Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/6lS6x4Bv4zk3kNuviP7JXaD8N-8.roa
File:                     6lS6x4Bv4zk3kNuviP7JXaD8N-8.roa (raw, json)
Hash identifier:          IE4Zw9aMH+DR6CKDo2WAUU3hejYi3taCq6Y9Yi7+MsQ=
Subject key identifier:   EA:54:BA:C7:80:6F:E3:39:37:90:DB:AF:88:FE:C9:5D:A0:FC:37:EF
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       018CC801AEF14A13C926E553F3D0DFC6E7B4
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/6lS6x4Bv4zk3kNuviP7JXaD8N-8.roa
Signing time:             Tue 02 Jan 2024 02:30:02 +0000
ROA not before:           Tue 02 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48882
IP address blocks:        31.40.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ae:f1:4a:13:c9:26:e5:53:f3:d0:df:c6:e7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  2 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea54bac7806fe3393790dbaf88fec95da0fc37ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:87:92:30:7a:e1:74:c2:f1:14:29:e1:72:a5:
                    5b:3b:48:f5:1e:74:d3:12:ba:73:d6:38:e9:8f:c1:
                    79:f3:61:b5:37:18:77:4e:36:94:20:55:1d:c9:61:
                    c6:6f:e1:86:0a:03:ae:f2:a0:b8:cb:c2:2b:b9:66:
                    c7:de:40:47:91:85:10:00:41:0c:00:7c:0b:21:2f:
                    31:b2:8d:fb:35:a6:02:2c:59:85:6c:c5:28:01:8f:
                    ce:6b:bb:1f:35:29:1d:69:1f:f8:f0:9a:22:39:43:
                    9f:3d:45:04:4e:f9:1b:3e:00:0f:20:51:2b:53:e6:
                    37:66:93:40:bb:ae:dc:22:be:35:7b:be:c5:e2:26:
                    a4:30:f5:e3:eb:45:47:73:7a:fb:a9:c7:e4:cb:57:
                    01:b8:fd:7b:cb:8c:fb:f6:99:d8:bb:3b:3f:e9:15:
                    8b:2f:f5:57:2c:ec:52:1d:13:d2:57:1d:17:31:8b:
                    c9:bb:e2:53:81:93:0c:fd:90:b7:ed:b4:e7:a9:dc:
                    b7:67:07:e3:d3:b9:ca:7b:64:54:b7:e5:4e:a1:52:
                    94:42:3f:a5:02:52:90:b0:f7:f9:d0:3e:5c:a8:49:
                    b5:f6:79:3f:20:66:26:81:89:44:27:f0:cb:b5:f7:
                    ec:81:fe:84:13:d0:10:b3:e5:d7:46:81:19:88:d6:
                    b8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:54:BA:C7:80:6F:E3:39:37:90:DB:AF:88:FE:C9:5D:A0:FC:37:EF
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/6lS6x4Bv4zk3kNuviP7JXaD8N-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:3a:e7:02:44:07:68:ac:9b:b2:3a:23:a9:88:43:4d:75:08:
         10:a8:f3:94:df:e8:f4:b0:26:e6:97:97:42:ea:24:1b:2b:e2:
         8d:48:27:9e:d3:50:ad:a1:b5:e8:78:9b:d0:9f:91:52:b8:6e:
         7f:a1:57:2a:11:f5:92:e1:bf:b5:9b:46:29:02:75:f4:1f:5b:
         7a:84:c5:18:b0:6e:e4:b8:c8:c8:4f:73:6b:cc:2c:c5:3f:13:
         0b:83:80:ed:36:b2:bb:25:85:e2:04:3a:35:1b:55:2d:03:25:
         f6:b7:78:8c:6e:cf:4d:7b:82:c5:c7:4d:0d:44:ea:3a:11:3d:
         76:fe:01:93:b2:ed:30:fc:25:f9:b9:63:b0:76:f3:ee:9f:4a:
         c7:4b:c6:fd:e3:f7:f2:07:ce:9e:a5:fe:16:33:69:b0:f2:38:
         f2:c6:1f:e8:79:56:f8:5f:26:5a:36:95:a4:da:d2:f7:12:67:
         1c:6a:44:56:40:b3:0c:22:a4:7c:9c:b9:33:7f:8c:8d:61:ff:
         9c:e1:50:06:1b:38:da:4a:c5:39:64:27:e4:5c:50:cd:ab:fd:
         c0:ca:c0:79:ae:b0:5f:bd:ff:1a:10:3f:dd:32:be:ab:83:d0:
         76:55:42:3c:a0:31:ad:7d:9e:42:7c:ea:76:1d:df:17:3e:86:
         f7:4d:9a:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAa7xShPJJuVT89Dfxue0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjQwMTAyMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTU0YmFjNzgwNmZlMzM5Mzc5MGRiYWY4OGZlYzk1ZGEwZmMzN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIeSMHrhdMLxFCnhcqVbO0j1HnTT
Erpz1jjpj8F582G1Nxh3TjaUIFUdyWHGb+GGCgOu8qC4y8IruWbH3kBHkYUQAEEM
AHwLIS8xso37NaYCLFmFbMUoAY/Oa7sfNSkdaR/48JoiOUOfPUUETvkbPgAPIFEr
U+Y3ZpNAu67cIr41e77F4iakMPXj60VHc3r7qcfky1cBuP17y4z79pnYuzs/6RWL
L/VXLOxSHRPSVx0XMYvJu+JTgZMM/ZC37bTnqdy3Zwfj07nKe2RUt+VOoVKUQj+l
AlKQsPf50D5cqEm19nk/IGYmgYlEJ/DLtffsgf6EE9AQs+XXRoEZiNa4KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpUuseAb+M5N5Dbr4j+yV2g/DfvMB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvNmxTNng0QnY0emsza051dmlQN0pYYUQ4Ti04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyicMA0G
CSqGSIb3DQEBCwUAA4IBAQBnOucCRAdorJuyOiOpiENNdQgQqPOU3+j0sCbml5dC
6iQbK+KNSCee01CtobXoeJvQn5FSuG5/oVcqEfWS4b+1m0YpAnX0H1t6hMUYsG7k
uMjIT3NrzCzFPxMLg4DtNrK7JYXiBDo1G1UtAyX2t3iMbs9Ne4LFx00NROo6ET12
/gGTsu0w/CX5uWOwdvPun0rHS8b94/fyB86epf4WM2mw8jjyxh/oeVb4XyZaNpWk
2tL3EmccakRWQLMMIqR8nLkzf4yNYf+c4VAGGzjaSsU5ZCfkXFDNq/3AysB5rrBf
vf8aED/dMr6rg9B2VUI8oDGtfZ5CfOp2Hd8XPob3TZrs
-----END CERTIFICATE-----