Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/jQgukn3jPpSpiRT4tYqVdmwIr-k.roa
File:                     jQgukn3jPpSpiRT4tYqVdmwIr-k.roa (raw, json)
Hash identifier:          GNlhjHLO2AoQlRJXxBPZLIrDdnEYNuGxkK+GgriS2lY=
Subject key identifier:   8D:08:2E:92:7D:E3:3E:94:A9:89:14:F8:B5:8A:95:76:6C:08:AF:E9
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       018EF6118088594D8950B581F9BEFE5C7EA5
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/jQgukn3jPpSpiRT4tYqVdmwIr-k.roa
Signing time:             Fri 19 Apr 2024 11:15:25 +0000
ROA not before:           Fri 19 Apr 2024 11:15:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216309
IP address blocks:        5.42.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:11:80:88:59:4d:89:50:b5:81:f9:be:fe:5c:7e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Apr 19 11:15:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d082e927de33e94a98914f8b58a95766c08afe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bc:3d:35:11:e4:2d:17:8a:a6:f1:f9:a5:07:
                    ee:f0:1e:4d:2d:70:fa:59:31:4c:e8:04:07:c6:1d:
                    c1:ff:7f:57:0d:82:c1:41:b3:e3:c5:6e:1f:24:dd:
                    7b:be:45:58:58:40:09:69:c3:11:9a:37:2a:20:2a:
                    d7:b0:cf:83:30:04:3b:be:cc:c0:d2:28:11:c2:7a:
                    91:b6:72:05:7e:3f:4d:bb:c8:b4:2f:73:b6:86:49:
                    47:9c:10:4d:f2:11:ee:a2:32:6b:68:34:e7:71:91:
                    39:d1:48:af:a2:13:d3:e4:e1:d8:98:58:a6:28:c3:
                    9b:06:07:26:77:4a:ed:20:a5:d0:4e:2a:9e:8e:30:
                    e6:64:15:a5:b2:c1:f9:2f:ee:80:f3:ce:45:da:a3:
                    a3:16:18:f2:aa:a3:6c:91:d5:ae:0d:4e:5e:28:3f:
                    d9:cc:9e:a5:69:46:3b:15:cb:47:29:64:1f:9a:bb:
                    b9:2d:22:e5:91:e9:dc:fa:d9:6d:e2:61:6f:c9:8e:
                    13:d9:18:31:a5:ba:a7:7c:9b:8c:cc:00:1d:24:42:
                    ae:f8:3a:b2:db:d9:4d:d2:85:32:fb:97:40:26:be:
                    e5:a7:11:08:ac:4c:95:05:b6:38:21:f9:af:9d:22:
                    b1:3e:f9:ea:da:f5:da:2f:70:93:9d:04:46:71:0f:
                    45:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:08:2E:92:7D:E3:3E:94:A9:89:14:F8:B5:8A:95:76:6C:08:AF:E9
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/jQgukn3jPpSpiRT4tYqVdmwIr-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:5c:fe:65:18:da:8b:79:6d:60:95:fe:73:6a:35:be:b6:fa:
         41:6f:a4:2f:17:d3:69:5a:1c:ac:99:38:98:03:e9:10:46:90:
         16:d4:2d:b6:f9:7e:be:88:ae:a0:31:b6:6a:b7:20:a1:82:2e:
         52:0c:bc:26:b6:28:0c:bd:c0:70:67:63:8c:ce:78:1c:72:36:
         43:25:35:42:0b:dd:77:70:2a:d3:82:c6:92:29:f6:50:a8:55:
         cb:3c:3e:d8:a1:29:fc:57:7f:3d:74:75:21:8e:0e:05:8f:d3:
         c7:c1:94:7c:f1:8c:b3:aa:af:1c:50:b3:4e:84:7d:2f:68:88:
         d3:e6:f3:63:0e:e0:7a:6e:62:64:25:63:b1:ff:b1:32:d0:af:
         62:3d:0a:83:0b:52:63:75:b5:ab:1b:6d:68:49:d8:4a:a6:e2:
         03:54:9e:41:6e:f8:b1:14:60:81:1f:7f:e2:53:e9:29:cc:ae:
         e5:59:ce:a4:ce:3b:b0:57:8a:36:b0:a1:43:57:cf:2a:8d:b3:
         a2:80:93:94:f3:6b:c5:52:63:ae:34:0c:6b:d8:4d:5f:2d:4c:
         21:ba:1f:94:02:6f:cd:61:21:e3:81:0a:3e:9d:27:20:3c:36:
         c1:1f:30:be:e8:fa:97:4c:99:90:b8:97:74:c4:f2:73:b1:7e:
         0d:9b:be:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72EYCIWU2JULWB+b7+XH6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwNDE5MTExNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA4MmU5MjdkZTMzZTk0YTk4OTE0ZjhiNThhOTU3NjZjMDhhZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrw9NRHkLReKpvH5pQfu8B5NLXD6
WTFM6AQHxh3B/39XDYLBQbPjxW4fJN17vkVYWEAJacMRmjcqICrXsM+DMAQ7vszA
0igRwnqRtnIFfj9Nu8i0L3O2hklHnBBN8hHuojJraDTncZE50UivohPT5OHYmFim
KMObBgcmd0rtIKXQTiqejjDmZBWlssH5L+6A885F2qOjFhjyqqNskdWuDU5eKD/Z
zJ6laUY7FctHKWQfmru5LSLlkenc+tlt4mFvyY4T2RgxpbqnfJuMzAAdJEKu+Dqy
29lN0oUy+5dAJr7lpxEIrEyVBbY4IfmvnSKxPvnq2vXaL3CTnQRGcQ9FFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0ILpJ94z6UqYkU+LWKlXZsCK/pMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvalFndWtuM2pQcFNwaVJUNHRZcVZkbXdJci1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBSpAMA0G
CSqGSIb3DQEBCwUAA4IBAQBwXP5lGNqLeW1glf5zajW+tvpBb6QvF9NpWhysmTiY
A+kQRpAW1C22+X6+iK6gMbZqtyChgi5SDLwmtigMvcBwZ2OMzngccjZDJTVCC913
cCrTgsaSKfZQqFXLPD7YoSn8V389dHUhjg4Fj9PHwZR88Yyzqq8cULNOhH0vaIjT
5vNjDuB6bmJkJWOx/7Ey0K9iPQqDC1JjdbWrG21oSdhKpuIDVJ5BbvixFGCBH3/i
U+kpzK7lWc6kzjuwV4o2sKFDV88qjbOigJOU82vFUmOuNAxr2E1fLUwhuh+UAm/N
YSHjgQo+nScgPDbBHzC+6PqXTJmQuJd0xPJzsX4Nm752
-----END CERTIFICATE-----