Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/lQXhpnFLI5YkccgLPtvbcReVVzc.roa
File:                     lQXhpnFLI5YkccgLPtvbcReVVzc.roa (raw, json)
Hash identifier:          L/biA6CVarpej993uJ6JST46F0UgZyskzGnR01icsMc=
Subject key identifier:   95:05:E1:A6:71:4B:23:96:24:71:C8:0B:3E:DB:DB:71:17:95:57:37
Certificate issuer:       /CN=429196310a7f7dd9999ec43e938fd906985a3f87
Certificate serial:       018CCA2A7C4589261A0115FECB279040EFED
Authority key identifier: 42:91:96:31:0A:7F:7D:D9:99:9E:C4:3E:93:8F:D9:06:98:5A:3F:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/lQXhpnFLI5YkccgLPtvbcReVVzc.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16171
IP address blocks:        185.144.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7c:45:89:26:1a:01:15:fe:cb:27:90:40:ef:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429196310a7f7dd9999ec43e938fd906985a3f87
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9505e1a6714b23962471c80b3edbdb7117955737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:dc:59:c1:a5:9a:a2:08:fa:04:4b:e5:d7:d5:
                    bf:6e:14:8a:8e:20:53:a6:62:5d:d6:cb:99:f8:c0:
                    32:ce:b8:af:4a:b7:0c:d9:80:b5:b9:63:b8:f2:41:
                    db:bd:3b:e9:d3:2c:ad:42:5d:23:d7:f2:80:9c:82:
                    f9:46:8f:bd:9b:b4:b8:2f:84:84:9b:63:8f:a4:77:
                    9b:c4:0e:e6:77:35:82:9d:72:33:ad:fe:e8:57:c4:
                    9b:c4:ac:9c:04:75:22:78:c6:7e:be:78:97:c7:db:
                    38:2d:e7:35:0c:b3:3d:d4:00:b4:af:8a:61:8a:ef:
                    46:bc:08:07:aa:8a:cf:6a:17:9f:45:e1:e8:2b:7c:
                    11:3d:c2:67:fc:47:34:f8:d2:1c:c6:97:73:b9:da:
                    ee:a3:96:8d:18:bd:2b:c9:05:e6:db:59:bc:8b:76:
                    72:cc:a6:c9:78:d8:ec:38:5c:d5:ff:ff:d6:71:9f:
                    92:83:c6:1a:86:ae:1d:f2:a8:04:90:df:ae:72:19:
                    5a:90:86:33:bd:90:a5:8c:35:e2:44:fd:2e:59:38:
                    6e:e6:67:8d:8d:2e:ba:28:0a:f7:91:57:04:1d:c5:
                    2c:79:65:d3:fe:ec:84:2a:1f:ff:46:d7:27:ea:cb:
                    c5:3e:ff:42:07:cc:92:3d:bf:e8:d6:de:9a:2f:d6:
                    26:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:05:E1:A6:71:4B:23:96:24:71:C8:0B:3E:DB:DB:71:17:95:57:37
            X509v3 Authority Key Identifier:
                keyid:42:91:96:31:0A:7F:7D:D9:99:9E:C4:3E:93:8F:D9:06:98:5A:3F:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/lQXhpnFLI5YkccgLPtvbcReVVzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:0c:cb:b2:da:f6:e0:b8:6d:01:e4:3a:b9:44:2f:f8:ef:a3:
