Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/5GQXJbhxY1SXnJkP5m15uJD4A-0.roa
File:                     5GQXJbhxY1SXnJkP5m15uJD4A-0.roa (raw, json)
Hash identifier:          af3Y9kc85cSD3GW26QZSvT5y8YcjAQeFIMrDK0AQmCg=
Subject key identifier:   E4:64:17:25:B8:71:63:54:97:9C:99:0F:E6:6D:79:B8:90:F8:03:ED
Certificate issuer:       /CN=b07fafdb86d38f37bf0c26d3f2731fdef6b14e4a
Certificate serial:       018CC50153EFF0D90AC97AEE828853C81ED1
Authority key identifier: B0:7F:AF:DB:86:D3:8F:37:BF:0C:26:D3:F2:73:1F:DE:F6:B1:4E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sH-v24bTjze_DCbT8nMf3vaxTko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/5GQXJbhxY1SXnJkP5m15uJD4A-0.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60550
IP address blocks:        194.124.204.0/22 maxlen: 24
                          2a13:b240::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/sH-v24bTjze_DCbT8nMf3vaxTko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/sH-v24bTjze_DCbT8nMf3vaxTko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sH-v24bTjze_DCbT8nMf3vaxTko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:ef:f0:d9:0a:c9:7a:ee:82:88:53:c8:1e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07fafdb86d38f37bf0c26d3f2731fdef6b14e4a
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4641725b8716354979c990fe66d79b890f803ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1d:5d:9e:b1:38:07:50:ff:75:e2:ba:3f:19:
                    ae:39:37:18:a5:e6:35:06:c0:52:a1:9f:31:73:75:
                    37:59:17:b8:24:0e:42:d6:6b:21:ec:89:5a:fe:db:
                    fa:51:74:87:e0:67:d9:69:91:20:5a:3b:34:77:d0:
                    e3:b0:66:df:48:6f:60:3f:59:a3:78:92:a2:0a:e1:
                    26:af:08:ec:2e:98:d9:9f:62:7d:16:71:21:63:d0:
                    12:51:5b:17:21:5f:39:e9:8c:f4:c0:af:64:f4:7b:
                    42:f2:3f:fd:dd:14:da:1a:63:b0:b2:f2:d4:2d:fe:
                    9b:a5:a3:46:bc:d3:bf:0d:dc:88:c1:ce:7c:b2:4d:
                    2b:13:23:02:39:a5:ec:4c:40:74:33:fd:5c:80:ef:
                    13:ae:65:a0:8b:20:a9:a1:d1:9c:aa:00:42:81:70:
                    6c:c1:9d:7e:66:58:a4:b7:1c:91:75:cd:ae:db:87:
                    67:17:ba:96:c3:e1:94:6f:fe:a0:c9:bc:0f:68:0f:
                    87:28:c0:9f:b8:7b:21:69:b8:c0:1e:bb:7a:39:31:
                    98:39:79:2e:3e:37:e1:14:2e:61:ed:78:94:8e:99:
                    53:c6:12:2e:ef:4f:9c:09:86:b9:ab:ce:0e:03:86:
                    fd:ba:f2:77:d1:58:ab:1f:8c:3a:e0:4d:5f:0b:3c:
                    99:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:64:17:25:B8:71:63:54:97:9C:99:0F:E6:6D:79:B8:90:F8:03:ED
            X509v3 Authority Key Identifier:
