Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/AQU11Wcc9esGXKEHnZhPRh1T3Co.roa
File:                     AQU11Wcc9esGXKEHnZhPRh1T3Co.roa (raw, json)
Hash identifier:          S7Z9xQAwSOeaWecWkx5WZJFbIM11SSk6rgfFB2GODVQ=
Subject key identifier:   01:05:35:D5:67:1C:F5:EB:06:5C:A1:07:9D:98:4F:46:1D:53:DC:2A
Certificate issuer:       /CN=696c67867e0e202248e7f5e3cbd574bd1a32fe3f
Certificate serial:       018CC26D2756D77B73E4B9831A106F955B35
Authority key identifier: 69:6C:67:86:7E:0E:20:22:48:E7:F5:E3:CB:D5:74:BD:1A:32:FE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/AQU11Wcc9esGXKEHnZhPRh1T3Co.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        163.119.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:27:56:d7:7b:73:e4:b9:83:1a:10:6f:95:5b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=696c67867e0e202248e7f5e3cbd574bd1a32fe3f
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=010535d5671cf5eb065ca1079d984f461d53dc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ca:b6:49:60:93:3b:47:bb:7c:b9:a1:a0:7c:
                    a4:cc:6c:ea:f5:a6:19:3a:50:70:a9:cc:9c:64:2d:
                    77:e1:63:af:83:c2:3b:a3:03:99:f3:d5:72:86:3b:
                    83:99:01:22:b4:94:98:e6:79:7c:88:e1:a8:2a:d6:
                    ae:c0:bd:07:3a:77:a9:04:18:ce:48:45:03:fb:90:
                    15:ff:36:41:c9:28:bd:4d:e6:87:d0:e5:c3:da:29:
                    39:dd:11:c4:77:bf:bb:c0:db:32:35:8b:eb:a1:0e:
                    7d:c0:14:79:16:be:5a:c5:1e:7f:ab:eb:a3:ab:1a:
                    c8:7c:06:51:8f:4b:4f:a3:65:39:d5:99:5b:30:2c:
                    52:ad:ce:00:49:8f:e2:4f:db:d3:12:cd:4a:74:e3:
                    13:d6:02:ac:ee:bb:b4:32:92:8d:3c:56:aa:83:12:
                    4b:3f:b0:af:1b:b7:79:ff:a8:ae:04:9d:d4:28:87:
                    ac:9d:f9:6d:57:87:c1:9f:32:24:36:c7:16:26:4d:
                    a5:96:2b:57:21:b7:c0:b1:5f:27:90:1c:45:73:b7:
                    ea:78:a9:7b:f9:49:b2:92:2e:58:10:cb:d7:ea:72:
                    3e:8e:30:8b:d4:ac:e0:e4:18:60:55:b8:fb:7b:12:
                    22:18:88:8c:d0:55:89:ea:2b:83:75:6c:b0:e8:0d:
                    35:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:05:35:D5:67:1C:F5:EB:06:5C:A1:07:9D:98:4F:46:1D:53:DC:2A
            X509v3 Authority Key Identifier:
                keyid:69:6C:67:86:7E:0E:20:22:48:E7:F5:E3:CB:D5:74:BD:1A:32:FE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/AQU11Wcc9esGXKEHnZhPRh1T3Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.119.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2e:58:5c:e7:e0:3e:05:d6:ba:2b:43:de:ae:70:68:3f:95:71:
         ef:47:77:3e:81:08:4f:7a:f3:9e:18:83:ac:44:1c:d7:82:16:
         8b:69:af:90:d1:f3:91:a0:02:b7:df:b1:da:d8:fa:7c:77:b7:
         41:9a:45:03:10:1f:b3:f1:f8:f1:e2:57:e4:45:ef:10:37:99:
         7e:a1:57:b7:69:92:be:4f:07:5d:64:f1:1c:dd:eb:1d:36:c7:
         a4:b8:df:09:b0:a7:6a:d8:78:c8:b0:c0:33:eb:0e:d9:b5:3d:
         c5:6a:04:1a:2e:1c:0f:e7:7c:d0:07:df:49:a1:31:91:34:be:
         22:db:c3:aa:f1:1e:fe:1d:e0:a1:1d:29:3c:35:2c:d6:8c:1f:
         78:8d:c0:4f:94:f6:5b:ba:58:d6:d4:c6:46:d9:16:3e:1b:a2:
         6f:d1:b9:a4:a4:e1:64:18:63:22:cc:3d:d2:6c:9a:e8:da:ee:
         4d:16:21:6e:39:df:2e:16:dd:8c:38:68:01:7f:54:37:ae:93:
         5b:b8:fb:09:d7:cc:80:a1:b9:62:d0:b1:2f:bd:20:27:85:99:
         61:d3:9b:d5:1f:02:ac:64:f8:c6:e9:95:0f:2c:7f:d4:3d:cf:
         0b:ea:49:5b:81:25:70:4f:f6:53:1a:10:22:be:5e:e2:53:19:
         0a:be:f0:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSdW13tz5LmDGhBvlVs1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NmM2Nzg2N2UwZTIwMjI0OGU3ZjVlM2NiZDU3NGJkMWEz
MmZlM2YwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTA1MzVkNTY3MWNmNWViMDY1Y2ExMDc5ZDk4NGY0NjFkNTNkYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksq2SWCTO0e7fLmhoHykzGzq9aYZ
OlBwqcycZC134WOvg8I7owOZ89VyhjuDmQEitJSY5nl8iOGoKtauwL0HOnepBBjO
SEUD+5AV/zZBySi9TeaH0OXD2ik53RHEd7+7wNsyNYvroQ59wBR5Fr5axR5/q+uj
qxrIfAZRj0tPo2U51ZlbMCxSrc4ASY/iT9vTEs1KdOMT1gKs7ru0MpKNPFaqgxJL
P7CvG7d5/6iuBJ3UKIesnfltV4fBnzIkNscWJk2llitXIbfAsV8nkBxFc7fqeKl7
+Umyki5YEMvX6nI+jjCL1Kzg5BhgVbj7exIiGIiM0FWJ6iuDdWyw6A01bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEFNdVnHPXrBlyhB52YT0YdU9wqMB8GA1UdIwQY
MBaAFGlsZ4Z+DiAiSOf148vVdL0aMv4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVd4bmhuNE9JQ0pJNV9Yank5VjB2Um95X2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYzA0NTMtN2U4Zi00MWIxLTg1ZDEt
MWNiMWE4ZjgwMjM4LzEvQVFVMTFXY2M5ZXNHWEtFSG5aaFBSaDFUM0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYzA0NTMtN2U4Zi00MWIxLTg1ZDEtMWNiMWE4ZjgwMjM4
LzEvYVd4bmhuNE9JQ0pJNV9Yank5VjB2Um95X2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHo3cAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuWFzn4D4F1rorQ96ucGg/lXHvR3c+gQhPevOeGIOs
RBzXghaLaa+Q0fORoAK337Ha2Pp8d7dBmkUDEB+z8fjx4lfkRe8QN5l+oVe3aZK+
TwddZPEc3esdNsekuN8JsKdq2HjIsMAz6w7ZtT3FagQaLhwP53zQB99JoTGRNL4i
28Oq8R7+HeChHSk8NSzWjB94jcBPlPZbuljW1MZG2RY+G6Jv0bmkpOFkGGMizD3S
bJro2u5NFiFuOd8uFt2MOGgBf1Q3rpNbuPsJ18yAobli0LEvvSAnhZlh05vVHwKs
ZPjG6ZUPLH/UPc8L6klbgSVwT/ZTGhAivl7iUxkKvvCQ
-----END CERTIFICATE-----