         21:96:6d:72:67:06:44:62:11:6f:c2:bc:89:74:2f:5f:fa:0c:
         b7:5e:16:dc:3b:6d:a4:d9:3e:b9:0c:b9:97:8f:1c:43:80:c0:
         5b:f5:43:e4:f8:c7:18:8a:51:25:77:5f:8b:dd:ec:84:8c:50:
         30:7e:fa:8b:14:e2:1b:0a:a5:b0:be:55:11:8e:ab:84:16:8e:
         b8:d0:e1:0c:25:ae:2b:43:61:cd:e0:9f:3e:eb:36:7a:5d:6f:
         97:3f:06:dd:2c:21:d1:c6:60:a0:2b:35:af:1e:1d:ae:eb:a4:
         ad:67:fb:9d:5c:3f:96:e5:ac:df:a4:f0:19:78:50:6a:1a:40:
         0f:04:42:5d:66:74:ed:5a:a1:76:f4:c3:b9:0d:ca:fa:0f:86:
         89:2e:bc:5f:d7:9e:d9:ed:62:fd:ef:2d:0f:06:a7:80:97:33:
         1c:78:d6:0b:32:71:68:ff:a5:fb:83:a1:41:23:a9:6e:98:21:
         ca:31:aa:77:87:51:97:26:96:f0:61:24:0d:3f:0e:b5:ab:09:
         64:d3:12:b2:2a:9c:5e:20:90:9d:97:a4:7c:a9:e5:ec:f4:ab:
         b7:7c:68:17:9e:e4:8c:13:7c:b3:b3:bd:a7:0e:e6:19:d9:82:
         fe:88:c2:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnxFiSYaARX+yyeQQO/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTE5NjMxMGE3ZjdkZDk5OTllYzQzZTkzOGZkOTA2OTg1
YTNmODcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA1ZTFhNjcxNGIyMzk2MjQ3MWM4MGIzZWRiZGI3MTE3OTU1NzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNxZwaWaogj6BEvl19W/bhSKjiBT
pmJd1suZ+MAyzrivSrcM2YC1uWO48kHbvTvp0yytQl0j1/KAnIL5Ro+9m7S4L4SE
m2OPpHebxA7mdzWCnXIzrf7oV8SbxKycBHUieMZ+vniXx9s4Lec1DLM91AC0r4ph
iu9GvAgHqorPahefReHoK3wRPcJn/Ec0+NIcxpdzudruo5aNGL0ryQXm21m8i3Zy
zKbJeNjsOFzV///WcZ+Sg8Yahq4d8qgEkN+uchlakIYzvZCljDXiRP0uWThu5meN
jS66KAr3kVcEHcUseWXT/uyEKh//Rtcn6svFPv9CB8ySPb/o1t6aL9YmwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUF4aZxSyOWJHHICz7b23EXlVc3MB8GA1UdIwQY
MBaAFEKRljEKf33ZmZ7EPpOP2QaYWj+HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBHV01RcF9mZG1abnNRLWs0X1pCcGhhUDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9iYzY4OTItMTc3OS00NTdjLTkyMTQt
MGFhOWQ5N2M4Yzk4LzEvbFFYaHBuRkxJNVlrY2NnTFB0dmJjUmVWVnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9iYzY4OTItMTc3OS00NTdjLTkyMTQtMGFhOWQ5N2M4Yzk4
LzEvUXBHV01RcF9mZG1abnNRLWs0X1pCcGhhUDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZB8MA0G
CSqGSIb3DQEBCwUAA4IBAQAkDMuy2vbguG0B5Dq5RC/476Mhlm1yZwZEYhFvwryJ
dC9f+gy3XhbcO22k2T65DLmXjxxDgMBb9UPk+McYilEld1+L3eyEjFAwfvqLFOIb
CqWwvlURjquEFo640OEMJa4rQ2HN4J8+6zZ6XW+XPwbdLCHRxmCgKzWvHh2u66St
Z/udXD+W5azfpPAZeFBqGkAPBEJdZnTtWqF29MO5Dcr6D4aJLrxf157Z7WL97y0P
BqeAlzMceNYLMnFo/6X7g6FBI6lumCHKMap3h1GXJpbwYSQNPw61qwlk0xKyKpxe
IJCdl6R8qeXs9Ku3fGgXnuSME3yzs72nDuYZ2YL+iMLr
-----END CERTIFICATE-----