Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/1qBPAmBGBfAENgWGXz9hZegMQqg.roa
File:                     1qBPAmBGBfAENgWGXz9hZegMQqg.roa (raw, json)
Hash identifier:          IXc2k+je9aQ1ozmEQWrqkeLFGTdEXbRD14Ph6wUfBRA=
Subject key identifier:   D6:A0:4F:02:60:46:05:F0:04:36:05:86:5F:3F:61:65:E8:0C:42:A8
Certificate issuer:       /CN=1d0260406e837ae38380fcc8d992b93d0de1a83b
Certificate serial:       018CC49394BDB00BAF2A34A395A3026B5EA3
Authority key identifier: 1D:02:60:40:6E:83:7A:E3:83:80:FC:C8:D9:92:B9:3D:0D:E1:A8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/1qBPAmBGBfAENgWGXz9hZegMQqg.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20900
IP address blocks:        91.231.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:bd:b0:0b:af:2a:34:a3:95:a3:02:6b:5e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0260406e837ae38380fcc8d992b93d0de1a83b
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6a04f02604605f0043605865f3f6165e80c42a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b0:53:2d:f7:fe:78:b0:29:15:54:78:f7:81:
                    e9:3a:8b:a1:69:cc:32:a8:3b:68:37:78:a7:32:9f:
                    c0:57:2f:42:f9:bb:49:37:c8:43:3a:d0:ae:1c:68:
                    06:0f:8b:7c:37:13:a2:05:e0:60:ee:c0:b4:42:5a:
                    e7:02:cc:b9:34:9a:df:ad:b3:25:69:d2:6a:6b:6f:
                    3c:cf:b1:2c:46:8f:17:ff:24:8f:aa:b2:8a:b8:4c:
                    27:8b:69:05:79:db:4d:2e:83:19:1c:76:d0:28:f7:
                    c9:01:f0:2a:bf:a9:9a:a1:e8:c5:fc:14:05:ee:16:
                    3a:84:b9:3b:5b:9a:14:e1:b0:a4:02:75:3c:64:64:
                    54:5b:73:94:36:af:9f:e3:41:31:30:e7:8d:1e:aa:
                    c1:b5:09:6f:c5:7b:40:63:97:ba:6e:f3:b4:95:d0:
                    90:ef:54:04:00:ef:9c:a9:3d:2c:7e:7b:de:fc:0e:
                    11:c1:36:0c:48:b8:9e:03:2d:39:b4:77:b4:47:ff:
                    39:1d:03:84:3e:93:f4:54:6f:c9:5c:d2:cb:db:45:
                    39:0e:75:65:a9:03:83:89:a3:fe:a1:31:2d:16:f2:
                    b4:46:4f:fa:48:22:a7:95:0d:0f:36:ef:f1:f0:64:
                    14:11:2f:54:bd:26:06:2d:6a:bc:a7:2d:a4:45:d3:
                    28:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A0:4F:02:60:46:05:F0:04:36:05:86:5F:3F:61:65:E8:0C:42:A8
            X509v3 Authority Key Identifier:
                keyid:1D:02:60:40:6E:83:7A:E3:83:80:FC:C8:D9:92:B9:3D:0D:E1:A8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/1qBPAmBGBfAENgWGXz9hZegMQqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/340031-365b-4fd2-8732-8c0faca3cbd8/1/HQJgQG6DeuODgPzI2ZK5PQ3hqDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3a:18:5d:c1:d6:82:6b:f5:88:1d:50:ec:99:f8:70:99:91:
         47:9c:2a:b3:5e:3e:bb:b6:c0:23:bc:6f:e7:7d:ef:be:60:30:
         3f:20:bb:ca:ab:dd:cb:3a:ce:04:2f:72:18:02:6c:38:05:37:
         73:0b:60:2f:cc:84:3f:88:4e:5c:c0:ee:00:12:f0:7a:30:6a:
         a2:5f:d9:f6:06:5f:a1:18:31:80:e1:0b:69:a8:82:ac:65:f2:
         c9:3d:e7:ee:97:ee:06:b4:59:cd:ac:04:b5:b4:bf:9f:16:3a:
         fd:af:13:a9:4d:07:6f:35:e3:95:c2:d9:99:3c:eb:69:36:cb:
         08:48:b1:3c:d3:2e:79:19:b7:95:36:59:42:b4:18:e4:6c:06:
         c0:f5:be:ad:35:84:34:48:71:41:b5:ba:c0:6c:88:85:2c:88:
         a0:4a:62:2d:d8:62:bf:46:33:6b:6d:15:07:ac:75:85:5c:8a:
         bc:1a:f6:4d:f4:6a:a3:0c:6b:1f:0f:c3:75:d5:9d:dd:7c:b5:
         de:00:cd:66:43:29:65:c3:91:3b:ec:3d:18:fb:c7:fb:ba:3e:
         a2:de:cd:90:61:13:15:97:3c:41:77:75:0d:40:e8:83:08:b7:
         fa:eb:62:c5:db:4b:ca:e3:ff:d7:7a:8d:15:55:a0:f8:c7:02:
         ab:23:f4:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5S9sAuvKjSjlaMCa16jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDI2MDQwNmU4MzdhZTM4MzgwZmNjOGQ5OTJiOTNkMGRl
MWE4M2IwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmEwNGYwMjYwNDYwNWYwMDQzNjA1ODY1ZjNmNjE2NWU4MGM0MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrBTLff+eLApFVR494HpOouhacwy
qDtoN3inMp/AVy9C+btJN8hDOtCuHGgGD4t8NxOiBeBg7sC0QlrnAsy5NJrfrbMl
adJqa288z7EsRo8X/ySPqrKKuEwni2kFedtNLoMZHHbQKPfJAfAqv6maoejF/BQF
7hY6hLk7W5oU4bCkAnU8ZGRUW3OUNq+f40ExMOeNHqrBtQlvxXtAY5e6bvO0ldCQ
71QEAO+cqT0sfnve/A4RwTYMSLieAy05tHe0R/85HQOEPpP0VG/JXNLL20U5DnVl
qQODiaP+oTEtFvK0Rk/6SCKnlQ0PNu/x8GQUES9UvSYGLWq8py2kRdMovwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNagTwJgRgXwBDYFhl8/YWXoDEKoMB8GA1UdIwQY
MBaAFB0CYEBug3rjg4D8yNmSuT0N4ag7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFKZ1FHNkRldU9EZ1B6STJaSzVQUTNocURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8zNDAwMzEtMzY1Yi00ZmQyLTg3MzIt
OGMwZmFjYTNjYmQ4LzEvMXFCUEFtQkdCZkFFTmdXR1h6OWhaZWdNUXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8zNDAwMzEtMzY1Yi00ZmQyLTg3MzItOGMwZmFjYTNjYmQ4
LzEvSFFKZ1FHNkRldU9EZ1B6STJaSzVQUTNocURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+evMA0G
CSqGSIb3DQEBCwUAA4IBAQBAOhhdwdaCa/WIHVDsmfhwmZFHnCqzXj67tsAjvG/n
fe++YDA/ILvKq93LOs4EL3IYAmw4BTdzC2AvzIQ/iE5cwO4AEvB6MGqiX9n2Bl+h
GDGA4QtpqIKsZfLJPeful+4GtFnNrAS1tL+fFjr9rxOpTQdvNeOVwtmZPOtpNssI
SLE80y55GbeVNllCtBjkbAbA9b6tNYQ0SHFBtbrAbIiFLIigSmIt2GK/RjNrbRUH
rHWFXIq8GvZN9GqjDGsfD8N11Z3dfLXeAM1mQyllw5E77D0Y+8f7uj6i3s2QYRMV
lzxBd3UNQOiDCLf662LF20vK4//Xeo0VVaD4xwKrI/TL
-----END CERTIFICATE-----