    3f:05:33:36:63:a3:07:5b:88:22:43:fc:f8:bd:f9:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:42:36:D7:08:1D:E8:21:AA:57:7C:11:9C:AF:C3:78:33:49:6B:7F
            X509v3 Authority Key Identifier:
                keyid:7B:6D:28:40:40:44:23:9E:F5:82:42:F2:10:E0:B1:66:67:EB:40:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e20oQEBEI571gkLyEOCxZmfrQNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/QEI21wgd6CGqV3wRnK_DeDNJa38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c3289f-76e9-4893-9cd1-a65fbd830358/1/e20oQEBEI571gkLyEOCxZmfrQNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ac:e6:8c:9b:a8:56:c7:3a:83:42:83:82:a0:44:f0:e1:fb:
         54:c3:75:25:06:3e:2e:7b:60:fa:11:74:90:e8:50:5a:9d:b7:
         a9:b2:26:3d:14:c3:fe:f2:9b:3c:22:a3:30:19:47:b1:93:d4:
         d7:d0:c1:3d:86:f7:1d:e3:63:ef:98:71:74:7c:72:bc:8c:15:
         9a:a4:65:1b:b5:65:ab:2d:0f:39:99:48:11:12:90:62:06:08:
         ae:1d:9a:b2:41:34:9d:08:c7:95:bf:b7:d9:7b:17:13:e0:84:
         e3:44:54:7e:50:52:28:0e:61:4c:23:53:d3:10:b0:c5:c2:84:
         23:0e:99:e1:7f:fb:83:82:94:ca:aa:11:e0:1e:6e:cf:64:3d:
         34:ab:15:0a:e5:97:0c:b7:96:71:7c:ee:62:2c:a7:ec:5d:81:
         c6:a5:a2:3e:05:3e:bb:86:fe:60:d1:4a:84:05:f6:b0:7c:fb:
         8f:b3:fc:d7:11:cf:07:ba:46:26:db:bf:88:88:7f:39:7c:56:
         c4:47:94:17:ff:56:76:a0:0d:10:ac:67:e0:6c:95:31:aa:a9:
         bb:65:a7:2a:b1:84:bc:38:f2:99:a9:56:a1:03:f6:11:9c:bf:
         a1:2e:6e:33:0e:cd:1b:1a:88:aa:44:a1:91:f4:a1:2b:38:45:
         df:1d:fc:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzJrMgU4isLl4/G7bR6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNmQyODQwNDA0NDIzOWVmNTgyNDJmMjEwZTBiMTY2Njdl
YjQwZDAwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQyMzZkNzA4MWRlODIxYWE1NzdjMTE5Y2FmYzM3ODMzNDk2YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAqPs8kmlINEzj2PXXYE5EqclAsR
ctwjWh1c5EfdHcslpYfOGy0Tt9iOx8I+/ELIK8J5gl39Xiv1sMaP7YVZ18JXGs0m
x6upNg7KA8YMyM2GuCEN6c7c0L7+rNa5TqUzOHfUHH7fiZumof9C5mtaX+w73QkO
qbe2lChgF8uH3+7D2I4t2a73C55s+h64uZnas3xCdcXqRM9ytsdLic23yc/7IMR5
qZAQCNOUAeLntUf47P97ZWIyS9SvzeBogquEWMSBDKKxzPEwWTCVmjzEMggRUC3C
2p/49QP4kDsTjSTnbW0dh2DzpurxhoKg1UE/BTM2Y6MHW4giQ/z4vfkq0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBCNtcIHeghqld8EZyvw3gzSWt/MB8GA1UdIwQY
MBaAFHttKEBARCOe9YJC8hDgsWZn60DQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTIwb1FFQkVJNTcxZ2tMeUVPQ3habWZyUU5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMzI4OWYtNzZlOS00ODkzLTljZDEt
YTY1ZmJkODMwMzU4LzEvUUVJMjF3Z2Q2Q0dxVjN3Um5LX0RlRE5KYTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMzI4OWYtNzZlOS00ODkzLTljZDEtYTY1ZmJkODMwMzU4
LzEvZTIwb1FFQkVJNTcxZ2tMeUVPQ3habWZyUU5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQU1MA0G
CSqGSIb3DQEBCwUAA4IBAQA/rOaMm6hWxzqDQoOCoETw4ftUw3UlBj4ue2D6EXSQ
6FBanbepsiY9FMP+8ps8IqMwGUexk9TX0ME9hvcd42PvmHF0fHK8jBWapGUbtWWr
LQ85mUgREpBiBgiuHZqyQTSdCMeVv7fZexcT4ITjRFR+UFIoDmFMI1PTELDFwoQj
Dpnhf/uDgpTKqhHgHm7PZD00qxUK5ZcMt5ZxfO5iLKfsXYHGpaI+BT67hv5g0UqE
BfawfPuPs/zXEc8HukYm27+IiH85fFbER5QX/1Z2oA0QrGfgbJUxqqm7ZacqsYS8
OPKZqVahA/YRnL+hLm4zDs0bGoiqRKGR9KErOEXfHfxk
-----END CERTIFICATE-----