Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/qoqnzEgXNZEznyZMDTxHr0kovJ4.roa
File:                     qoqnzEgXNZEznyZMDTxHr0kovJ4.roa (raw, json)
Hash identifier:          qQ/dWvYXKPbX7Nz1E4iHq6eo8QKMNbpPsLUPn3nEOHE=
Subject key identifier:   AA:8A:A7:CC:48:17:35:91:33:9F:26:4C:0D:3C:47:AF:49:28:BC:9E
Certificate issuer:       /CN=614e19a2275816a28e5e80c8f9a28cc5a1d9c0d5
Certificate serial:       018E312AB11817C0A3526ED139C42687C46F
Authority key identifier: 61:4E:19:A2:27:58:16:A2:8E:5E:80:C8:F9:A2:8C:C5:A1:D9:C0:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/qoqnzEgXNZEznyZMDTxHr0kovJ4.roa
Signing time:             Tue 12 Mar 2024 05:37:45 +0000
ROA not before:           Tue 12 Mar 2024 05:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216335
IP address blocks:        37.157.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:2a:b1:18:17:c0:a3:52:6e:d1:39:c4:26:87:c4:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614e19a2275816a28e5e80c8f9a28cc5a1d9c0d5
        Validity
            Not Before: Mar 12 05:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa8aa7cc48173591339f264c0d3c47af4928bc9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:31:31:b8:56:d1:bf:ca:5a:d5:fb:19:fb:40:
                    39:76:e9:89:4d:b7:6e:2e:ad:45:65:44:41:47:03:
                    82:d5:14:9a:b8:17:41:35:b5:28:09:c7:7e:d9:75:
                    53:70:e3:55:9a:35:27:df:84:3f:c0:2b:27:d6:d6:
                    74:51:5a:15:b6:15:63:74:66:a8:00:8c:dc:d4:c5:
                    df:fd:df:c7:6d:2b:9f:74:0a:e4:fb:57:92:00:d2:
                    83:a5:fa:78:81:b1:56:27:46:ba:bd:6a:8c:7b:f5:
                    fe:c6:f5:c3:91:b9:63:39:12:ff:da:54:13:9b:86:
                    0a:12:37:ac:f8:f0:88:fb:47:4e:48:b9:84:43:9e:
                    eb:4a:5d:8c:72:fc:f2:06:17:6b:35:7b:0c:11:ec:
                    20:73:c9:32:cc:d1:73:b5:35:d2:75:72:3d:6e:20:
                    b7:49:4e:e2:60:fb:ec:29:5c:f2:70:25:48:0f:91:
                    bd:86:0c:ca:41:78:f2:c3:9e:2e:ef:79:ec:20:50:
                    be:fa:0b:3b:d3:34:77:b5:27:e5:aa:03:42:64:59:
                    bc:c8:e9:49:aa:86:79:1e:c6:2d:21:16:79:c5:fa:
                    13:a8:80:d0:5d:97:ce:62:f3:1d:b1:87:48:3a:f9:
                    3b:c8:ed:cd:78:d6:d6:68:95:38:3d:5c:2b:c2:48:
                    d1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8A:A7:CC:48:17:35:91:33:9F:26:4C:0D:3C:47:AF:49:28:BC:9E
            X509v3 Authority Key Identifier:
                keyid:61:4E:19:A2:27:58:16:A2:8E:5E:80:C8:F9:A2:8C:C5:A1:D9:C0:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YU4ZoidYFqKOXoDI-aKMxaHZwNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/qoqnzEgXNZEznyZMDTxHr0kovJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e58e27-cafd-417c-95d0-870544caafab/1/YU4ZoidYFqKOXoDI-aKMxaHZwNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:bf:cc:67:6a:08:bc:19:53:a0:7c:c4:dd:cd:77:d7:89:58:
