Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QeLZg2QtCjiT_FgF9I_8vW-GdW8.roa
File:                     QeLZg2QtCjiT_FgF9I_8vW-GdW8.roa (raw, json)
Hash identifier:          SAeRikMKDg+ufTk9edjpL98DiGUmXizgEulF/oacLNQ=
Subject key identifier:   41:E2:D9:83:64:2D:0A:38:93:FC:58:05:F4:8F:FC:BD:6F:86:75:6F
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019423D71ACFCD03341B8608C78130E568C9
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QeLZg2QtCjiT_FgF9I_8vW-GdW8.roa
Signing time:             Wed 01 Jan 2025 21:48:07 +0000
ROA not before:           Wed 01 Jan 2025 21:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26931
IP address blocks:        31.186.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1a:cf:cd:03:34:1b:86:08:c7:81:30:e5:68:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 21:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41e2d983642d0a3893fc5805f48ffcbd6f86756f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:42:0e:38:28:90:11:f5:2a:2a:c9:d3:a3:78:
                    f5:d4:01:a6:7f:bb:31:c4:eb:b3:e2:e2:a0:54:98:
                    36:a3:af:d7:7e:dc:1b:8c:4b:b1:29:b0:28:e3:38:
                    e3:8e:4f:d1:56:5d:15:4e:91:28:5b:8c:d2:89:73:
                    ea:a4:45:92:81:82:8c:e1:2d:ba:a2:be:ff:16:a9:
                    79:ad:de:87:9d:86:90:e7:01:11:ad:ad:46:2a:82:
                    7b:45:0a:ab:2d:29:ec:bb:13:d0:49:fa:aa:58:f9:
                    dd:a2:1a:a2:24:d7:69:30:2b:25:3a:0f:62:a9:40:
                    ee:8f:14:da:c8:75:ee:2d:10:c5:31:85:5a:d0:2f:
                    da:1c:1a:0c:f6:0a:de:69:fd:a5:be:f4:26:d1:1c:
                    a2:2e:a8:af:f7:ba:5d:3e:17:e0:8a:43:01:a4:18:
                    f2:79:d5:e5:53:f5:de:bd:61:74:53:48:74:ef:94:
                    61:98:54:01:74:07:7c:a3:9f:e4:fa:c2:fb:4d:b6:
                    46:82:96:ea:f8:ef:35:a8:f6:56:7d:a1:fd:d3:5b:
                    c8:82:ce:67:f3:04:70:8c:27:26:af:c2:90:87:9c:
                    ce:1e:45:a9:17:2e:da:be:ca:c8:b0:40:95:5c:12:
                    98:db:4e:33:bb:b4:6e:65:0e:b6:f2:5f:2f:f0:ea:
                    ac:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E2:D9:83:64:2D:0A:38:93:FC:58:05:F4:8F:FC:BD:6F:86:75:6F
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QeLZg2QtCjiT_FgF9I_8vW-GdW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:43:76:df:c2:4e:ee:0a:06:48:3c:db:84:bc:51:f1:61:60:
         28:cb:0c:0e:e9:46:b8:2e:60:97:53:6c:d8:02:30:7d:d3:d5:
         d5:0f:7c:91:6a:f3:05:0c:01:b7:75:ce:5b:58:30:03:01:af:
         2f:c5:b9:b5:a8:b2:1e:9e:87:ac:fa:8e:f2:30:66:b6:b7:fb:
         19:ae:30:5b:d9:9e:44:9f:45:bd:7f:a7:6a:99:dc:f6:fa:b2:
         40:fe:02:38:a6:5f:2c:8e:e7:b5:81:12:79:0d:f1:6a:fb:50:
         e4:f7:12:9a:d5:2d:e5:da:8e:0c:63:93:29:d3:d2:4f:1f:ca:
         9c:95:7b:eb:94:b3:6f:86:35:c0:b1:d0:fd:3b:5b:85:31:b4:
         b5:6e:94:5a:ee:59:7e:f7:57:77:dc:4e:83:82:b0:97:af:8f:
         14:69:eb:39:2c:fa:81:79:c6:ff:b3:54:08:f5:cc:69:b3:e5:
         eb:b9:9a:d1:2a:16:45:73:2d:e4:6f:59:c4:f4:5b:0a:e1:4a:
         73:71:9a:77:78:aa:6b:12:67:dc:19:3c:80:6c:54:f6:62:eb:
         7b:4a:42:72:49:bb:d8:73:19:1e:de:f4:fc:fd:24:6a:a0:a0:
         8d:26:80:40:cc:93:1e:3b:82:48:91:19:0c:51:e1:95:cf:47:
         61:22:70:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xrPzQM0G4YIx4Ew5WjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjUwMTAxMjE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUyZDk4MzY0MmQwYTM4OTNmYzU4MDVmNDhmZmNiZDZmODY3NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUIOOCiQEfUqKsnTo3j11AGmf7sx
xOuz4uKgVJg2o6/XftwbjEuxKbAo4zjjjk/RVl0VTpEoW4zSiXPqpEWSgYKM4S26
or7/Fql5rd6HnYaQ5wERra1GKoJ7RQqrLSnsuxPQSfqqWPndohqiJNdpMCslOg9i
qUDujxTayHXuLRDFMYVa0C/aHBoM9greaf2lvvQm0RyiLqiv97pdPhfgikMBpBjy
edXlU/XevWF0U0h075RhmFQBdAd8o5/k+sL7TbZGgpbq+O81qPZWfaH901vIgs5n
8wRwjCcmr8KQh5zOHkWpFy7avsrIsECVXBKY204zu7RuZQ628l8v8OqsGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHi2YNkLQo4k/xYBfSP/L1vhnVvMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvUWVMWmcyUXRDamlUX0ZnRjlJXzh2Vy1HZFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7rrMA0G
CSqGSIb3DQEBCwUAA4IBAQCkQ3bfwk7uCgZIPNuEvFHxYWAoywwO6Ua4LmCXU2zY
AjB909XVD3yRavMFDAG3dc5bWDADAa8vxbm1qLIenoes+o7yMGa2t/sZrjBb2Z5E
n0W9f6dqmdz2+rJA/gI4pl8sjue1gRJ5DfFq+1Dk9xKa1S3l2o4MY5Mp09JPH8qc
lXvrlLNvhjXAsdD9O1uFMbS1bpRa7ll+91d33E6DgrCXr48Uaes5LPqBecb/s1QI
9cxps+XruZrRKhZFcy3kb1nE9FsK4UpzcZp3eKprEmfcGTyAbFT2Yut7SkJySbvY
cxke3vT8/SRqoKCNJoBAzJMeO4JIkRkMUeGVz0dhInA/
-----END CERTIFICATE-----