Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/qBoxWyBOj-3YBIYQPtbVWaeOdG8.roa
File:                     qBoxWyBOj-3YBIYQPtbVWaeOdG8.roa (raw, json)
Hash identifier:          CLi9DgRLkQ2tvGfTA5gTjhckFNPz4Kgxh3WxFLtvFJc=
Subject key identifier:   A8:1A:31:5B:20:4E:8F:ED:D8:04:86:10:3E:D6:D5:59:A7:8E:74:6F
Certificate issuer:       /CN=b27912ffef67078bb06bd4a9021fba96adb180be
Certificate serial:       019077DDBC1887DEE6B50C15545B1A368E1F
Authority key identifier: B2:79:12:FF:EF:67:07:8B:B0:6B:D4:A9:02:1F:BA:96:AD:B1:80:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snkS_-9nB4uwa9SpAh-6lq2xgL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/qBoxWyBOj-3YBIYQPtbVWaeOdG8.roa
Signing time:             Wed 03 Jul 2024 09:12:18 +0000
ROA not before:           Wed 03 Jul 2024 09:12:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197506
IP address blocks:        31.44.16.0/20 maxlen: 24
                          45.144.100.0/22 maxlen: 24
                          2a00:d400::/32 maxlen: 54

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/snkS_-9nB4uwa9SpAh-6lq2xgL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/snkS_-9nB4uwa9SpAh-6lq2xgL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snkS_-9nB4uwa9SpAh-6lq2xgL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:dd:bc:18:87:de:e6:b5:0c:15:54:5b:1a:36:8e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27912ffef67078bb06bd4a9021fba96adb180be
        Validity
            Not Before: Jul  3 09:12:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81a315b204e8fedd80486103ed6d559a78e746f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:75:bc:2d:c6:6f:3a:7b:06:83:6b:d0:03:f0:
                    c1:9d:9f:b5:46:18:ba:84:89:8e:ab:e6:af:fd:4b:
                    13:da:3d:63:ac:73:3f:a0:f4:89:1a:39:97:ae:11:
                    9f:50:6c:54:ce:f7:11:30:64:5f:d6:a8:92:7f:0f:
                    96:b5:5d:3f:e3:89:b9:bf:40:cf:76:c8:4d:e8:94:
                    74:3e:7c:e7:5e:73:a7:d7:31:73:62:51:13:26:87:
                    d3:21:b1:50:4b:85:57:4b:82:91:b1:97:c5:a3:21:
                    fb:84:86:10:6c:f9:5d:14:e6:c9:75:a6:c3:5b:aa:
                    1b:cc:bc:b7:38:b9:ca:c6:4e:b5:19:dc:c5:22:5c:
                    02:79:66:70:90:aa:da:ec:1e:fe:7b:4b:71:7b:bb:
                    89:9d:74:9f:39:79:87:4a:07:a1:bc:44:ea:2f:51:
                    40:3e:46:2e:37:eb:b2:d5:76:6c:8b:ee:a3:ee:88:
                    8e:8c:2a:93:3a:98:c4:79:3f:d4:01:90:e1:5f:4e:
                    21:5e:a6:e7:0e:64:d4:0e:1b:9c:0b:1c:57:d4:19:
                    c0:06:df:2a:b9:73:f9:8e:02:c5:67:01:4b:60:fb:
                    d3:36:a4:a8:2b:a3:24:02:fd:35:70:c7:71:8c:79:
                    f7:36:b6:0f:ef:b1:1b:e7:e9:89:c8:28:b3:aa:46:
                    66:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1A:31:5B:20:4E:8F:ED:D8:04:86:10:3E:D6:D5:59:A7:8E:74:6F
            X509v3 Authority Key Identifier:
                keyid:B2:79:12:FF:EF:67:07:8B:B0:6B:D4:A9:02:1F:BA:96:AD:B1:80:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snkS_-9nB4uwa9SpAh-6lq2xgL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/qBoxWyBOj-3YBIYQPtbVWaeOdG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2b87c5-380d-476f-a714-5c0d92f9a49f/1/snkS_-9nB4uwa9SpAh-6lq2xgL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.16.0/20
                  45.144.100.0/22
                IPv6:
                  2a00:d400::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:68:30:1f:7d:bc:80:6e:1c:fd:5a:77:65:9d:ac:64:ec:04:
         68:c8:47:52:1f:f5:e3:2e:ae:03:01:93:f3:29:a8:29:2f:cc:
         b9:ff:ea:bf:f5:7b:b5:f9:4c:4e:50:8a:f0:89:13:47:a8:c7:
         36:04:83:24:cd:ce:c0:2f:92:84:dd:51:16:40:47:81:ee:4c:
         da:e0:29:a6:ae:b2:f1:00:95:cb:89:f1:9e:c9:57:a2:ea:6d:
         a3:a9:87:45:59:2a:bc:3f:04:21:e8:d5:8a:63:0c:c2:7a:b4:
         91:ea:99:8a:cb:1e:7f:b0:96:6a:5f:fd:b7:b9:d2:0f:bf:c8:
         c3:1e:43:e7:b6:89:af:4e:48:d9:9c:ca:97:f8:36:85:21:d5:
         c1:84:dc:c6:e2:cf:6b:af:0a:ea:ab:3c:29:cc:1e:25:52:4d:
         f9:a2:d1:39:69:b3:47:93:a1:87:63:d6:26:71:ce:fd:a8:88:
         66:a9:67:9b:48:5f:64:92:5c:ea:d1:de:8d:67:f2:93:f1:10:
         cc:1a:09:04:ac:73:42:5a:15:43:a8:1e:c5:e9:d3:86:c5:b5:
         f4:dc:2c:50:a1:9c:b7:97:f6:85:f2:d4:bf:9d:d8:65:ad:cf:
         1b:ad:1f:11:ef:ea:16:f6:8d:b9:b0:bc:66:3e:cb:cc:27:6b:
         08:22:3f:c7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZB33bwYh97mtQwVVFsaNo4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzkxMmZmZWY2NzA3OGJiMDZiZDRhOTAyMWZiYTk2YWRi
MTgwYmUwHhcNMjQwNzAzMDkxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFhMzE1YjIwNGU4ZmVkZDgwNDg2MTAzZWQ2ZDU1OWE3OGU3NDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonW8LcZvOnsGg2vQA/DBnZ+1Rhi6
hImOq+av/UsT2j1jrHM/oPSJGjmXrhGfUGxUzvcRMGRf1qiSfw+WtV0/44m5v0DP
dshN6JR0PnznXnOn1zFzYlETJofTIbFQS4VXS4KRsZfFoyH7hIYQbPldFObJdabD
W6obzLy3OLnKxk61GdzFIlwCeWZwkKra7B7+e0txe7uJnXSfOXmHSgehvETqL1FA
PkYuN+uy1XZsi+6j7oiOjCqTOpjEeT/UAZDhX04hXqbnDmTUDhucCxxX1BnABt8q
uXP5jgLFZwFLYPvTNqSoK6MkAv01cMdxjHn3NrYP77Eb5+mJyCizqkZmpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKgaMVsgTo/t2ASGED7W1VmnjnRvMB8GA1UdIwQY
MBaAFLJ5Ev/vZweLsGvUqQIfupatsYC+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25rU18tOW5CNHV3YTlTcEFoLTZscTJ4Z0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yYjg3YzUtMzgwZC00NzZmLWE3MTQt
NWMwZDkyZjlhNDlmLzEvcUJveFd5Qk9qLTNZQklZUVB0YlZXYWVPZEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yYjg3YzUtMzgwZC00NzZmLWE3MTQtNWMwZDkyZjlhNDlm
LzEvc25rU18tOW5CNHV3YTlTcEFoLTZscTJ4Z0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEHywQAwQC
LZBkMA0EAgACMAcDBQAqANQAMA0GCSqGSIb3DQEBCwUAA4IBAQBOaDAffbyAbhz9
Wndlnaxk7ARoyEdSH/XjLq4DAZPzKagpL8y5/+q/9Xu1+UxOUIrwiRNHqMc2BIMk
zc7AL5KE3VEWQEeB7kza4CmmrrLxAJXLifGeyVei6m2jqYdFWSq8PwQh6NWKYwzC
erSR6pmKyx5/sJZqX/23udIPv8jDHkPntomvTkjZnMqX+DaFIdXBhNzG4s9rrwrq
qzwpzB4lUk35otE5abNHk6GHY9Ymcc79qIhmqWebSF9kklzq0d6NZ/KT8RDMGgkE
rHNCWhVDqB7F6dOGxbX03CxQoZy3l/aF8tS/ndhlrc8brR8R7+oW9o25sLxmPsvM
J2sIIj/H
-----END CERTIFICATE-----