Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/AW1Cm4DIdPFIEoTBFdL_6BB7K2A.roa
File:                     AW1Cm4DIdPFIEoTBFdL_6BB7K2A.roa (raw, json)
Hash identifier:          T9DGw2DG8KSQQ5pY0rh4QOETlmDdlBALgiGc9ZNC04w=
Subject key identifier:   01:6D:42:9B:80:C8:74:F1:48:12:84:C1:15:D2:FF:E8:10:7B:2B:60
Certificate issuer:       /CN=41251342e05d58b3b7fc93a15cba1eb71e542385
Certificate serial:       018CC8016C24E73D9847E380E895DA81595E
Authority key identifier: 41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/AW1Cm4DIdPFIEoTBFdL_6BB7K2A.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201691
IP address blocks:        185.165.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:24:e7:3d:98:47:e3:80:e8:95:da:81:59:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41251342e05d58b3b7fc93a15cba1eb71e542385
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=016d429b80c874f1481284c115d2ffe8107b2b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d6:8f:41:fe:95:9d:05:a8:b0:8e:79:1a:65:
                    6a:3b:08:8a:1a:c8:73:c3:17:20:ac:02:3b:d2:0c:
                    0e:83:c9:6f:f0:6d:70:2d:58:c3:de:78:fa:9d:eb:
                    87:ca:83:d6:cc:8c:4f:ed:8e:c9:04:52:c3:64:36:
                    4b:97:25:f0:b1:67:15:57:f8:51:e2:50:9b:c7:ea:
                    2d:12:1e:96:44:37:4a:73:73:bb:d8:69:6a:35:d8:
                    a7:89:2c:ce:a8:0a:8b:33:50:92:b7:51:07:0f:3e:
                    28:a9:a7:62:de:b8:e8:98:68:25:aa:3f:ed:94:1e:
                    b9:98:f3:e4:56:0e:ce:5d:b7:fa:6c:b7:ae:82:c8:
                    03:fb:96:b4:d6:1f:17:ba:c0:1b:8d:f4:13:2c:24:
                    aa:03:74:ed:9c:95:bb:5e:36:8a:90:1b:05:d7:3d:
                    92:25:da:06:ed:87:6b:ab:ea:4f:f8:3f:eb:03:c6:
                    15:70:82:5e:33:d8:f7:3c:51:23:3c:22:46:8a:eb:
                    e0:90:61:9a:f7:ca:30:dc:f3:cd:e0:43:e8:ce:47:
                    13:e5:0b:57:33:ee:eb:5e:ce:ec:9d:72:f8:c5:65:
                    52:cd:b5:55:ff:3c:11:08:88:b2:32:bb:07:b2:64:
                    6b:df:66:fb:25:6b:94:78:a0:35:f8:3e:f6:d6:43:
                    3d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:6D:42:9B:80:C8:74:F1:48:12:84:C1:15:D2:FF:E8:10:7B:2B:60
            X509v3 Authority Key Identifier:
                keyid:41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/AW1Cm4DIdPFIEoTBFdL_6BB7K2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:e7:82:fa:36:58:8e:09:34:ef:8b:7b:e2:d8:17:81:8a:24:
         42:88:d3:f9:dc:d8:76:54:70:08:9e:66:97:ed:24:3f:65:47:
         c7:e9:d8:8f:3a:16:46:af:27:e1:55:79:8b:29:68:b3:38:44:
         86:1c:47:54:60:50:e9:e9:2c:5b:a7:87:c5:e0:cc:62:f9:a8:
         e1:40:6e:49:56:74:d4:e5:7a:88:f6:2a:15:20:33:a7:6a:e5:
         6c:f0:40:f0:1b:c9:3e:0c:8d:d1:cd:61:79:f3:07:f6:0f:56:
         98:a5:ce:a4:de:e7:98:44:80:d7:0d:4e:15:f0:f9:d9:e3:40:
         d6:06:bd:fc:59:a2:a7:df:51:8d:4f:1a:23:f1:aa:01:44:ae:
         b2:f3:40:fa:45:c7:64:9a:96:72:6d:57:42:74:ff:ec:bb:53:
         82:f0:a2:43:db:2c:3e:c9:42:64:29:cd:45:32:44:f0:76:50:
         b8:51:47:57:e6:fa:eb:76:ae:b0:46:6b:d8:66:d5:0c:18:b1:
         23:fb:78:d1:5c:71:38:6e:c1:56:c9:5e:b1:c3:08:64:50:e6:
         5b:c2:3c:ca:c9:fc:86:5f:0c:5b:a4:da:46:6d:dc:b4:29:06:
         5b:97:ee:e7:a2:3b:ea:d1:ea:2a:b4:1c:1c:2b:b5:0e:34:39:
         90:d2:d7:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWwk5z2YR+OA6JXagVleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjUxMzQyZTA1ZDU4YjNiN2ZjOTNhMTVjYmExZWI3MWU1
NDIzODUwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTZkNDI5YjgwYzg3NGYxNDgxMjg0YzExNWQyZmZlODEwN2IyYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstaPQf6VnQWosI55GmVqOwiKGshz
wxcgrAI70gwOg8lv8G1wLVjD3nj6neuHyoPWzIxP7Y7JBFLDZDZLlyXwsWcVV/hR
4lCbx+otEh6WRDdKc3O72GlqNdiniSzOqAqLM1CSt1EHDz4oqadi3rjomGglqj/t
lB65mPPkVg7OXbf6bLeugsgD+5a01h8XusAbjfQTLCSqA3TtnJW7XjaKkBsF1z2S
JdoG7Ydrq+pP+D/rA8YVcIJeM9j3PFEjPCJGiuvgkGGa98ow3PPN4EPozkcT5QtX
M+7rXs7snXL4xWVSzbVV/zwRCIiyMrsHsmRr32b7JWuUeKA1+D721kM9pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFtQpuAyHTxSBKEwRXS/+gQeytgMB8GA1UdIwQY
MBaAFEElE0LgXVizt/yToVy6HrceVCOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGIt
YzM2NjhiNTAzYTFjLzEvQVcxQ200RElkUEZJRW9UQkZkTF82QkI3SzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGItYzM2NjhiNTAzYTFj
LzEvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaUfMA0G
CSqGSIb3DQEBCwUAA4IBAQAj54L6NliOCTTvi3vi2BeBiiRCiNP53Nh2VHAInmaX
7SQ/ZUfH6diPOhZGryfhVXmLKWizOESGHEdUYFDp6Sxbp4fF4Mxi+ajhQG5JVnTU
5XqI9ioVIDOnauVs8EDwG8k+DI3RzWF58wf2D1aYpc6k3ueYRIDXDU4V8PnZ40DW
Br38WaKn31GNTxoj8aoBRK6y80D6RcdkmpZybVdCdP/su1OC8KJD2yw+yUJkKc1F
MkTwdlC4UUdX5vrrdq6wRmvYZtUMGLEj+3jRXHE4bsFWyV6xwwhkUOZbwjzKyfyG
XwxbpNpGbdy0KQZbl+7nojvq0eoqtBwcK7UONDmQ0tfn
-----END CERTIFICATE-----