Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/q_zOdtopi-vmi40xaYIxwJZKJbI.roa
File:                     q_zOdtopi-vmi40xaYIxwJZKJbI.roa (raw, json)
Hash identifier:          AbHa8zxaHs1atdrnwtIQ5aVbhD2fe7bsN4P7uYOTD5U=
Subject key identifier:   AB:FC:CE:76:DA:29:8B:EB:E6:8B:8D:31:69:82:31:C0:96:4A:25:B2
Certificate issuer:       /CN=b0beed6ede9eb285bd2a6abb985adcdbe8f2779a
Certificate serial:       018CC9BA7C947913A8BC856D705EA4708768
Authority key identifier: B0:BE:ED:6E:DE:9E:B2:85:BD:2A:6A:BB:98:5A:DC:DB:E8:F2:77:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sL7tbt6esoW9Kmq7mFrc2-jyd5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/q_zOdtopi-vmi40xaYIxwJZKJbI.roa
Signing time:             Tue 02 Jan 2024 10:31:31 +0000
ROA not before:           Tue 02 Jan 2024 10:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43174
IP address blocks:        131.117.200.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/sL7tbt6esoW9Kmq7mFrc2-jyd5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/sL7tbt6esoW9Kmq7mFrc2-jyd5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sL7tbt6esoW9Kmq7mFrc2-jyd5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:7c:94:79:13:a8:bc:85:6d:70:5e:a4:70:87:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0beed6ede9eb285bd2a6abb985adcdbe8f2779a
        Validity
            Not Before: Jan  2 10:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abfcce76da298bebe68b8d31698231c0964a25b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bb:74:7c:ac:d3:da:39:2a:0c:d0:84:38:ec:
                    ea:33:2c:18:17:db:67:21:1f:b8:49:76:73:13:e8:
                    7c:73:09:d9:15:7a:94:dc:b2:c4:b3:a2:73:5b:82:
                    0f:00:a4:c3:c8:88:84:50:e8:18:9b:97:02:29:d7:
                    d8:b9:c1:5a:9c:f4:79:5d:46:a7:62:93:d1:cf:6c:
                    de:07:fc:84:54:99:10:a0:7b:c6:25:0b:5f:36:90:
                    04:c0:34:74:ba:85:b2:e3:cf:21:ba:89:f3:a3:9b:
                    15:86:2d:91:4e:79:e9:ee:b8:fe:f2:a5:61:e1:41:
                    c0:93:b5:6d:74:f0:3b:fa:8c:a7:c9:89:cb:88:8a:
                    7b:ee:6f:a4:ed:43:ad:d7:2f:cc:be:27:b2:7f:02:
                    2d:fc:fe:02:52:ac:f9:0b:21:2d:01:a5:82:ad:31:
                    d0:09:ad:f9:07:da:36:51:d3:73:25:8c:7b:41:16:
                    1e:e5:d3:7e:c5:fb:b7:45:37:d4:4e:b3:8a:e6:12:
                    6d:cd:96:cb:54:4e:5f:c7:34:6b:59:32:94:22:51:
                    ca:a8:81:b3:06:b1:61:df:dd:79:d8:81:c2:22:38:
                    63:79:e5:b9:65:8e:a2:be:6c:05:ae:e1:b8:6c:90:
                    ec:a6:ff:f9:59:3b:71:0f:76:99:4b:80:07:d2:d6:
                    7b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FC:CE:76:DA:29:8B:EB:E6:8B:8D:31:69:82:31:C0:96:4A:25:B2
            X509v3 Authority Key Identifier:
                keyid:B0:BE:ED:6E:DE:9E:B2:85:BD:2A:6A:BB:98:5A:DC:DB:E8:F2:77:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sL7tbt6esoW9Kmq7mFrc2-jyd5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/q_zOdtopi-vmi40xaYIxwJZKJbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ad0d6d-f949-46db-981f-b38d7f709d70/1/sL7tbt6esoW9Kmq7mFrc2-jyd5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.117.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:12:ad:91:93:85:c5:5a:51:8f:61:2e:55:04:b0:f3:e9:a5:
         10:5b:96:9f:e8:e1:dc:c5:e0:08:b2:70:9e:16:8c:e5:3d:9a:
         93:5d:1b:b6:0e:fb:23:21:20:f7:15:7c:a8:85:96:03:db:1a:
         d8:3f:27:e0:17:01:d5:9f:a7:6e:b4:77:84:68:d5:4b:6f:9f:
         e9:29:ee:e0:18:c4:7a:43:3f:c3:05:2f:a5:a9:e9:01:30:78:
         56:ac:8c:f2:36:55:5b:1c:23:4d:c1:d8:38:94:8b:de:1d:82:
         b6:ad:f1:e0:e6:7e:fb:0f:24:8e:24:7b:9b:24:5a:66:c2:fe:
         8e:21:b4:04:9f:4f:f4:dd:ea:6c:ce:0e:15:98:d3:85:56:2c:
         49:32:9b:d0:00:08:9f:83:16:ad:f5:2b:6e:98:13:4e:80:50:
         7b:58:1e:72:d4:f9:41:ad:5c:c5:d3:1a:2b:6f:2c:35:c7:a8:
         bc:8c:61:66:28:77:96:ef:e4:10:21:dd:1e:80:5a:00:f1:c2:
         0a:72:dd:29:b2:ae:0c:e9:dc:cd:67:b8:cf:cb:ab:3b:dc:72:
         d6:a2:c5:95:23:28:07:d9:7a:14:3e:a4:8e:c5:63:7f:58:53:
         5d:a3:97:4e:a8:6c:e3:6e:d0:7f:49:e0:b4:0a:6c:95:50:f6:
         81:4d:b4:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJunyUeROovIVtcF6kcIdoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYmVlZDZlZGU5ZWIyODViZDJhNmFiYjk4NWFkY2RiZThm
Mjc3OWEwHhcNMjQwMTAyMTAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmZjY2U3NmRhMjk4YmViZTY4YjhkMzE2OTgyMzFjMDk2NGEyNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7t0fKzT2jkqDNCEOOzqMywYF9tn
IR+4SXZzE+h8cwnZFXqU3LLEs6JzW4IPAKTDyIiEUOgYm5cCKdfYucFanPR5XUan
YpPRz2zeB/yEVJkQoHvGJQtfNpAEwDR0uoWy488huonzo5sVhi2RTnnp7rj+8qVh
4UHAk7VtdPA7+oynyYnLiIp77m+k7UOt1y/MvieyfwIt/P4CUqz5CyEtAaWCrTHQ
Ca35B9o2UdNzJYx7QRYe5dN+xfu3RTfUTrOK5hJtzZbLVE5fxzRrWTKUIlHKqIGz
BrFh39152IHCIjhjeeW5ZY6ivmwFruG4bJDspv/5WTtxD3aZS4AH0tZ73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv8znbaKYvr5ouNMWmCMcCWSiWyMB8GA1UdIwQY
MBaAFLC+7W7enrKFvSpqu5ha3Nvo8neaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0w3dGJ0NmVzb1c5S21xN21GcmMyLWp5ZDVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hZDBkNmQtZjk0OS00NmRiLTk4MWYt
YjM4ZDdmNzA5ZDcwLzEvcV96T2R0b3BpLXZtaTQweGFZSXh3SlpLSmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hZDBkNmQtZjk0OS00NmRiLTk4MWYtYjM4ZDdmNzA5ZDcw
LzEvc0w3dGJ0NmVzb1c5S21xN21GcmMyLWp5ZDVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDg3XIMA0G
CSqGSIb3DQEBCwUAA4IBAQAuEq2Rk4XFWlGPYS5VBLDz6aUQW5af6OHcxeAIsnCe
FozlPZqTXRu2DvsjISD3FXyohZYD2xrYPyfgFwHVn6dutHeEaNVLb5/pKe7gGMR6
Qz/DBS+lqekBMHhWrIzyNlVbHCNNwdg4lIveHYK2rfHg5n77DySOJHubJFpmwv6O
IbQEn0/03epszg4VmNOFVixJMpvQAAifgxat9StumBNOgFB7WB5y1PlBrVzF0xor
byw1x6i8jGFmKHeW7+QQId0egFoA8cIKct0psq4M6dzNZ7jPy6s73HLWosWVIygH
2XoUPqSOxWN/WFNdo5dOqGzjbtB/SeC0CmyVUPaBTbS8
-----END CERTIFICATE-----