Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/qjGUPXc_PEeELmkdntoQg5QskLs.roa
File:                     qjGUPXc_PEeELmkdntoQg5QskLs.roa (raw, json)
Hash identifier:          9oI4kftv9JEIB3aby9ZD6p11JSOKtfj7BLjPTZ7ve90=
Subject key identifier:   AA:31:94:3D:77:3F:3C:47:84:2E:69:1D:9E:DA:10:83:94:2C:90:BB
Certificate issuer:       /CN=588db30c807839cc534dd6d11ab90420f873d639
Certificate serial:       018CC349048BE1557C4F39874F9E6CA8E716
Authority key identifier: 58:8D:B3:0C:80:78:39:CC:53:4D:D6:D1:1A:B9:04:20:F8:73:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WI2zDIB4OcxTTdbRGrkEIPhz1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/qjGUPXc_PEeELmkdntoQg5QskLs.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395754
IP address blocks:        193.138.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/WI2zDIB4OcxTTdbRGrkEIPhz1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/WI2zDIB4OcxTTdbRGrkEIPhz1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WI2zDIB4OcxTTdbRGrkEIPhz1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:04:8b:e1:55:7c:4f:39:87:4f:9e:6c:a8:e7:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588db30c807839cc534dd6d11ab90420f873d639
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa31943d773f3c47842e691d9eda1083942c90bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ec:76:6c:62:16:3a:64:2d:7a:28:06:93:02:
                    07:d5:c5:9f:21:78:f1:e7:18:0e:f9:6f:47:8f:cb:
                    94:c2:93:ad:c8:b4:ad:c3:ba:91:d5:95:12:92:64:
                    1a:da:4f:48:8e:49:6a:3a:b6:6b:bf:cc:1f:5b:26:
                    1a:c0:d5:11:fc:14:81:12:cf:d0:6f:58:00:53:13:
                    3d:93:68:bd:ae:93:8b:8a:f5:39:2c:20:50:9e:37:
                    78:7c:51:18:02:9a:45:b8:52:89:d1:fc:2a:ba:27:
                    6e:d6:9e:2e:e2:2b:bf:dc:7d:ee:02:3f:9d:25:2d:
                    50:ad:0f:54:d6:25:2e:bc:aa:3d:92:4b:d9:2f:5b:
                    d0:30:58:fa:dc:fe:eb:c0:40:a4:d6:a4:55:5d:ff:
                    90:2a:e2:82:49:bd:df:fa:2f:ee:64:9b:8f:1c:74:
                    25:c2:13:ff:bf:1c:0d:18:16:8a:ef:f1:96:91:9f:
                    cc:8a:f3:32:99:65:97:c9:b7:8d:c8:32:cc:bb:4a:
                    d6:7a:e8:cd:de:19:af:eb:1f:81:ce:ab:51:6d:9a:
                    89:c3:32:6b:4f:a6:b4:1b:a8:4e:c2:74:e8:27:40:
                    fc:41:8f:58:87:12:26:60:bf:82:dc:d5:32:bf:25:
                    d9:77:ef:30:b5:f0:36:75:62:17:2f:e6:e7:4d:f8:
                    69:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:31:94:3D:77:3F:3C:47:84:2E:69:1D:9E:DA:10:83:94:2C:90:BB
            X509v3 Authority Key Identifier:
