Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/qE_wkbjBisf7lK-mjt-GtD7NUFQ.roa
File:                     qE_wkbjBisf7lK-mjt-GtD7NUFQ.roa (raw, json)
Hash identifier:          PHLf+atXKOJLE4A+36awi+k3bJi3fbuMTmt0VbTeWAg=
Subject key identifier:   A8:4F:F0:91:B8:C1:8A:C7:FB:94:AF:A6:8E:DF:86:B4:3E:CD:50:54
Certificate issuer:       /CN=16f91ff671f1de5143aa21a008e26e27946ab85d
Certificate serial:       018CC5DBFDEEA945EF7489A721EE0C4AAD31
Authority key identifier: 16:F9:1F:F6:71:F1:DE:51:43:AA:21:A0:08:E2:6E:27:94:6A:B8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/qE_wkbjBisf7lK-mjt-GtD7NUFQ.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        185.161.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fd:ee:a9:45:ef:74:89:a7:21:ee:0c:4a:ad:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16f91ff671f1de5143aa21a008e26e27946ab85d
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a84ff091b8c18ac7fb94afa68edf86b43ecd5054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ed:82:2d:b5:d5:49:c8:72:9c:7f:2f:31:d2:
                    7e:9c:18:97:6d:01:23:59:ff:e9:97:1f:4b:76:1d:
                    99:ed:b6:1b:46:9f:c7:41:d9:7e:65:99:c6:3f:88:
                    f1:70:19:4b:d2:ea:f7:4a:a7:71:76:94:3a:31:f1:
                    9f:b4:f8:0d:e1:90:19:ff:6c:6c:d8:fa:ee:47:07:
                    3f:42:47:8e:2d:0c:05:e4:c5:84:87:4a:4b:9e:5d:
                    30:f3:f3:fa:2e:8e:64:2f:7b:7b:70:c2:13:7f:91:
                    aa:85:65:bb:53:4f:87:25:2b:2e:8d:ed:6c:71:cf:
                    72:f0:3e:47:d7:b1:f3:58:be:a4:09:e5:c3:47:25:
                    5c:05:80:19:1e:03:e0:84:59:b4:64:09:05:76:dc:
                    86:ba:fe:02:e5:99:99:9e:e3:11:14:f5:ef:59:63:
                    ac:10:aa:cf:14:94:9b:3f:e3:03:2c:4f:81:f2:8b:
                    4d:7d:d0:ca:53:9c:c3:40:49:95:2a:78:70:71:55:
                    d4:c8:76:d1:10:e7:81:7f:d8:71:73:9f:ee:fb:18:
                    72:f4:71:ee:91:70:8e:f0:5d:65:8a:c5:13:1f:84:
                    ad:1c:60:4c:38:5e:07:a5:45:20:0f:34:41:15:f8:
                    9d:54:e4:6a:6c:1f:fa:e0:bd:8e:a8:38:d4:47:67:
                    e0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4F:F0:91:B8:C1:8A:C7:FB:94:AF:A6:8E:DF:86:B4:3E:CD:50:54
            X509v3 Authority Key Identifier:
                keyid:16:F9:1F:F6:71:F1:DE:51:43:AA:21:A0:08:E2:6E:27:94:6A:B8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/qE_wkbjBisf7lK-mjt-GtD7NUFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/096951-d573-4cee-95f9-aa85a8c0aec1/1/Fvkf9nHx3lFDqiGgCOJuJ5RquF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:fd:78:e5:2d:78:41:27:87:54:d7:97:4e:de:d2:2c:15:0b:
