Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/qlLxpm32xr2I6Mnyr9sxTUj-5Ys.roa
File:                     qlLxpm32xr2I6Mnyr9sxTUj-5Ys.roa (raw, json)
Hash identifier:          /iuk7ks/0LwmjAi9X5Ct+RK3xmw5ka0D358QH3DA7xI=
Subject key identifier:   AA:52:F1:A6:6D:F6:C6:BD:88:E8:C9:F2:AF:DB:31:4D:48:FE:E5:8B
Certificate issuer:       /CN=e0a13b922ee7ebb9aecde19a70d0e25b77750d02
Certificate serial:       018CC3B725667C64547BF311A6586B46FF76
Authority key identifier: E0:A1:3B:92:2E:E7:EB:B9:AE:CD:E1:9A:70:D0:E2:5B:77:75:0D:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4KE7ki7n67muzeGacNDiW3d1DQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/qlLxpm32xr2I6Mnyr9sxTUj-5Ys.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50592
IP address blocks:        193.105.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/4KE7ki7n67muzeGacNDiW3d1DQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/4KE7ki7n67muzeGacNDiW3d1DQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4KE7ki7n67muzeGacNDiW3d1DQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:25:66:7c:64:54:7b:f3:11:a6:58:6b:46:ff:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0a13b922ee7ebb9aecde19a70d0e25b77750d02
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa52f1a66df6c6bd88e8c9f2afdb314d48fee58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ef:fe:46:89:0a:a6:ec:a4:3d:5c:90:0d:9e:
                    23:8c:f2:b4:a9:e2:07:51:b5:17:f5:d6:7d:52:b8:
                    7a:a7:09:bd:98:0a:42:8a:83:f6:6a:94:8d:2c:d8:
                    c1:a6:93:8a:cb:7f:7c:72:a8:73:72:92:4a:53:03:
                    13:d7:19:8c:46:b8:a2:62:e5:57:a9:71:8b:97:36:
                    d5:9c:c1:05:dc:41:cb:fd:87:77:01:c2:5b:31:13:
                    01:de:7b:23:29:53:d2:23:95:c1:85:3a:02:4a:8a:
                    85:c3:09:88:5a:95:94:27:32:6e:01:bc:93:50:eb:
                    8d:3e:28:aa:68:f5:40:d6:13:f1:54:ad:04:04:f2:
                    39:3d:9f:31:e6:d2:0d:ee:37:35:6b:02:7d:f6:3e:
                    25:fe:06:9c:13:50:20:e3:3a:aa:9b:6f:35:b5:40:
                    32:65:44:f8:8e:33:45:a4:35:71:39:63:54:7b:0a:
                    12:ad:8c:24:42:b7:9d:48:c1:64:5f:72:9c:f7:a5:
                    47:32:b8:d8:53:4e:46:b3:bc:a9:ff:97:2f:ee:93:
                    71:4b:2d:6f:ab:b8:45:a1:af:4d:cd:95:2a:6d:94:
                    40:89:a2:fd:a1:d4:33:11:63:08:a5:e2:47:75:c3:
                    8a:e2:40:00:46:1a:3b:27:ee:25:65:16:68:07:90:
                    9d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:52:F1:A6:6D:F6:C6:BD:88:E8:C9:F2:AF:DB:31:4D:48:FE:E5:8B
            X509v3 Authority Key Identifier:
                keyid:E0:A1:3B:92:2E:E7:EB:B9:AE:CD:E1:9A:70:D0:E2:5B:77:75:0D:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4KE7ki7n67muzeGacNDiW3d1DQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/qlLxpm32xr2I6Mnyr9sxTUj-5Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/f77c5b-19b2-4bc1-8faa-10b0211d96fc/1/4KE7ki7n67muzeGacNDiW3d1DQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:3e:6f:4a:ec:bd:39:9e:7a:16:56:54:19:1f:1b:26:ef:ab:
         d7:04:7d:e9:46:8a:5f:9c:56:66:ec:ac:09:a3:b3:f6:eb:1a:
         a4:05:af:5e:4e:30:c3:ab:72:e0:d0:b4:64:11:9e:02:ac:d6:
         7f:ce:20:69:15:25:cc:5e:1f:9c:10:05:c8:01:0c:8e:87:86:
         88:ad:f3:46:30:4c:5b:2e:04:61:ae:27:99:ae:37:ad:49:41:
         1d:6a:20:ca:a8:49:69:03:d8:41:fc:1f:c4:b4:c6:06:df:b4:
         cf:fa:1a:f2:b4:08:a6:36:1b:62:bb:39:39:10:ef:f8:a3:3e:
         57:f4:97:b4:ca:72:fe:8b:63:29:9f:68:c4:69:52:17:ac:52:
         9e:0d:53:63:90:26:96:8b:4a:90:3b:ea:fb:0b:f9:b9:d9:fb:
         a9:3e:1c:45:a6:19:2c:42:a4:f0:d3:7e:1c:94:c8:4c:f2:2e:
         6f:a9:41:5a:3f:08:68:e4:86:f9:e2:75:9f:77:62:8a:90:d6:
         6d:a1:c9:92:bd:f5:1e:43:8b:88:2d:3a:cd:e1:74:b9:5b:80:
         b8:af:51:2e:e8:41:fa:aa:ae:07:e5:ce:c1:d8:3e:4c:01:72:
         3c:fc:4e:ff:a4:1a:28:b6:34:c1:e6:b9:62:d2:dd:d5:4f:1b:
         b8:7d:e8:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyVmfGRUe/MRplhrRv92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYTEzYjkyMmVlN2ViYjlhZWNkZTE5YTcwZDBlMjViNzc3
NTBkMDIwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTUyZjFhNjZkZjZjNmJkODhlOGM5ZjJhZmRiMzE0ZDQ4ZmVlNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO/+RokKpuykPVyQDZ4jjPK0qeIH
UbUX9dZ9Urh6pwm9mApCioP2apSNLNjBppOKy398cqhzcpJKUwMT1xmMRriiYuVX
qXGLlzbVnMEF3EHL/Yd3AcJbMRMB3nsjKVPSI5XBhToCSoqFwwmIWpWUJzJuAbyT
UOuNPiiqaPVA1hPxVK0EBPI5PZ8x5tIN7jc1awJ99j4l/gacE1Ag4zqqm281tUAy
ZUT4jjNFpDVxOWNUewoSrYwkQredSMFkX3Kc96VHMrjYU05Gs7yp/5cv7pNxSy1v
q7hFoa9NzZUqbZRAiaL9odQzEWMIpeJHdcOK4kAARho7J+4lZRZoB5Cd6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpS8aZt9sa9iOjJ8q/bMU1I/uWLMB8GA1UdIwQY
MBaAFOChO5Iu5+u5rs3hmnDQ4lt3dQ0CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtFN2tpN242N211emVHYWNORGlXM2QxRFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9mNzdjNWItMTliMi00YmMxLThmYWEt
MTBiMDIxMWQ5NmZjLzEvcWxMeHBtMzJ4cjJJNk1ueXI5c3hUVWotNVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9mNzdjNWItMTliMi00YmMxLThmYWEtMTBiMDIxMWQ5NmZj
LzEvNEtFN2tpN242N211emVHYWNORGlXM2QxRFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlzMA0G
CSqGSIb3DQEBCwUAA4IBAQCCPm9K7L05nnoWVlQZHxsm76vXBH3pRopfnFZm7KwJ
o7P26xqkBa9eTjDDq3Lg0LRkEZ4CrNZ/ziBpFSXMXh+cEAXIAQyOh4aIrfNGMExb
LgRhrieZrjetSUEdaiDKqElpA9hB/B/EtMYG37TP+hrytAimNhtiuzk5EO/4oz5X
9Je0ynL+i2Mpn2jEaVIXrFKeDVNjkCaWi0qQO+r7C/m52fupPhxFphksQqTw034c
lMhM8i5vqUFaPwho5Ib54nWfd2KKkNZtocmSvfUeQ4uILTrN4XS5W4C4r1Eu6EH6
qq4H5c7B2D5MAXI8/E7/pBootjTB5rli0t3VTxu4feiZ
-----END CERTIFICATE-----