                keyid:58:8D:B3:0C:80:78:39:CC:53:4D:D6:D1:1A:B9:04:20:F8:73:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WI2zDIB4OcxTTdbRGrkEIPhz1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/qjGUPXc_PEeELmkdntoQg5QskLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/85ec1c-e97e-422e-975c-1f54b80ce020/1/WI2zDIB4OcxTTdbRGrkEIPhz1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:76:fe:aa:aa:2a:7e:0d:29:1d:d9:31:89:ae:5c:d0:1b:1a:
         07:f3:22:e0:02:c4:b5:71:e6:0b:1c:dd:e3:a3:69:fd:07:05:
         33:3d:c4:33:6f:f6:33:d5:48:fa:6a:55:c9:c7:bd:aa:9e:ee:
         3a:6e:ff:15:90:55:26:b3:ea:6e:1e:f2:99:ad:6a:85:ef:ec:
         b1:31:42:57:25:ea:3a:65:43:1d:38:24:c3:97:1f:53:47:3e:
         0b:d1:1b:ec:4e:bb:a7:05:48:96:01:9d:85:44:50:f4:29:99:
         60:91:5a:92:5d:e4:0c:60:83:f4:ea:45:b5:4e:09:2f:03:98:
         0a:8d:e8:01:36:36:d6:8a:b4:0d:ac:c8:dc:c1:53:fd:8c:0d:
         e3:9a:9a:8d:ce:d8:27:d3:86:a6:42:c4:75:b0:cf:53:23:1b:
         54:d8:6f:6f:be:9c:e5:a9:d3:04:69:5b:70:67:1c:70:88:34:
         99:46:da:64:5f:5a:cd:46:c5:5a:67:3a:61:f3:ee:a8:a1:be:
         cb:c3:3a:00:04:4f:d6:16:57:d4:d3:32:b3:cb:b3:91:d4:bb:
         18:23:00:2d:4d:50:9b:1f:ca:b5:e6:12:fb:20:96:41:51:8b:
         a0:e5:09:72:e7:8d:68:31:0f:e8:5a:c2:40:4d:ee:0f:37:4e:
         f1:c0:38:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQSL4VV8TzmHT55sqOcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGRiMzBjODA3ODM5Y2M1MzRkZDZkMTFhYjkwNDIwZjg3
M2Q2MzkwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMxOTQzZDc3M2YzYzQ3ODQyZTY5MWQ5ZWRhMTA4Mzk0MmM5MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ex2bGIWOmQteigGkwIH1cWfIXjx
5xgO+W9Hj8uUwpOtyLStw7qR1ZUSkmQa2k9IjklqOrZrv8wfWyYawNUR/BSBEs/Q
b1gAUxM9k2i9rpOLivU5LCBQnjd4fFEYAppFuFKJ0fwquidu1p4u4iu/3H3uAj+d
JS1QrQ9U1iUuvKo9kkvZL1vQMFj63P7rwECk1qRVXf+QKuKCSb3f+i/uZJuPHHQl
whP/vxwNGBaK7/GWkZ/MivMymWWXybeNyDLMu0rWeujN3hmv6x+BzqtRbZqJwzJr
T6a0G6hOwnToJ0D8QY9YhxImYL+C3NUyvyXZd+8wtfA2dWIXL+bnTfhp5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoxlD13PzxHhC5pHZ7aEIOULJC7MB8GA1UdIwQY
MBaAFFiNswyAeDnMU03W0Rq5BCD4c9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0kyekRJQjRPY3hUVGRiUkdya0VJUGh6MWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS84NWVjMWMtZTk3ZS00MjJlLTk3NWMt
MWY1NGI4MGNlMDIwLzEvcWpHVVBYY19QRWVFTG1rZG50b1FnNVFza0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS84NWVjMWMtZTk3ZS00MjJlLTk3NWMtMWY1NGI4MGNlMDIw
LzEvV0kyekRJQjRPY3hUVGRiUkdya0VJUGh6MWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpNMA0G
CSqGSIb3DQEBCwUAA4IBAQAKdv6qqip+DSkd2TGJrlzQGxoH8yLgAsS1ceYLHN3j
o2n9BwUzPcQzb/Yz1Uj6alXJx72qnu46bv8VkFUms+puHvKZrWqF7+yxMUJXJeo6
ZUMdOCTDlx9TRz4L0RvsTrunBUiWAZ2FRFD0KZlgkVqSXeQMYIP06kW1TgkvA5gK
jegBNjbWirQNrMjcwVP9jA3jmpqNztgn04amQsR1sM9TIxtU2G9vvpzlqdMEaVtw
ZxxwiDSZRtpkX1rNRsVaZzph8+6oob7LwzoABE/WFlfU0zKzy7OR1LsYIwAtTVCb
H8q15hL7IJZBUYug5Qly541oMQ/oWsJATe4PN07xwDge
-----END CERTIFICATE-----