Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-2Jz35sYvfDK8e25u67SDrv5-ao.roa
File:                     1-2Jz35sYvfDK8e25u67SDrv5-ao.roa (raw, json)
Hash identifier:          F76lzh/ARvCkxiKTovbYn5DaBFLJ6pDc8ixSD5fPsHE=
Subject key identifier:   FB:62:73:DF:9B:18:BD:F0:CA:F1:ED:B9:BB:AE:D2:0E:BB:F9:F9:AA
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A57EC7C9BFE49929F3F0A682F4409
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-2Jz35sYvfDK8e25u67SDrv5-ao.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212571
IP address blocks:        31.148.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:ec:7c:9b:fe:49:92:9f:3f:0a:68:2f:44:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb6273df9b18bdf0caf1edb9bbaed20ebbf9f9aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c9:78:e0:a8:8b:2b:87:06:b6:26:a1:2a:e2:
                    1b:8d:ba:39:db:3b:75:84:b4:26:e3:f6:6e:23:16:
                    89:84:a0:e6:bb:7a:a2:33:e6:f1:61:b2:7a:f5:3f:
                    d7:72:32:4d:08:11:a3:79:ee:c7:6a:6c:26:dc:33:
                    fe:2c:ef:40:db:83:39:b0:96:ea:ba:43:2f:e5:1c:
                    9e:7c:b8:16:c2:8f:31:6b:01:ec:db:28:da:a5:7d:
                    1d:5b:1d:bb:bb:80:46:f1:32:34:5c:f8:9f:b8:55:
                    e6:b7:50:c6:70:9e:32:cd:04:05:b0:40:9e:c2:5b:
                    64:eb:b1:5a:5f:0f:31:f0:ba:20:97:f7:98:9e:f9:
                    35:76:36:fb:50:e1:02:6c:23:56:7a:f8:28:a0:5b:
                    b2:47:7a:73:78:10:85:e0:39:ba:fb:9a:95:bf:7d:
                    82:ec:33:a9:27:02:36:2c:4e:05:47:e8:fd:e1:00:
                    91:aa:02:77:45:16:69:ac:08:90:67:c6:26:bd:19:
                    59:f5:90:da:a0:ee:c0:6f:3b:a2:02:31:76:6e:5c:
                    d4:ec:99:34:a9:5a:da:d3:e8:67:19:f2:61:a1:b9:
                    7a:d3:f1:77:36:14:e6:a8:82:2c:12:8e:ec:44:66:
                    1f:8f:8a:58:8d:75:24:e2:fb:6f:92:93:21:8e:d4:
                    ab:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:62:73:DF:9B:18:BD:F0:CA:F1:ED:B9:BB:AE:D2:0E:BB:F9:F9:AA
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-2Jz35sYvfDK8e25u67SDrv5-ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:b7:30:1e:d3:06:44:08:39:df:4f:aa:6a:8d:9a:af:8a:a7:
         00:aa:01:34:43:1f:54:61:13:dd:f0:20:19:27:3e:ff:d4:1a:
         a4:11:a7:9a:b1:a4:74:0a:eb:60:d4:45:03:de:f2:19:b4:09:
         91:05:58:2e:ea:a7:65:9e:18:5d:87:42:27:5c:45:60:45:5f:
         06:61:9c:9c:e3:c9:e9:d8:49:52:3d:09:01:e5:22:7c:6b:3d:
         75:12:01:5a:aa:78:80:61:49:8b:9e:83:62:fc:81:40:c4:4d:
         00:8d:13:6f:45:b1:52:c6:66:a9:e2:da:5e:cd:0c:02:c1:c2:
         12:1c:17:0a:93:2c:ec:36:fd:75:d5:6e:dd:06:a9:58:03:99:
         1d:d9:c0:e9:88:4f:e1:f9:46:4a:65:22:1b:b9:66:5c:e5:6f:
         9e:cf:58:55:46:b6:4c:45:42:e5:f9:9a:4b:bf:69:14:f7:23:
         69:cc:e1:88:95:4b:0c:92:fd:57:d9:ff:f0:12:e9:8f:82:a3:
         7c:91:8d:d2:86:44:bf:ca:4b:0d:d5:29:1c:28:3e:fb:97:f3:
         00:c6:03:bd:e3:09:60:f7:5d:26:ef:d2:4d:06:73:24:66:2b:
         51:3a:3f:01:a7:b4:7a:25:f8:1b:62:4a:98:43:4e:f8:71:e9:
         54:63:c4:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKlfsfJv+SZKfPwpoL0QJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjYyNzNkZjliMThiZGYwY2FmMWVkYjliYmFlZDIwZWJiZjlmOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMl44KiLK4cGtiahKuIbjbo52zt1
hLQm4/ZuIxaJhKDmu3qiM+bxYbJ69T/XcjJNCBGjee7Hamwm3DP+LO9A24M5sJbq
ukMv5RyefLgWwo8xawHs2yjapX0dWx27u4BG8TI0XPifuFXmt1DGcJ4yzQQFsECe
wltk67FaXw8x8Logl/eYnvk1djb7UOECbCNWevgooFuyR3pzeBCF4Dm6+5qVv32C
7DOpJwI2LE4FR+j94QCRqgJ3RRZprAiQZ8YmvRlZ9ZDaoO7AbzuiAjF2blzU7Jk0
qVra0+hnGfJhobl60/F3NhTmqIIsEo7sRGYfj4pYjXUk4vtvkpMhjtSrTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtic9+bGL3wyvHtubuu0g67+fmqMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMS0ySnozNXNZdmZESzhlMjV1NjdTRHJ2NS1hby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTgvMThhOTFjLTBlNzctNDVjOS04Y2M0LTA2MmM2OTMzYWJl
ZC8xL2RKRWl3MVE0cE9zbUl6X2Nia3V4M3kycTcwSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+UBzAN
BgkqhkiG9w0BAQsFAAOCAQEALLcwHtMGRAg530+qao2ar4qnAKoBNEMfVGET3fAg
GSc+/9QapBGnmrGkdArrYNRFA97yGbQJkQVYLuqnZZ4YXYdCJ1xFYEVfBmGcnOPJ
6dhJUj0JAeUifGs9dRIBWqp4gGFJi56DYvyBQMRNAI0Tb0WxUsZmqeLaXs0MAsHC
EhwXCpMs7Db9ddVu3QapWAOZHdnA6YhP4flGSmUiG7lmXOVvns9YVUa2TEVC5fma
S79pFPcjaczhiJVLDJL9V9n/8BLpj4KjfJGN0oZEv8pLDdUpHCg++5fzAMYDveMJ
YPddJu/STQZzJGYrUTo/Aae0eiX4G2JKmENO+HHpVGPEPA==
-----END CERTIFICATE-----