Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Lqs9nRtkUpe4jWVm5QSrl6cNsas.roa
File:                     Lqs9nRtkUpe4jWVm5QSrl6cNsas.roa (raw, json)
Hash identifier:          HSIz9Fl+Mhj+G/VQeBEKIBCRO3VkWziYbb59kuJG9Ro=
Subject key identifier:   2E:AB:3D:9D:1B:64:52:97:B8:8D:65:66:E5:04:AB:97:A7:0D:B1:AB
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1F471EE1A706F5559A68A20D3213
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Lqs9nRtkUpe4jWVm5QSrl6cNsas.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59738
IP address blocks:        31.148.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:47:1e:e1:a7:06:f5:55:9a:68:a2:0d:32:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eab3d9d1b645297b88d6566e504ab97a70db1ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c9:47:0a:18:4c:d4:e6:d3:4b:51:17:83:10:
                    31:18:07:a9:9c:6f:a4:b7:32:8a:2d:e8:de:05:aa:
                    cc:66:15:4b:c8:f8:d8:6a:bf:f8:3b:ec:22:81:40:
                    d4:4d:ae:08:a6:30:9b:9a:13:dc:6b:cd:95:a1:06:
                    f5:61:fa:9b:62:e4:62:92:6e:5f:5a:9d:7f:e1:7c:
                    54:66:bf:90:18:e2:b3:e9:5c:cf:df:f3:d1:e1:5e:
                    96:e7:c2:c8:8b:f6:ac:4f:84:e9:a1:d0:02:b9:c0:
                    13:73:d5:44:69:e7:5b:97:63:94:2d:02:bd:7a:a5:
                    b7:1a:d6:9d:73:51:53:63:37:90:26:58:3b:40:82:
                    23:74:77:a0:aa:f4:2d:71:fa:47:7d:e0:c5:91:8f:
                    e4:ec:be:67:c8:a0:c6:90:64:f3:9c:55:cb:3e:22:
                    0a:b4:80:6e:93:16:4b:06:25:b6:94:3f:be:1a:48:
                    64:0b:18:49:fc:3d:67:d9:44:c5:61:12:7c:ab:d8:
                    e8:77:9d:04:29:b9:59:1d:7f:12:1d:51:66:5d:da:
                    5e:ba:bc:97:b2:c1:d8:77:16:ec:f8:89:87:ad:c8:
                    22:76:ad:d7:a1:7b:37:97:22:e0:1f:f7:03:9b:07:
                    29:dd:47:3c:3a:7d:5a:8d:6a:99:6b:0e:be:f2:af:
                    3a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AB:3D:9D:1B:64:52:97:B8:8D:65:66:E5:04:AB:97:A7:0D:B1:AB
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Lqs9nRtkUpe4jWVm5QSrl6cNsas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0b:15:19:22:03:29:5a:dd:bd:d4:9c:d5:be:56:06:0a:42:
         d3:fb:1f:4c:e3:5a:5b:fc:d6:8c:c1:0b:b3:be:41:d2:87:52:
         ed:30:5f:c9:bc:de:f6:6a:ff:7b:28:f7:89:ba:ae:3e:ae:65:
         e0:04:87:2d:71:ff:bd:45:1f:9d:43:d6:7e:ca:9c:27:7a:2b:
         35:57:cc:2d:84:a5:8f:76:16:f1:3e:4b:f3:eb:76:86:4e:5e:
         59:9b:b6:8f:a7:cf:4d:68:9f:ff:b6:ce:94:ec:18:d6:da:24:
         6a:87:37:a2:c7:9e:13:c4:99:d0:00:68:c6:f5:d4:80:73:59:
         0b:ea:42:15:99:50:81:53:56:61:a2:db:56:79:83:01:ac:36:
         f8:c9:71:8f:58:01:7c:01:90:46:d1:2a:59:9f:45:91:96:4b:
         04:6c:26:41:63:23:52:ea:18:c6:45:73:96:b6:ad:e7:2c:c4:
         db:ba:8b:da:79:17:47:be:25:23:6e:76:c3:02:0e:4b:35:c7:
         b5:f9:c8:15:72:7b:aa:73:5d:a0:fd:93:c4:3e:0a:af:08:3f:
         0b:1f:b8:ed:49:4b:0d:49:39:f9:12:af:28:23:a5:3e:96:bb:
         6e:be:bc:91:79:d4:da:a8:b4:d8:53:6c:6d:2b:4d:66:22:fb:
         90:c5:50:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh9HHuGnBvVVmmiiDTITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWFiM2Q5ZDFiNjQ1Mjk3Yjg4ZDY1NjZlNTA0YWI5N2E3MGRiMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAislHChhM1ObTS1EXgxAxGAepnG+k
tzKKLejeBarMZhVLyPjYar/4O+wigUDUTa4IpjCbmhPca82VoQb1YfqbYuRikm5f
Wp1/4XxUZr+QGOKz6VzP3/PR4V6W58LIi/asT4TpodACucATc9VEaedbl2OULQK9
eqW3Gtadc1FTYzeQJlg7QIIjdHegqvQtcfpHfeDFkY/k7L5nyKDGkGTznFXLPiIK
tIBukxZLBiW2lD++GkhkCxhJ/D1n2UTFYRJ8q9jod50EKblZHX8SHVFmXdpeuryX
ssHYdxbs+ImHrcgidq3XoXs3lyLgH/cDmwcp3Uc8On1ajWqZaw6+8q86+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6rPZ0bZFKXuI1lZuUEq5enDbGrMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTHFzOW5SdGtVcGU0aldWbTVRU3JsNmNOc2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5QGMA0G
CSqGSIb3DQEBCwUAA4IBAQAdCxUZIgMpWt291JzVvlYGCkLT+x9M41pb/NaMwQuz
vkHSh1LtMF/JvN72av97KPeJuq4+rmXgBIctcf+9RR+dQ9Z+ypwneis1V8wthKWP
dhbxPkvz63aGTl5Zm7aPp89NaJ//ts6U7BjW2iRqhzeix54TxJnQAGjG9dSAc1kL
6kIVmVCBU1ZhottWeYMBrDb4yXGPWAF8AZBG0SpZn0WRlksEbCZBYyNS6hjGRXOW
tq3nLMTbuovaeRdHviUjbnbDAg5LNce1+cgVcnuqc12g/ZPEPgqvCD8LH7jtSUsN
STn5Eq8oI6U+lrtuvryRedTaqLTYU2xtK01mIvuQxVBT
-----END CERTIFICATE-----