Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MQ2LWWWgrG5XamWkgkJyOtPXTAw.roa
File:                     MQ2LWWWgrG5XamWkgkJyOtPXTAw.roa (raw, json)
Hash identifier:          SBp/jzc0671wu2IdTdweagAdTC8lwtQ8NLiXVL8KF8M=
Subject key identifier:   31:0D:8B:59:65:A0:AC:6E:57:6A:65:A4:82:42:72:3A:D3:D7:4C:0C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018E3D7730A589B4A4DA26371F409A0C7711
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MQ2LWWWgrG5XamWkgkJyOtPXTAw.roa
Signing time:             Thu 14 Mar 2024 14:56:45 +0000
ROA not before:           Thu 14 Mar 2024 14:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215314
IP address blocks:        185.42.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:77:30:a5:89:b4:a4:da:26:37:1f:40:9a:0c:77:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 14 14:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=310d8b5965a0ac6e576a65a48242723ad3d74c0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2c:9d:a6:cd:ad:71:b1:3e:b3:84:77:60:6a:
                    e9:4e:ea:10:bc:4d:6c:04:67:40:cc:d3:fa:a0:3a:
                    47:04:35:cd:bf:31:83:fb:d0:a1:04:a3:ae:c2:79:
                    7c:f3:2f:47:28:57:a7:e0:5d:e3:de:57:4a:c5:1b:
                    1f:b1:52:83:74:63:8d:d2:6d:66:b7:ae:80:cd:ec:
                    9a:a7:2c:3e:be:2b:90:c8:8a:0c:4c:34:a7:78:3f:
                    f0:bb:67:9c:09:dc:85:81:11:4c:e2:a3:b1:91:fe:
                    f8:99:01:d8:29:89:01:a8:6a:2b:65:95:d0:5b:bb:
                    9f:73:fb:0d:40:20:68:2e:4b:a0:a3:da:92:88:3d:
                    03:f4:a3:1f:dc:1d:72:b9:6b:b9:35:05:9b:ce:f0:
                    b0:91:ba:81:d8:89:ff:16:f8:68:89:48:a7:fa:ce:
                    c6:b8:86:8b:fe:66:56:2d:f1:1f:f5:ee:8b:58:fd:
                    12:db:ea:9d:c5:75:7d:34:fd:68:7b:06:ac:87:9e:
                    c4:b3:f7:13:17:04:4c:40:bd:7f:07:90:09:b7:ac:
                    4d:63:4c:bf:17:af:9e:f7:4f:ed:d0:15:ca:1e:9f:
                    bf:ab:51:70:f0:c0:d3:76:f4:21:a1:ca:17:b5:59:
                    2a:23:b8:79:e0:e1:b7:aa:3e:92:bc:f2:ca:02:88:
                    bd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0D:8B:59:65:A0:AC:6E:57:6A:65:A4:82:42:72:3A:D3:D7:4C:0C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MQ2LWWWgrG5XamWkgkJyOtPXTAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:26:a3:7f:a7:79:3b:24:56:5c:4f:f5:40:e5:38:d5:65:6d:
         b4:05:dd:51:c4:7b:6f:20:88:d6:4b:73:f9:f4:a2:f7:b5:dd:
         29:56:0a:2e:ad:53:34:5a:15:e9:6d:93:49:92:cc:8a:e5:15:
         91:0c:fc:e5:ba:15:c2:33:39:a3:8f:d6:b9:24:91:80:17:6e:
         90:34:17:88:66:f1:56:fd:56:1d:6e:83:3d:be:76:27:2f:9b:
         86:b6:fc:c2:7b:ab:31:39:e1:de:93:d7:5f:6c:c4:76:d3:e9:
         b2:68:56:8f:71:40:33:0d:71:ab:9b:41:8b:3c:db:5e:87:97:
         be:bb:54:a2:80:28:e7:ed:68:5f:e8:07:24:43:84:10:69:00:
         ca:82:42:ae:e9:7d:0f:2b:c4:ce:73:e0:79:ee:b0:6c:42:ca:
         9a:8e:e3:bd:3f:50:5b:c5:cc:e6:fd:20:20:f5:02:03:2f:24:
         0b:24:21:ab:5f:2b:ab:05:0d:a6:58:62:c7:2e:04:88:1a:c3:
         b3:1f:fe:ba:79:49:bc:78:ab:97:6b:ff:e0:97:4b:89:45:e6:
         02:35:9e:bf:36:ab:59:95:80:5e:9f:dc:07:78:6c:30:a8:ed:
         21:84:d3:f5:0c:c4:28:9f:ef:0f:91:b3:11:19:2f:9b:f9:ee:
         f2:75:43:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49dzClibSk2iY3H0CaDHcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMzE0MTQ1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBkOGI1OTY1YTBhYzZlNTc2YTY1YTQ4MjQyNzIzYWQzZDc0YzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiydps2tcbE+s4R3YGrpTuoQvE1s
BGdAzNP6oDpHBDXNvzGD+9ChBKOuwnl88y9HKFen4F3j3ldKxRsfsVKDdGON0m1m
t66Azeyapyw+viuQyIoMTDSneD/wu2ecCdyFgRFM4qOxkf74mQHYKYkBqGorZZXQ
W7ufc/sNQCBoLkugo9qSiD0D9KMf3B1yuWu5NQWbzvCwkbqB2In/FvhoiUin+s7G
uIaL/mZWLfEf9e6LWP0S2+qdxXV9NP1oewash57Es/cTFwRMQL1/B5AJt6xNY0y/
F6+e90/t0BXKHp+/q1Fw8MDTdvQhocoXtVkqI7h54OG3qj6SvPLKAoi9QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDENi1lloKxuV2plpIJCcjrT10wMMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvTVEyTFdXV2dyRzVYYW1Xa2drSnlPdFBYVEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSoPMA0G
CSqGSIb3DQEBCwUAA4IBAQAjJqN/p3k7JFZcT/VA5TjVZW20Bd1RxHtvIIjWS3P5
9KL3td0pVgourVM0WhXpbZNJksyK5RWRDPzluhXCMzmjj9a5JJGAF26QNBeIZvFW
/VYdboM9vnYnL5uGtvzCe6sxOeHek9dfbMR20+myaFaPcUAzDXGrm0GLPNteh5e+
u1SigCjn7Whf6AckQ4QQaQDKgkKu6X0PK8TOc+B57rBsQsqajuO9P1Bbxczm/SAg
9QIDLyQLJCGrXyurBQ2mWGLHLgSIGsOzH/66eUm8eKuXa//gl0uJReYCNZ6/NqtZ
lYBen9wHeGwwqO0hhNP1DMQon+8PkbMRGS+b+e7ydUN+
-----END CERTIFICATE-----