         69:36:5f:44:37:19:75:45:27:27:6f:81:9d:e9:2d:b0:24:b9:
         5c:6b:7e:24:04:90:f4:bc:29:e4:eb:ef:b6:55:21:2f:be:fb:
         37:02:ad:94:ba:3f:b8:f9:96:09:ea:87:f5:3a:10:a1:c4:99:
         6c:20:b6:b3:12:86:b2:0b:1f:82:65:48:43:a9:49:a5:7b:ce:
         00:9a:6a:c3:c8:01:83:50:9b:bc:be:c7:63:c4:54:d0:e5:5e:
         cc:ee:93:c5:3c:e6:d4:be:1c:0c:24:bf:58:33:db:fa:f0:f5:
         81:f7:d4:df:5c:86:cf:2c:8f:4b:d5:14:ec:c0:16:99:a3:67:
         5b:3c:c2:fe:8e:7a:ec:18:a6:68:cc:43:21:56:64:2a:00:cd:
         5c:d0:3e:1f:71:b9:5e:0c:45:e7:1a:9a:d4:fa:5a:ba:14:b5:
         48:9c:c1:f5:d2:87:c6:c3:34:75:0c:1f:3a:64:70:5d:27:8e:
         e8:e5:b8:05:e7:13:47:de:a7:17:00:62:a6:ce:8c:25:5f:e1:
         cf:d5:e9:ff:1c:a1:97:d9:5d:f5:af:0d:d6:7a:78:6f:10:78:
         81:0d:1b:39:0f:79:d9:61:2d:e0:28:93:04:17:01:3e:1d:f7:
         a2:fc:73:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4xKrEYF8CjUm7ROcQmh8RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGUxOWEyMjc1ODE2YTI4ZTVlODBjOGY5YTI4Y2M1YTFk
OWMwZDUwHhcNMjQwMzEyMDUzNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThhYTdjYzQ4MTczNTkxMzM5ZjI2NGMwZDNjNDdhZjQ5MjhiYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzExuFbRv8pa1fsZ+0A5dumJTbdu
Lq1FZURBRwOC1RSauBdBNbUoCcd+2XVTcONVmjUn34Q/wCsn1tZ0UVoVthVjdGao
AIzc1MXf/d/HbSufdArk+1eSANKDpfp4gbFWJ0a6vWqMe/X+xvXDkbljORL/2lQT
m4YKEjes+PCI+0dOSLmEQ57rSl2McvzyBhdrNXsMEewgc8kyzNFztTXSdXI9biC3
SU7iYPvsKVzycCVID5G9hgzKQXjyw54u73nsIFC++gs70zR3tSflqgNCZFm8yOlJ
qoZ5HsYtIRZ5xfoTqIDQXZfOYvMdsYdIOvk7yO3NeNbWaJU4PVwrwkjRzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqKp8xIFzWRM58mTA08R69JKLyeMB8GA1UdIwQY
MBaAFGFOGaInWBaijl6AyPmijMWh2cDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVU0Wm9pZFlGcUtPWG9ESS1hS014YUhad05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lNThlMjctY2FmZC00MTdjLTk1ZDAt
ODcwNTQ0Y2FhZmFiLzEvcW9xbnpFZ1hOWkV6bnlaTURUeEhyMGtvdko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lNThlMjctY2FmZC00MTdjLTk1ZDAtODcwNTQ0Y2FhZmFi
LzEvWVU0Wm9pZFlGcUtPWG9ESS1hS014YUhad05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ0fMA0G
CSqGSIb3DQEBCwUAA4IBAQDCv8xnagi8GVOgfMTdzXfXiVhpNl9ENxl1RScnb4Gd
6S2wJLlca34kBJD0vCnk6++2VSEvvvs3Aq2Uuj+4+ZYJ6of1OhChxJlsILazEoay
Cx+CZUhDqUmle84AmmrDyAGDUJu8vsdjxFTQ5V7M7pPFPObUvhwMJL9YM9v68PWB
99TfXIbPLI9L1RTswBaZo2dbPML+jnrsGKZozEMhVmQqAM1c0D4fcbleDEXnGprU
+lq6FLVInMH10ofGwzR1DB86ZHBdJ47o5bgF5xNH3qcXAGKmzowlX+HP1en/HKGX
2V31rw3WenhvEHiBDRs5D3nZYS3gKJMEFwE+Hfei/HNy
-----END CERTIFICATE-----