Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/MQ05A6iaY4_u3ud1dHtaEbOWQ7g.roa
File:                     MQ05A6iaY4_u3ud1dHtaEbOWQ7g.roa (raw, json)
Hash identifier:          Vr30Ij04R1JWTCUy4BTZ+TcBgQg05pEB3drPCRUdVlE=
Subject key identifier:   31:0D:39:03:A8:9A:63:8F:EE:DE:E7:75:74:7B:5A:11:B3:96:43:B8
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018CC348EEA08E8B88E30CE3389D30D06BD2
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/MQ05A6iaY4_u3ud1dHtaEbOWQ7g.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134408
IP address blocks:        178.237.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ee:a0:8e:8b:88:e3:0c:e3:38:9d:30:d0:6b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=310d3903a89a638feedee775747b5a11b39643b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1b:de:8a:3e:5b:ed:de:e4:50:f4:79:d1:0b:
                    46:82:bc:6a:8c:49:ab:cd:ae:82:61:4b:16:6b:29:
                    87:7e:c9:50:cc:2e:18:cd:ae:a2:b4:0b:4f:d5:0d:
                    12:97:2a:18:52:8d:9c:a2:a9:9d:a7:96:90:e8:9a:
                    e2:c6:a0:05:5f:8d:3e:b7:dc:51:0b:6e:79:87:26:
                    70:46:9d:99:e2:5e:f0:07:6d:8c:32:95:71:b2:d4:
                    e0:15:65:95:54:c4:e3:b9:f1:9d:f5:24:bc:bd:27:
                    b7:20:aa:b1:ec:6b:c2:bd:2d:10:4d:e7:d4:f4:53:
                    22:b5:3b:b2:d6:47:14:d6:d5:b6:71:9d:f9:e4:cd:
                    3e:ac:d7:7a:62:9e:14:10:9b:cb:80:20:d3:85:90:
                    82:e6:75:d7:31:95:f0:fe:dc:38:29:3b:8f:31:09:
                    66:87:e4:92:15:36:7e:5b:b5:f5:c3:a7:22:57:06:
                    7e:e2:ae:4f:83:e9:06:5f:e6:91:b0:59:51:b2:2a:
                    d5:1d:89:75:31:09:a3:d0:79:5a:a8:2d:93:bc:07:
                    74:e6:2e:6e:af:b5:4b:73:fd:2f:31:7a:c6:4f:dc:
                    d9:24:4f:a3:fb:6a:b3:2c:3a:d8:a6:9e:64:43:ec:
                    b7:4a:7c:ad:92:5a:95:27:f8:3b:96:5e:0b:0f:e1:
                    fc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0D:39:03:A8:9A:63:8F:EE:DE:E7:75:74:7B:5A:11:B3:96:43:B8
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/MQ05A6iaY4_u3ud1dHtaEbOWQ7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:91:cc:30:64:cc:88:71:6d:f2:72:cd:ef:fc:38:d5:53:df:
         ab:f6:c2:ff:bc:09:55:e6:c7:14:88:9b:92:3a:93:51:19:96:
         9c:b6:bd:1f:d7:1a:7c:95:ac:c8:b1:8b:3e:e7:9b:d4:00:c4:
         40:f6:f4:ce:5c:4c:c2:58:fb:61:8d:0d:a9:0b:02:b6:d2:be:
         a3:20:3c:97:ff:c1:60:75:2e:48:cf:20:0a:b6:8b:e4:2f:5a:
         ba:d9:a9:ab:e1:46:e1:0f:1d:fb:c0:25:9a:20:ea:be:ac:bf:
         06:a0:f5:25:15:da:59:15:54:02:31:19:5c:41:8e:a5:a7:89:
         55:51:51:72:e9:b8:a0:b8:3b:3e:42:74:a5:78:b9:bc:cb:3b:
         5a:5b:4e:8a:15:6b:b0:2f:10:d7:c2:36:d3:3f:53:71:46:00:
         c1:ca:57:24:10:2b:e8:90:32:0b:fd:e1:c9:6c:96:d9:ce:8e:
         d9:5a:bb:24:85:2a:bf:f0:92:22:a6:64:e7:cc:dc:bf:ab:3a:
         b9:9c:51:a9:39:ab:a2:e2:be:78:d2:fd:93:86:22:e7:20:1e:
         71:eb:6a:3f:c1:46:18:32:57:95:de:ee:fb:f6:d2:87:b3:49:
         6e:c9:bd:17:6f:bc:b6:92:07:ab:f7:1e:4c:c5:fd:db:fc:2f:
         56:07:ee:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO6gjouI4wzjOJ0w0GvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBkMzkwM2E4OWE2MzhmZWVkZWU3NzU3NDdiNWExMWIzOTY0M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRveij5b7d7kUPR50QtGgrxqjEmr
za6CYUsWaymHfslQzC4Yza6itAtP1Q0SlyoYUo2coqmdp5aQ6JrixqAFX40+t9xR
C255hyZwRp2Z4l7wB22MMpVxstTgFWWVVMTjufGd9SS8vSe3IKqx7GvCvS0QTefU
9FMitTuy1kcU1tW2cZ355M0+rNd6Yp4UEJvLgCDThZCC5nXXMZXw/tw4KTuPMQlm
h+SSFTZ+W7X1w6ciVwZ+4q5Pg+kGX+aRsFlRsirVHYl1MQmj0HlaqC2TvAd05i5u
r7VLc/0vMXrGT9zZJE+j+2qzLDrYpp5kQ+y3SnytklqVJ/g7ll4LD+H8YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDENOQOommOP7t7ndXR7WhGzlkO4MB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvTVEwNUE2aWFZNF91M3VkMWRIdGFFYk9XUTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu2rMA0G
CSqGSIb3DQEBCwUAA4IBAQBpkcwwZMyIcW3ycs3v/DjVU9+r9sL/vAlV5scUiJuS
OpNRGZactr0f1xp8lazIsYs+55vUAMRA9vTOXEzCWPthjQ2pCwK20r6jIDyX/8Fg
dS5IzyAKtovkL1q62amr4UbhDx37wCWaIOq+rL8GoPUlFdpZFVQCMRlcQY6lp4lV
UVFy6biguDs+QnSleLm8yztaW06KFWuwLxDXwjbTP1NxRgDBylckECvokDIL/eHJ
bJbZzo7ZWrskhSq/8JIipmTnzNy/qzq5nFGpOaui4r540v2ThiLnIB5x62o/wUYY
MleV3u779tKHs0luyb0Xb7y2kger9x5Mxf3b/C9WB+7K
-----END CERTIFICATE-----