Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/QC3TfjMaIfxruxgThav7r-q2ELU.roa
File:                     QC3TfjMaIfxruxgThav7r-q2ELU.roa (raw, json)
Hash identifier:          umUZEYMkqyvjNHW2ughixivPmUQX77fyN9xSBHFdLDQ=
Subject key identifier:   40:2D:D3:7E:33:1A:21:FC:6B:BB:18:13:85:AB:FB:AF:EA:B6:10:B5
Certificate issuer:       /CN=c56f772bf3c4641a71bf7f4bc4de11c93addfea6
Certificate serial:       018CC5DC4CA68FFA10D796905EBECD9B2D55
Authority key identifier: C5:6F:77:2B:F3:C4:64:1A:71:BF:7F:4B:C4:DE:11:C9:3A:DD:FE:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/QC3TfjMaIfxruxgThav7r-q2ELU.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210670
IP address blocks:        31.222.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4c:a6:8f:fa:10:d7:96:90:5e:be:cd:9b:2d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c56f772bf3c4641a71bf7f4bc4de11c93addfea6
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=402dd37e331a21fc6bbb181385abfbafeab610b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:84:80:bb:26:7f:b0:91:bf:80:8a:81:24:e5:
                    5c:5a:fa:39:85:22:52:47:89:69:37:15:fa:59:b6:
                    1a:53:6d:70:1a:7e:ce:d7:5d:9f:63:cc:0e:6f:1b:
                    d2:2b:97:93:17:7a:b1:85:32:57:58:74:11:03:de:
                    fb:5f:5d:e5:73:70:e9:88:be:74:b3:e1:a7:1c:04:
                    1e:1b:d3:57:8b:6d:29:87:24:56:f0:60:20:08:d0:
                    a7:db:70:61:32:b6:f9:5b:46:46:04:53:1b:77:08:
                    0f:76:fb:e1:ef:33:0e:39:56:42:b4:66:2c:7f:e8:
                    e7:c0:f9:70:f4:2a:01:0c:4b:36:c7:c2:69:81:c4:
                    85:6d:e9:5d:97:8c:20:f2:18:b3:ac:ba:2b:42:4a:
                    50:bd:5e:dc:71:56:4d:a7:fd:1b:e2:50:80:8d:bf:
                    24:61:1a:41:8f:61:30:51:f2:9f:b9:a3:e0:99:06:
                    2a:95:ec:d6:7b:2c:1e:d0:21:88:c2:3e:9e:7c:02:
                    96:4d:92:b3:b9:b0:21:a3:d4:23:ae:c9:1a:07:5a:
                    2d:79:d8:88:d0:2b:cd:42:f7:1e:cf:7e:a9:65:b6:
                    a6:88:02:85:ff:77:f7:ca:99:25:8d:56:31:ec:22:
                    a9:27:01:b9:84:34:99:b2:8f:e8:cc:c8:e0:e8:f9:
                    a8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2D:D3:7E:33:1A:21:FC:6B:BB:18:13:85:AB:FB:AF:EA:B6:10:B5
            X509v3 Authority Key Identifier:
                keyid:C5:6F:77:2B:F3:C4:64:1A:71:BF:7F:4B:C4:DE:11:C9:3A:DD:FE:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xW93K_PEZBpxv39LxN4RyTrd_qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/QC3TfjMaIfxruxgThav7r-q2ELU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/996cf4-67ea-413d-9317-7eca205fafcb/1/xW93K_PEZBpxv39LxN4RyTrd_qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0d:77:03:b8:25:09:bd:43:76:f3:6c:3f:6a:1a:69:43:b6:
         a2:c6:ea:ff:3e:fc:08:2e:ca:e2:46:11:58:e2:0b:64:bd:9c:
         56:2f:89:15:f7:98:2e:25:ea:43:f4:f0:50:9d:01:a2:44:f1:
         95:1f:f2:76:e8:e5:c3:2b:d7:1b:4b:f2:7d:47:b7:3d:9a:4a:
         f4:b8:53:96:8c:46:57:fa:10:ac:22:01:89:8b:d7:f7:12:f1:
         75:e0:7c:ff:57:3b:05:dd:91:21:87:df:36:c2:78:21:fa:26:
         c2:03:ae:ed:20:c7:73:09:c6:b4:3b:e9:22:54:a3:f9:b0:f1:
         e7:b4:fc:95:10:48:c3:65:cb:39:7d:fd:61:d6:65:ae:d8:4f:
         b4:51:3a:53:f6:5e:ea:cd:f0:57:40:5e:82:da:58:b2:84:8a:
         e0:fc:0b:72:df:14:3f:d3:09:de:29:fc:69:b8:36:4e:ac:38:
         4e:90:59:90:c8:73:15:68:86:e7:e6:28:2b:57:27:4f:9a:82:
         54:8f:e5:0e:47:4c:46:4c:72:18:8b:58:35:83:1a:1b:fb:da:
         90:52:a9:7d:41:d8:43:8d:a0:b2:12:ce:8f:38:a5:b6:3c:b5:
         83:60:93:51:ce:66:03:96:4f:71:47:55:92:64:4e:4c:71:0a:
         0b:24:e4:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Eymj/oQ15aQXr7Nmy1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NmY3NzJiZjNjNDY0MWE3MWJmN2Y0YmM0ZGUxMWM5M2Fk
ZGZlYTYwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJkZDM3ZTMzMWEyMWZjNmJiYjE4MTM4NWFiZmJhZmVhYjYxMGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoSAuyZ/sJG/gIqBJOVcWvo5hSJS
R4lpNxX6WbYaU21wGn7O112fY8wObxvSK5eTF3qxhTJXWHQRA977X13lc3DpiL50
s+GnHAQeG9NXi20phyRW8GAgCNCn23BhMrb5W0ZGBFMbdwgPdvvh7zMOOVZCtGYs
f+jnwPlw9CoBDEs2x8JpgcSFbeldl4wg8hizrLorQkpQvV7ccVZNp/0b4lCAjb8k
YRpBj2EwUfKfuaPgmQYqlezWeywe0CGIwj6efAKWTZKzubAho9QjrskaB1otediI
0CvNQvcez36pZbamiAKF/3f3ypkljVYx7CKpJwG5hDSZso/ozMjg6PmotwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAt034zGiH8a7sYE4Wr+6/qthC1MB8GA1UdIwQY
MBaAFMVvdyvzxGQacb9/S8TeEck63f6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFc5M0tfUEVaQnB4djM5THhONFJ5VHJkX3FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OTZjZjQtNjdlYS00MTNkLTkzMTct
N2VjYTIwNWZhZmNiLzEvUUMzVGZqTWFJZnhydXhnVGhhdjdyLXEyRUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OTZjZjQtNjdlYS00MTNkLTkzMTctN2VjYTIwNWZhZmNi
LzEveFc5M0tfUEVaQnB4djM5THhONFJ5VHJkX3FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97oMA0G
CSqGSIb3DQEBCwUAA4IBAQCSDXcDuCUJvUN282w/ahppQ7aixur/PvwILsriRhFY
4gtkvZxWL4kV95guJepD9PBQnQGiRPGVH/J26OXDK9cbS/J9R7c9mkr0uFOWjEZX
+hCsIgGJi9f3EvF14Hz/VzsF3ZEhh982wngh+ibCA67tIMdzCca0O+kiVKP5sPHn
tPyVEEjDZcs5ff1h1mWu2E+0UTpT9l7qzfBXQF6C2liyhIrg/Aty3xQ/0wneKfxp
uDZOrDhOkFmQyHMVaIbn5igrVydPmoJUj+UOR0xGTHIYi1g1gxob+9qQUql9QdhD
jaCyEs6POKW2PLWDYJNRzmYDlk9xR1WSZE5McQoLJOT3
-----END CERTIFICATE-----