Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q7aJOiLD3ge0lm0DQCrjbfusqME.roa
File:                     Q7aJOiLD3ge0lm0DQCrjbfusqME.roa (raw, json)
Hash identifier:          skGPQ3wKhntSTsbopoc1OCZ8do1oSmLHlOpzv6OduDU=
Subject key identifier:   43:B6:89:3A:22:C3:DE:07:B4:96:6D:03:40:2A:E3:6D:FB:AC:A8:C1
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0E29C8F7541AD2013E3EBD283517
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q7aJOiLD3ge0lm0DQCrjbfusqME.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202984
IP address blocks:        31.184.240.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:29:c8:f7:54:1a:d2:01:3e:3e:bd:28:35:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43b6893a22c3de07b4966d03402ae36dfbaca8c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c1:18:db:12:d1:ae:e5:63:9f:b2:91:05:14:
                    65:91:34:c4:36:b6:f7:f1:2b:7b:1b:86:fc:1e:6c:
                    ce:dd:81:1d:91:61:9a:7d:36:43:83:34:c5:fc:e9:
                    72:32:fd:03:18:6b:1a:56:ee:c2:77:cd:7a:1b:de:
                    30:44:f0:98:e7:19:c5:7d:61:6f:3a:96:1b:36:e8:
                    cf:98:08:4f:44:77:a3:f2:8c:d4:44:cb:aa:d2:42:
                    15:c3:28:c0:96:f2:31:97:e8:85:e4:bf:92:ee:e5:
                    b9:19:65:9f:1d:49:a0:a3:5c:fa:df:a0:af:e5:d4:
                    4d:f1:f0:90:42:36:03:d9:40:3b:06:d2:ad:72:44:
                    37:02:87:f8:56:b4:ab:b9:ab:bd:fd:0b:32:c1:81:
                    43:bf:be:45:fe:b6:04:2f:d5:fc:f8:a3:78:0d:e7:
                    74:5d:50:c2:79:3a:05:56:0c:32:53:c2:cd:02:b7:
                    e8:b8:75:09:4e:5d:0f:91:03:a6:b3:fb:a1:2b:1b:
                    f2:48:e8:cc:0c:58:98:0a:bd:34:ec:25:1c:bf:b3:
                    0b:39:c0:18:3a:3b:3e:89:5b:57:e7:74:f7:49:d8:
                    a7:d2:b1:5b:26:05:58:72:a2:c4:47:e9:a4:7a:e4:
                    33:ba:2d:86:47:46:f4:9c:83:e9:05:29:5c:f4:4f:
                    8a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B6:89:3A:22:C3:DE:07:B4:96:6D:03:40:2A:E3:6D:FB:AC:A8:C1
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q7aJOiLD3ge0lm0DQCrjbfusqME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:e4:90:6d:98:75:47:3a:0b:a5:dd:d0:bd:23:fa:d6:da:fa:
         d9:bc:fb:67:ae:22:39:4d:64:50:56:dd:6a:90:f2:78:f2:c8:
         d3:dc:5b:da:c8:75:24:e2:54:bd:06:fb:25:23:ac:30:4e:c2:
         d6:60:1e:96:1c:a8:9b:df:06:80:63:e9:2d:f1:fe:fb:74:25:
         b7:e8:58:09:c4:f4:31:89:4d:64:87:ea:5f:29:66:2e:4b:2b:
         b2:32:c7:f3:69:76:9f:d4:74:17:f7:8f:a6:04:56:2c:2e:2d:
         6d:4f:1d:46:e5:fd:59:71:a2:ba:6e:cb:4f:f0:31:c2:17:64:
         36:9f:29:16:2d:39:b9:a5:94:fd:18:42:db:1f:7d:83:c2:e5:
         2b:30:71:1e:08:d7:b3:f4:89:14:b3:a6:53:d4:aa:3c:d0:58:
         c3:97:35:ca:c4:0f:b5:d8:d9:06:5f:bd:b7:56:a7:5a:5d:94:
         18:8f:1f:dc:96:77:03:0b:12:95:a1:cb:1a:d0:ef:05:76:f6:
         16:28:35:02:17:1d:57:78:09:a5:4a:6f:68:f1:f2:6f:02:cd:
         01:46:6e:24:c6:a1:92:a5:3e:a9:05:fa:19:8f:4f:a1:97:cd:
         55:c3:e1:0a:e5:cf:87:66:8c:3f:c2:5a:13:2a:1b:25:c5:e4:
         a2:6d:97:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg4pyPdUGtIBPj69KDUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I2ODkzYTIyYzNkZTA3YjQ5NjZkMDM0MDJhZTM2ZGZiYWNhOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8EY2xLRruVjn7KRBRRlkTTENrb3
8St7G4b8HmzO3YEdkWGafTZDgzTF/OlyMv0DGGsaVu7Cd816G94wRPCY5xnFfWFv
OpYbNujPmAhPRHej8ozURMuq0kIVwyjAlvIxl+iF5L+S7uW5GWWfHUmgo1z636Cv
5dRN8fCQQjYD2UA7BtKtckQ3Aof4VrSruau9/QsywYFDv75F/rYEL9X8+KN4Ded0
XVDCeToFVgwyU8LNArfouHUJTl0PkQOms/uhKxvySOjMDFiYCr007CUcv7MLOcAY
Ojs+iVtX53T3Sdin0rFbJgVYcqLER+mkeuQzui2GR0b0nIPpBSlc9E+KXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO2iToiw94HtJZtA0Aq4237rKjBMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUTdhSk9pTEQzZ2UwbG0wRFFDcmpiZnVzcU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH7jwMA0G
CSqGSIb3DQEBCwUAA4IBAQBq5JBtmHVHOgul3dC9I/rW2vrZvPtnriI5TWRQVt1q
kPJ48sjT3FvayHUk4lS9BvslI6wwTsLWYB6WHKib3waAY+kt8f77dCW36FgJxPQx
iU1kh+pfKWYuSyuyMsfzaXaf1HQX94+mBFYsLi1tTx1G5f1ZcaK6bstP8DHCF2Q2
nykWLTm5pZT9GELbH32DwuUrMHEeCNez9IkUs6ZT1Ko80FjDlzXKxA+12NkGX723
VqdaXZQYjx/clncDCxKVocsa0O8FdvYWKDUCFx1XeAmlSm9o8fJvAs0BRm4kxqGS
pT6pBfoZj0+hl81Vw+EK5c+HZow/wloTKhslxeSibZfL
-----END CERTIFICATE-----