Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/qKs1YWZUrZZ3gjRwE3dglX4BIeM.roa
File:                     qKs1YWZUrZZ3gjRwE3dglX4BIeM.roa (raw, json)
Hash identifier:          +LfEhJeRaLV5Z8wfcDeb4S7e0iNY1GBXp3UGrFDI7is=
Subject key identifier:   A8:AB:35:61:66:54:AD:96:77:82:34:70:13:77:60:95:7E:01:21:E3
Certificate issuer:       /CN=acb54bcc49291a1f32b7cead4f296882d0531492
Certificate serial:       018CC4935ECFB89604C55E091B9BE2C28B82
Authority key identifier: AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/qKs1YWZUrZZ3gjRwE3dglX4BIeM.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        5.178.112.0/21 maxlen: 24
                          185.105.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5e:cf:b8:96:04:c5:5e:09:1b:9b:e2:c2:8b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acb54bcc49291a1f32b7cead4f296882d0531492
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8ab35616654ad9677823470137760957e0121e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a0:31:d0:a1:07:2c:15:01:83:0a:22:36:98:
                    ea:ea:f2:86:56:72:4e:30:63:5a:29:0e:e7:8d:0f:
                    76:51:7b:34:39:1d:4d:e4:00:aa:0f:31:28:f0:73:
                    88:c3:fd:70:fc:37:fe:e1:0f:19:cc:04:ea:db:93:
                    8d:40:73:b0:38:df:47:d8:48:d2:91:7f:6c:2b:cb:
                    dc:a6:62:c6:79:59:69:f6:66:b7:99:30:97:57:f5:
                    d5:30:1a:90:21:d8:2c:45:a0:b0:af:c2:3c:58:82:
                    46:b0:a0:0b:71:2e:aa:b1:75:4c:47:f4:50:5d:28:
                    c8:b0:3e:d8:1e:66:fa:8e:fb:9d:48:2a:0a:a6:5c:
                    c9:d2:b1:8c:cd:fa:0d:84:f6:f6:d6:32:ea:99:26:
                    a4:66:fb:8a:d3:81:a6:8b:6d:a1:84:51:93:39:d9:
                    f7:66:16:c8:82:99:ee:7e:5b:7c:27:ff:2a:64:a2:
                    f4:78:3e:6c:ec:b1:90:ab:2c:39:6c:5c:77:1c:a6:
                    0b:c8:a1:c3:c3:41:ba:fc:80:3d:c3:57:5d:f8:31:
                    b5:34:fe:0c:b9:1a:c6:3b:27:31:0a:dc:64:e6:f6:
                    13:8d:a5:53:6c:ee:2b:4f:1c:e0:b1:93:23:3a:96:
                    bf:6a:8f:72:13:00:b4:cf:a8:36:a7:17:34:9d:95:
                    7d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:AB:35:61:66:54:AD:96:77:82:34:70:13:77:60:95:7E:01:21:E3
            X509v3 Authority Key Identifier:
                keyid:AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/qKs1YWZUrZZ3gjRwE3dglX4BIeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.112.0/21
                  185.105.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:c6:94:a5:a8:28:9a:ac:10:2d:92:a2:c3:00:b6:dc:60:e8:
         5a:45:69:3a:1e:f5:bc:6e:7d:be:af:a1:e9:41:c1:28:84:dd:
         02:07:b7:9c:57:e3:ef:62:0a:d4:e4:12:47:df:f0:05:69:66:
         8c:9a:72:27:2e:66:59:21:6c:b8:58:ab:d4:6a:f4:e5:0e:f7:
         3a:06:c8:62:3a:2d:6a:6b:14:9b:09:e2:f9:c7:23:d4:da:58:
         a2:f6:7b:a9:93:d1:b4:75:77:e5:8d:6a:9f:9b:dc:bd:ff:14:
         91:c2:89:f8:30:0f:3d:5c:89:7e:35:b3:ee:50:1b:81:d2:83:
         cb:2b:87:bf:ae:5b:eb:69:e6:1d:69:d4:8f:c2:b4:a4:fc:13:
         e8:1f:26:ee:d4:aa:98:ff:ec:cd:6f:16:57:7f:36:12:7c:7c:
         64:02:41:b9:24:51:70:06:98:2e:e3:e5:16:09:a9:9e:89:d9:
         25:0a:d2:a1:41:f0:1a:ce:af:a0:3b:52:37:f1:71:ec:4c:11:
         fd:4e:8f:32:9a:b9:62:22:34:d5:ba:9a:a3:2c:b1:22:d6:1f:
         a2:b1:db:4b:e0:10:0e:2d:0d:75:78:9c:0f:ab:7b:57:22:82:
         25:55:53:c0:54:b4:07:16:7d:d0:14:c0:e5:11:17:89:4e:1b:
         31:3a:10:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk17PuJYExV4JG5viwouCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYjU0YmNjNDkyOTFhMWYzMmI3Y2VhZDRmMjk2ODgyZDA1
MzE0OTIwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGFiMzU2MTY2NTRhZDk2Nzc4MjM0NzAxMzc3NjA5NTdlMDEyMWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6Ax0KEHLBUBgwoiNpjq6vKGVnJO
MGNaKQ7njQ92UXs0OR1N5ACqDzEo8HOIw/1w/Df+4Q8ZzATq25ONQHOwON9H2EjS
kX9sK8vcpmLGeVlp9ma3mTCXV/XVMBqQIdgsRaCwr8I8WIJGsKALcS6qsXVMR/RQ
XSjIsD7YHmb6jvudSCoKplzJ0rGMzfoNhPb21jLqmSakZvuK04Gmi22hhFGTOdn3
ZhbIgpnuflt8J/8qZKL0eD5s7LGQqyw5bFx3HKYLyKHDw0G6/IA9w1dd+DG1NP4M
uRrGOycxCtxk5vYTjaVTbO4rTxzgsZMjOpa/ao9yEwC0z6g2pxc0nZV98wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKirNWFmVK2Wd4I0cBN3YJV+ASHjMB8GA1UdIwQY
MBaAFKy1S8xJKRofMrfOrU8paILQUxSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYt
YWYzYTY4NWQ1NzlmLzEvcUtzMVlXWlVyWlozZ2pSd0UzZGdsWDRCSWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYtYWYzYTY4NWQ1Nzlm
LzEvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBbJwAwQC
uWlMMA0GCSqGSIb3DQEBCwUAA4IBAQABxpSlqCiarBAtkqLDALbcYOhaRWk6HvW8
bn2+r6HpQcEohN0CB7ecV+PvYgrU5BJH3/AFaWaMmnInLmZZIWy4WKvUavTlDvc6
BshiOi1qaxSbCeL5xyPU2lii9nupk9G0dXfljWqfm9y9/xSRwon4MA89XIl+NbPu
UBuB0oPLK4e/rlvraeYdadSPwrSk/BPoHybu1KqY/+zNbxZXfzYSfHxkAkG5JFFw
Bpgu4+UWCameidklCtKhQfAazq+gO1I38XHsTBH9To8ymrliIjTVupqjLLEi1h+i
sdtL4BAOLQ11eJwPq3tXIoIlVVPAVLQHFn3QFMDlEReJThsxOhAV
-----END CERTIFICATE-----