Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/qgMogcgBsFlPHZ0bRh-J4o62kZc.roa
File:                     qgMogcgBsFlPHZ0bRh-J4o62kZc.roa (raw, json)
Hash identifier:          K4tq64TiK2AB18XBi7OZeZqXDcATB5X/WSLTK2Nm7Aw=
Subject key identifier:   AA:03:28:81:C8:01:B0:59:4F:1D:9D:1B:46:1F:89:E2:8E:B6:91:97
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       018CC6B90F15993CFBD194B63FA16884295B
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/qgMogcgBsFlPHZ0bRh-J4o62kZc.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59631
IP address blocks:        158.172.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0f:15:99:3c:fb:d1:94:b6:3f:a1:68:84:29:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa032881c801b0594f1d9d1b461f89e28eb69197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b3:44:cd:bd:4d:53:74:45:9f:f4:6a:b9:ed:
                    db:ab:e1:03:cb:53:9f:fb:83:89:0a:86:22:95:c1:
                    67:b8:43:2f:f0:b5:35:04:f3:3e:ef:f6:dd:81:05:
                    20:d3:c3:68:5d:89:9a:82:90:c9:80:fd:78:66:37:
                    ca:b2:72:54:b0:18:63:16:31:56:e0:e8:05:7c:22:
                    85:7b:a7:5a:07:a0:ce:d3:12:70:e4:23:bd:b5:71:
                    92:9c:2a:15:c8:db:77:80:8c:f5:9d:72:15:2d:22:
                    d1:6a:9c:50:c0:45:e9:42:d1:03:5c:8a:e1:cf:98:
                    fd:de:df:56:c9:b0:38:70:11:84:4d:e2:fb:34:be:
                    28:cf:63:34:ee:df:bb:0b:b5:d0:d5:a7:16:dd:75:
                    9d:46:ca:d2:5a:49:a9:cf:ce:77:28:39:0a:a8:96:
                    b0:01:a5:a8:52:0e:4e:95:fb:a2:0c:62:87:e4:7c:
                    10:43:1b:96:75:1d:40:24:fa:a2:f1:a5:ec:7d:19:
                    a7:99:9e:f7:59:79:83:d9:de:3c:0d:12:d8:a3:c7:
                    f0:91:16:8f:d7:99:28:bb:ff:3a:06:7a:a0:4d:02:
                    3a:85:a0:87:ed:de:03:10:a9:db:ee:1e:7e:84:64:
                    98:2c:61:30:bc:28:75:b3:f9:22:07:0c:87:c9:b1:
                    9c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:03:28:81:C8:01:B0:59:4F:1D:9D:1B:46:1F:89:E2:8E:B6:91:97
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/qgMogcgBsFlPHZ0bRh-J4o62kZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:b2:33:62:07:e6:3d:0b:1c:19:7b:98:75:8a:dd:ef:04:f4:
         86:10:a4:6c:0d:68:95:42:30:aa:db:bb:ff:45:3a:e1:e9:5c:
         a6:40:54:e2:9d:16:07:b6:28:93:53:b6:8c:ae:8a:d4:9f:cc:
         da:b1:d5:31:ac:2b:c5:51:1e:c8:87:15:f2:b5:0b:17:c6:b5:
         5a:4a:99:28:83:0e:d4:e2:88:58:77:d9:3d:c3:79:fa:76:ac:
         83:9c:50:c4:ff:ab:37:04:50:30:ea:17:95:bd:9a:03:c1:08:
         cd:5f:58:4d:0e:88:e2:17:74:7e:37:4d:e5:a4:60:f1:c5:9f:
         90:66:c4:97:92:b9:8c:93:7c:09:02:7b:0c:38:e9:6f:38:d6:
         0d:5a:f2:09:12:05:1e:86:d0:05:11:5e:ff:5c:68:f4:de:b0:
         c6:2c:bf:b2:44:31:ce:d1:6d:fd:93:15:58:81:23:b6:09:1f:
         de:43:d9:22:93:f4:6b:63:8f:b6:ba:16:6b:34:46:13:d8:c5:
         b6:3b:43:88:e0:ba:df:d3:ab:4f:7b:f4:c5:aa:24:ce:08:52:
         2a:90:eb:5e:d7:5f:86:69:fd:63:10:da:bd:aa:0e:eb:cb:e4:
         f2:af:98:b6:64:1a:a0:f4:ca:97:6e:98:f7:ff:df:75:5a:20:
         8a:ce:85:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQ8VmTz70ZS2P6FohClbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTAzMjg4MWM4MDFiMDU5NGYxZDlkMWI0NjFmODllMjhlYjY5MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbNEzb1NU3RFn/Rque3bq+EDy1Of
+4OJCoYilcFnuEMv8LU1BPM+7/bdgQUg08NoXYmagpDJgP14ZjfKsnJUsBhjFjFW
4OgFfCKFe6daB6DO0xJw5CO9tXGSnCoVyNt3gIz1nXIVLSLRapxQwEXpQtEDXIrh
z5j93t9WybA4cBGETeL7NL4oz2M07t+7C7XQ1acW3XWdRsrSWkmpz853KDkKqJaw
AaWoUg5OlfuiDGKH5HwQQxuWdR1AJPqi8aXsfRmnmZ73WXmD2d48DRLYo8fwkRaP
15kou/86BnqgTQI6haCH7d4DEKnb7h5+hGSYLGEwvCh1s/kiBwyHybGcswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoDKIHIAbBZTx2dG0YfieKOtpGXMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvcWdNb2djZ0JzRmxQSFowYlJoLUo0bzYya1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnqyIMA0G
CSqGSIb3DQEBCwUAA4IBAQCysjNiB+Y9CxwZe5h1it3vBPSGEKRsDWiVQjCq27v/
RTrh6VymQFTinRYHtiiTU7aMrorUn8zasdUxrCvFUR7IhxXytQsXxrVaSpkogw7U
4ohYd9k9w3n6dqyDnFDE/6s3BFAw6heVvZoDwQjNX1hNDojiF3R+N03lpGDxxZ+Q
ZsSXkrmMk3wJAnsMOOlvONYNWvIJEgUehtAFEV7/XGj03rDGLL+yRDHO0W39kxVY
gSO2CR/eQ9kik/RrY4+2uhZrNEYT2MW2O0OI4Lrf06tPe/TFqiTOCFIqkOte11+G
af1jENq9qg7ry+Tyr5i2ZBqg9MqXbpj3/991WiCKzoUP
-----END CERTIFICATE-----