                keyid:B0:7F:AF:DB:86:D3:8F:37:BF:0C:26:D3:F2:73:1F:DE:F6:B1:4E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sH-v24bTjze_DCbT8nMf3vaxTko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/5GQXJbhxY1SXnJkP5m15uJD4A-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d6d263-29f9-4613-bb7d-4938b8d0c3de/1/sH-v24bTjze_DCbT8nMf3vaxTko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.204.0/22
                IPv6:
                  2a13:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:7c:18:bc:59:68:3c:69:d9:e6:38:5c:2d:0c:dc:63:bb:79:
         8d:b9:c1:a5:26:20:0f:d0:81:93:f7:86:c5:93:1e:54:cb:e2:
         28:1a:28:66:54:8a:76:cd:ac:b4:2d:0e:be:9e:e9:b0:67:00:
         b5:c0:1b:8b:9b:0e:51:5b:75:5d:62:de:53:de:39:8c:ed:e3:
         fc:62:b4:4e:d7:ed:19:c2:7b:87:33:41:18:45:ea:eb:8f:f2:
         34:ca:84:d3:5f:43:4b:38:de:25:ca:9d:2f:cd:0f:72:ab:45:
         0b:67:67:bc:37:7c:c9:b2:5a:d3:10:43:d4:cf:92:00:d8:e9:
         36:95:fd:3c:c5:82:81:36:18:0c:a5:5a:02:c4:0d:0b:43:0a:
         96:49:25:b2:b8:e1:df:f2:dd:8c:a2:14:56:45:80:c5:5a:ad:
         d4:6e:6d:5a:46:89:b1:be:64:63:aa:07:a9:ac:94:f5:94:4a:
         fa:65:bf:18:39:9d:3c:ef:25:ad:25:45:fc:e5:33:e7:06:1f:
         b1:d2:80:6d:56:ca:e5:36:0a:3d:3f:14:69:17:6e:18:e8:2a:
         42:20:9d:ff:f1:23:5c:f7:37:e2:ea:a0:db:cf:fc:2f:2f:1e:
         af:16:66:6e:bc:b2:1c:0a:fc:79:d1:53:78:2a:a5:e4:8e:3a:
         3f:7a:e1:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAVPv8NkKyXrugohTyB7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2ZhZmRiODZkMzhmMzdiZjBjMjZkM2YyNzMxZmRlZjZi
MTRlNGEwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY0MTcyNWI4NzE2MzU0OTc5Yzk5MGZlNjZkNzliODkwZjgwM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApB1dnrE4B1D/deK6PxmuOTcYpeY1
BsBSoZ8xc3U3WRe4JA5C1msh7Ila/tv6UXSH4GfZaZEgWjs0d9DjsGbfSG9gP1mj
eJKiCuEmrwjsLpjZn2J9FnEhY9ASUVsXIV856Yz0wK9k9HtC8j/93RTaGmOwsvLU
Lf6bpaNGvNO/DdyIwc58sk0rEyMCOaXsTEB0M/1cgO8TrmWgiyCpodGcqgBCgXBs
wZ1+ZliktxyRdc2u24dnF7qWw+GUb/6gybwPaA+HKMCfuHshabjAHrt6OTGYOXku
PjfhFC5h7XiUjplTxhIu70+cCYa5q84OA4b9uvJ30VirH4w64E1fCzyZ3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFORkFyW4cWNUl5yZD+ZtebiQ+APtMB8GA1UdIwQY
MBaAFLB/r9uG0483vwwm0/JzH972sU5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0gtdjI0YlRqemVfRENiVDhuTWYzdmF4VGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kNmQyNjMtMjlmOS00NjEzLWJiN2Qt
NDkzOGI4ZDBjM2RlLzEvNUdRWEpiaHhZMVNYbkprUDVtMTV1SkQ0QS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kNmQyNjMtMjlmOS00NjEzLWJiN2QtNDkzOGI4ZDBjM2Rl
LzEvc0gtdjI0YlRqemVfRENiVDhuTWYzdmF4VGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwnzMMA0E
AgACMAcDBQMqE7JAMA0GCSqGSIb3DQEBCwUAA4IBAQClfBi8WWg8adnmOFwtDNxj
u3mNucGlJiAP0IGT94bFkx5Uy+IoGihmVIp2zay0LQ6+numwZwC1wBuLmw5RW3Vd
Yt5T3jmM7eP8YrRO1+0ZwnuHM0EYRerrj/I0yoTTX0NLON4lyp0vzQ9yq0ULZ2e8
N3zJslrTEEPUz5IA2Ok2lf08xYKBNhgMpVoCxA0LQwqWSSWyuOHf8t2MohRWRYDF
Wq3Ubm1aRomxvmRjqgeprJT1lEr6Zb8YOZ087yWtJUX85TPnBh+x0oBtVsrlNgo9
PxRpF24Y6CpCIJ3/8SNc9zfi6qDbz/wvLx6vFmZuvLIcCvx50VN4KqXkjjo/euFT
-----END CERTIFICATE-----