         be:5e:db:4e:6e:4c:0e:df:ab:ae:1a:f8:13:2e:38:eb:66:1b:
         0e:9f:46:2f:af:93:d1:c3:20:d9:f9:02:88:07:ef:2b:c1:a2:
         f7:d6:2d:fe:65:f6:a0:5c:78:05:61:bd:72:c9:99:d5:67:1c:
         88:e0:a5:44:39:f7:55:af:a5:18:71:bd:71:bb:f4:ef:78:d9:
         72:5c:3c:14:27:9d:36:1c:d8:2a:59:cd:01:41:54:a1:4e:88:
         ba:ee:da:57:d8:94:0b:d1:94:c3:5a:2b:3b:c2:3c:0e:b8:c8:
         04:19:3d:00:44:8d:a3:e1:1f:48:1e:39:83:6c:bb:90:e7:7c:
         f9:85:d6:1d:3b:ab:ab:78:8b:1c:11:3a:64:0c:d4:8d:cf:a0:
         53:7e:72:91:66:04:70:2e:04:39:ba:05:92:3a:c2:d1:aa:6b:
         16:87:c6:71:14:27:07:a4:46:34:f9:16:e6:14:7a:cf:78:d3:
         0c:72:0d:41:44:f7:21:bc:ad:7d:c2:08:4f:19:55:e7:e7:6f:
         44:6f:a1:cd:f0:7c:51:84:79:ce:9a:3f:1d:e9:c7:ff:45:c8:
         ff:d6:90:3b:1b:70:50:f2:b2:b0:9e:df:ad:e9:08:c4:e3:d1:
         d1:56:3c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/3uqUXvdImnIe4MSq0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZjkxZmY2NzFmMWRlNTE0M2FhMjFhMDA4ZTI2ZTI3OTQ2
YWI4NWQwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRmZjA5MWI4YzE4YWM3ZmI5NGFmYTY4ZWRmODZiNDNlY2Q1MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3e2CLbXVSchynH8vMdJ+nBiXbQEj
Wf/plx9Ldh2Z7bYbRp/HQdl+ZZnGP4jxcBlL0ur3SqdxdpQ6MfGftPgN4ZAZ/2xs
2PruRwc/QkeOLQwF5MWEh0pLnl0w8/P6Lo5kL3t7cMITf5GqhWW7U0+HJSsuje1s
cc9y8D5H17HzWL6kCeXDRyVcBYAZHgPghFm0ZAkFdtyGuv4C5ZmZnuMRFPXvWWOs
EKrPFJSbP+MDLE+B8otNfdDKU5zDQEmVKnhwcVXUyHbREOeBf9hxc5/u+xhy9HHu
kXCO8F1lisUTH4StHGBMOF4HpUUgDzRBFfidVORqbB/64L2OqDjUR2fgPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhP8JG4wYrH+5Svpo7fhrQ+zVBUMB8GA1UdIwQY
MBaAFBb5H/Zx8d5RQ6ohoAjibieUarhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZrZjluSHgzbEZEcWlHZ0NPSnVKNVJxdUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wOTY5NTEtZDU3My00Y2VlLTk1Zjkt
YWE4NWE4YzBhZWMxLzEvcUVfd2tiakJpc2Y3bEstbWp0LUd0RDdOVUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wOTY5NTEtZDU3My00Y2VlLTk1ZjktYWE4NWE4YzBhZWMx
LzEvRnZrZjluSHgzbEZEcWlHZ0NPSnVKNVJxdUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaGwMA0G
CSqGSIb3DQEBCwUAA4IBAQA9/XjlLXhBJ4dU15dO3tIsFQu+XttObkwO36uuGvgT
LjjrZhsOn0Yvr5PRwyDZ+QKIB+8rwaL31i3+ZfagXHgFYb1yyZnVZxyI4KVEOfdV
r6UYcb1xu/TveNlyXDwUJ502HNgqWc0BQVShToi67tpX2JQL0ZTDWis7wjwOuMgE
GT0ARI2j4R9IHjmDbLuQ53z5hdYdO6ureIscETpkDNSNz6BTfnKRZgRwLgQ5ugWS
OsLRqmsWh8ZxFCcHpEY0+RbmFHrPeNMMcg1BRPchvK19wghPGVXn529Eb6HN8HxR
hHnOmj8d6cf/Rcj/1pA7G3BQ8rKwnt+t6QjE49HRVjz3
-----END CERTIFICATE-----