Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QN4kKUeHlzosNRR5BKE5IYA-RBo.roa
File:                     QN4kKUeHlzosNRR5BKE5IYA-RBo.roa (raw, json)
Hash identifier:          yzxd3VMUg8q7r7J2pCDxrQJV9pwfhXTeCqwNqDCVQ5s=
Subject key identifier:   40:DE:24:29:47:87:97:3A:2C:35:14:79:04:A1:39:21:80:3E:44:1A
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018EC19468944CD0B183953D737386694C0F
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QN4kKUeHlzosNRR5BKE5IYA-RBo.roa
Signing time:             Tue 09 Apr 2024 06:38:32 +0000
ROA not before:           Tue 09 Apr 2024 06:38:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45027
IP address blocks:        31.129.30.0/24 maxlen: 24
                          77.83.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:94:68:94:4c:d0:b1:83:95:3d:73:73:86:69:4c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Apr  9 06:38:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40de24294787973a2c35147904a13921803e441a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f3:b0:8c:1d:47:25:b1:68:c1:9d:58:69:dd:
                    89:67:f5:71:38:c9:08:1d:7b:7b:9d:cb:6d:0a:38:
                    69:e9:2b:a3:da:1c:aa:a1:e8:c0:5e:2e:02:0a:db:
                    3c:c2:c2:a7:af:b2:3f:27:de:03:c4:30:f2:bf:ce:
                    99:af:9f:5d:e0:2e:53:60:fb:24:66:27:d6:b7:52:
                    7d:37:e8:c6:86:71:bc:00:6e:04:58:cb:66:9d:7c:
                    21:e9:50:82:00:9c:68:ac:24:66:07:24:ea:84:83:
                    f6:f7:d3:e5:23:cb:da:89:29:cd:d5:6b:a0:90:34:
                    32:46:68:96:c4:9e:80:51:ae:b1:9f:b9:95:7d:12:
                    ab:f4:d6:7f:76:c0:e9:2b:cf:86:18:66:10:35:9c:
                    b7:3e:29:f2:34:b6:ee:de:60:83:cc:56:92:d6:6c:
                    ca:ef:02:e3:83:08:11:3d:96:e9:be:41:21:2f:97:
                    e2:60:f8:4e:33:fc:87:29:8d:37:3d:69:43:6f:a4:
                    38:49:0b:cc:cf:59:a0:4a:ec:db:b0:90:ed:c3:a7:
                    81:c9:ce:2b:6a:81:3d:74:e0:49:e9:c4:29:9b:67:
                    f5:d0:d5:bf:cf:e7:76:ce:68:19:60:9a:0c:ce:1c:
                    73:26:6a:63:83:1f:56:54:11:69:c8:92:a6:62:80:
                    09:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DE:24:29:47:87:97:3A:2C:35:14:79:04:A1:39:21:80:3E:44:1A
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QN4kKUeHlzosNRR5BKE5IYA-RBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.30.0/24
                  77.83.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3d:80:d0:22:1c:47:cd:3e:a8:23:fb:2a:46:15:b8:13:bc:
         ed:8e:80:f1:77:98:36:04:3d:1b:36:f4:25:b8:63:04:8b:9e:
         39:4b:4b:7a:c7:ad:8b:8a:19:9a:ed:11:67:09:98:c8:5b:90:
         6b:79:b1:49:a5:46:68:91:49:79:d1:e8:c4:8f:c3:8b:11:fd:
         54:31:ff:2e:31:d7:06:bc:21:1d:04:76:ae:f8:37:55:9d:60:
         69:0e:36:ba:af:b0:24:b6:fe:cd:1a:be:9d:e1:a7:4f:fe:bb:
         97:93:95:b7:54:36:56:8a:77:cf:e0:ac:f0:c2:69:bb:10:fc:
         18:b3:d5:54:ba:4e:15:7d:0d:14:2a:4e:38:eb:86:4c:25:c8:
         74:14:ae:b9:ef:34:07:4c:5a:a7:ab:a8:fe:22:97:92:49:7d:
         f6:aa:c6:70:cf:83:de:7c:bb:b9:60:68:8d:3e:93:25:5e:5f:
         68:6d:3c:82:3f:d6:d9:88:41:94:3f:47:81:be:8f:8c:3b:eb:
         99:ed:d8:07:51:98:22:a2:08:1e:10:63:36:93:7b:61:c9:cb:
         5d:5a:e9:1c:ec:04:68:98:97:48:57:70:79:4f:bb:ad:c1:26:
         c6:25:ef:c3:e7:4b:7e:bf:3f:81:1c:60:65:79:bc:b2:8e:02:
         49:90:19:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7BlGiUTNCxg5U9c3OGaUwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwNDA5MDYzODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRlMjQyOTQ3ODc5NzNhMmMzNTE0NzkwNGExMzkyMTgwM2U0NDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/OwjB1HJbFowZ1Yad2JZ/VxOMkI
HXt7ncttCjhp6Suj2hyqoejAXi4CCts8wsKnr7I/J94DxDDyv86Zr59d4C5TYPsk
ZifWt1J9N+jGhnG8AG4EWMtmnXwh6VCCAJxorCRmByTqhIP299PlI8vaiSnN1Wug
kDQyRmiWxJ6AUa6xn7mVfRKr9NZ/dsDpK8+GGGYQNZy3PinyNLbu3mCDzFaS1mzK
7wLjgwgRPZbpvkEhL5fiYPhOM/yHKY03PWlDb6Q4SQvMz1mgSuzbsJDtw6eByc4r
aoE9dOBJ6cQpm2f10NW/z+d2zmgZYJoMzhxzJmpjgx9WVBFpyJKmYoAJRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDeJClHh5c6LDUUeQShOSGAPkQaMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUU40a0tVZUhsem9zTlJSNUJLRTVJWUEtUkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4EeAwQA
TVN1MA0GCSqGSIb3DQEBCwUAA4IBAQAGPYDQIhxHzT6oI/sqRhW4E7ztjoDxd5g2
BD0bNvQluGMEi545S0t6x62Lihma7RFnCZjIW5BrebFJpUZokUl50ejEj8OLEf1U
Mf8uMdcGvCEdBHau+DdVnWBpDja6r7Aktv7NGr6d4adP/ruXk5W3VDZWinfP4Kzw
wmm7EPwYs9VUuk4VfQ0UKk4464ZMJch0FK657zQHTFqnq6j+IpeSSX32qsZwz4Pe
fLu5YGiNPpMlXl9obTyCP9bZiEGUP0eBvo+MO+uZ7dgHUZgioggeEGM2k3thyctd
Wukc7ARomJdIV3B5T7utwSbGJe/D50t+vz+BHGBlebyyjgJJkBkE
-----END CERTIFICATE-----