Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ST74OLAReSPSQdIUq5Da30ccirw.roa
File:                     ST74OLAReSPSQdIUq5Da30ccirw.roa (raw, json)
Hash identifier:          oEARlb/IdEH41ftq29juFyqO846sSfYlfMvMNufbgDs=
Subject key identifier:   49:3E:F8:38:B0:11:79:23:D2:41:D2:14:AB:90:DA:DF:47:1C:8A:BC
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0C5EAB54A76149F34EC94CFB80E1
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ST74OLAReSPSQdIUq5Da30ccirw.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198620
IP address blocks:        31.184.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:5e:ab:54:a7:61:49:f3:4e:c9:4c:fb:80:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=493ef838b0117923d241d214ab90dadf471c8abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:37:62:8c:fd:8b:e4:ce:c9:09:0b:b2:d0:42:
                    64:5a:eb:5f:bc:f0:a7:4d:81:97:4e:1c:b9:4b:57:
                    24:4b:bb:77:16:b6:b2:e0:dc:34:49:d0:52:f0:b4:
                    8c:1c:ec:a8:03:e0:2d:26:d3:7e:cf:2d:bb:13:8d:
                    1a:28:9c:ca:a8:6a:78:8f:5f:23:14:90:1d:0d:e9:
                    29:23:2a:9f:32:f8:f5:27:72:a3:bc:84:0a:d3:71:
                    8d:9f:6a:0e:cc:09:32:9b:a9:72:20:cc:18:06:e1:
                    94:77:b0:86:58:dc:0c:9b:91:22:c2:b3:0d:11:6c:
                    8c:f7:46:00:05:20:88:fc:5e:83:4a:95:3a:76:92:
                    53:e9:11:40:29:03:4b:f5:30:d9:e1:c6:60:f3:3e:
                    3e:04:7b:7d:ae:62:1f:cf:63:16:9f:eb:57:1a:00:
                    20:27:69:4a:4d:f7:ab:b7:ad:95:cf:e1:64:9a:ae:
                    d7:1c:a6:29:c8:9d:c2:fe:9e:e1:c4:97:c7:8e:04:
                    8a:92:8f:5a:9c:a1:c1:ae:fb:b2:fd:71:87:3b:88:
                    ca:d0:79:bd:3a:a7:c0:40:8c:05:2b:dd:96:55:03:
                    ca:12:15:23:cd:03:5c:ca:a9:29:03:43:3d:f3:26:
                    09:03:49:dd:f7:a3:20:e1:12:32:5f:6a:6f:bb:80:
                    84:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3E:F8:38:B0:11:79:23:D2:41:D2:14:AB:90:DA:DF:47:1C:8A:BC
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ST74OLAReSPSQdIUq5Da30ccirw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:f1:40:d2:72:18:52:4b:d4:85:80:76:65:4d:e1:03:33:db:
         a0:03:6a:42:30:4d:42:89:68:64:da:d0:24:11:c6:8a:eb:6a:
         89:f1:a4:df:ce:47:bf:8e:1b:8b:43:39:43:6e:8c:79:07:a5:
         e9:86:62:be:4f:21:2d:94:13:24:9f:61:67:8d:51:20:dd:f7:
         b3:ce:ff:2a:c0:c2:a7:04:ca:6b:83:4b:fd:d6:b3:62:91:22:
         57:d4:7d:b0:7c:df:39:c0:a0:78:d6:aa:33:f0:61:15:4a:19:
         fd:d6:85:ca:7c:32:a5:7f:ea:f4:b9:6f:8a:5e:4a:c8:cd:1d:
         f3:63:81:03:c8:15:dc:c9:d5:e0:32:2b:5f:37:e6:a7:68:05:
         27:4c:e8:1a:db:e3:77:1f:f2:5c:97:54:6e:73:3d:3f:18:88:
         13:2e:d3:6a:d5:19:d3:f8:54:f3:d0:af:cb:70:b6:10:14:97:
         da:9f:5c:59:44:c2:44:83:a8:14:b4:17:20:d2:be:a2:d2:aa:
         ca:44:51:04:67:0d:7e:3b:06:37:02:21:c6:8e:a4:a7:6f:d1:
         8d:3d:5e:c1:ae:25:7f:68:d2:56:4e:8a:2d:d2:be:85:93:4c:
         c6:da:39:60:0b:a9:8a:af:20:f1:f6:71:d4:28:fe:91:8f:a5:
         06:5d:9c:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgxeq1SnYUnzTslM+4DhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTNlZjgzOGIwMTE3OTIzZDI0MWQyMTRhYjkwZGFkZjQ3MWM4YWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTdijP2L5M7JCQuy0EJkWutfvPCn
TYGXThy5S1ckS7t3Fray4Nw0SdBS8LSMHOyoA+AtJtN+zy27E40aKJzKqGp4j18j
FJAdDekpIyqfMvj1J3KjvIQK03GNn2oOzAkym6lyIMwYBuGUd7CGWNwMm5EiwrMN
EWyM90YABSCI/F6DSpU6dpJT6RFAKQNL9TDZ4cZg8z4+BHt9rmIfz2MWn+tXGgAg
J2lKTfert62Vz+Fkmq7XHKYpyJ3C/p7hxJfHjgSKko9anKHBrvuy/XGHO4jK0Hm9
OqfAQIwFK92WVQPKEhUjzQNcyqkpA0M98yYJA0nd96Mg4RIyX2pvu4CEEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk++DiwEXkj0kHSFKuQ2t9HHIq8MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvU1Q3NE9MQVJlU1BTUWRJVXE1RGEzMGNjaXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7jsMA0G
CSqGSIb3DQEBCwUAA4IBAQB+8UDSchhSS9SFgHZlTeEDM9ugA2pCME1CiWhk2tAk
EcaK62qJ8aTfzke/jhuLQzlDbox5B6XphmK+TyEtlBMkn2FnjVEg3fezzv8qwMKn
BMprg0v91rNikSJX1H2wfN85wKB41qoz8GEVShn91oXKfDKlf+r0uW+KXkrIzR3z
Y4EDyBXcydXgMitfN+anaAUnTOga2+N3H/Jcl1Rucz0/GIgTLtNq1RnT+FTz0K/L
cLYQFJfan1xZRMJEg6gUtBcg0r6i0qrKRFEEZw1+OwY3AiHGjqSnb9GNPV7BriV/
aNJWToot0r6Fk0zG2jlgC6mKryDx9nHUKP6Rj6UGXZyk
-----END CERTIFICATE-----