Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/F-X7vILIbug4XS1gIVruc1T3jfQ.roa
File:                     F-X7vILIbug4XS1gIVruc1T3jfQ.roa (raw, json)
Hash identifier:          WTv+7FT5It0Cz+hQx94uD888+SHdOVv6RkRn0ZVDrGg=
Subject key identifier:   17:E5:FB:BC:82:C8:6E:E8:38:5D:2D:60:21:5A:EE:73:54:F7:8D:F4
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       018CC801AF6AC5065EEF124AE3421CE46DBF
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/F-X7vILIbug4XS1gIVruc1T3jfQ.roa
Signing time:             Tue 02 Jan 2024 02:30:02 +0000
ROA not before:           Tue 02 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58000
IP address blocks:        31.40.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 00:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:af:6a:c5:06:5e:ef:12:4a:e3:42:1c:e4:6d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  2 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17e5fbbc82c86ee8385d2d60215aee7354f78df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bb:1a:0f:f7:c2:5c:ab:ec:57:14:67:38:48:
                    a5:c3:36:95:fb:be:e2:de:78:9b:a1:07:e1:96:35:
                    1a:27:11:08:59:23:bb:03:91:c9:ec:20:31:bd:d3:
                    71:24:73:7b:35:8d:6d:92:f5:27:4d:25:74:a5:2d:
                    e0:dc:17:19:12:c0:9c:43:ea:c0:fc:ba:61:32:f6:
                    e1:7d:87:7c:e5:35:72:d4:8d:f3:b9:09:c9:94:4a:
                    84:21:f2:0a:2c:f2:2e:0a:f5:ba:fe:d2:ed:24:6b:
                    c8:a5:80:1a:25:a8:e6:4e:58:36:67:b5:fb:1a:41:
                    c5:d6:77:bb:83:24:40:a8:e2:96:05:59:8c:bb:9d:
                    28:51:35:ee:aa:ff:06:6a:05:ef:55:73:66:b4:b3:
                    6e:c0:af:91:f1:53:1a:d0:83:4a:39:7e:3a:1f:3d:
                    5f:b3:2b:b2:74:e3:b5:d2:7a:f8:4f:f6:da:c2:23:
                    cd:40:c9:09:5c:5d:dc:98:c3:c7:53:5c:0c:76:df:
                    b9:ed:42:57:71:eb:c8:92:2d:fb:a9:e5:da:bc:69:
                    b9:d9:71:26:e2:1b:46:04:f5:b1:cb:ee:f0:22:84:
                    ea:88:ac:10:43:4e:00:4b:66:7e:71:c0:53:b8:6b:
                    0f:7a:5b:65:90:48:ff:15:a4:ca:65:ae:e0:a3:89:
                    e6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E5:FB:BC:82:C8:6E:E8:38:5D:2D:60:21:5A:EE:73:54:F7:8D:F4
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/F-X7vILIbug4XS1gIVruc1T3jfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e6:fc:1b:03:2a:f4:55:57:3b:cc:3f:7e:e8:a5:e9:8b:af:
         4b:bc:8c:f2:d4:1e:01:db:9a:d6:c6:23:e9:f4:aa:ab:c6:32:
         d5:95:a2:ae:fd:32:7a:d8:df:ac:a9:5e:e9:04:b7:03:ac:d0:
         ef:77:57:6f:63:bb:2d:b0:34:8d:58:34:36:36:a7:0a:83:c1:
         6a:10:a0:96:83:59:a6:57:a4:4b:3f:7c:36:92:24:00:a8:3c:
         e0:7b:c8:eb:e1:32:5b:27:53:f7:92:6c:1c:dd:ab:57:d4:f5:
         d6:a0:9f:bb:db:18:9f:33:6a:38:60:0b:6c:f5:b1:c0:d4:3b:
         6d:d0:5d:fc:b8:9c:35:3d:76:da:9c:79:11:fa:e8:c2:d3:99:
         21:1c:6d:39:a7:fb:28:ec:27:ba:a1:27:66:28:56:0a:e8:5d:
         d8:64:3e:38:19:c5:6b:cc:03:c6:43:4a:b5:8e:e0:54:d8:42:
         c4:85:5b:3a:39:84:9f:ff:76:70:a1:2b:2b:6e:5c:96:30:49:
         61:c2:f0:c3:c5:bb:b4:09:cc:d2:ca:90:bd:7b:47:0a:ba:81:
         ae:d3:91:72:a4:41:c5:82:9f:2c:57:49:cd:7e:5d:c1:95:f1:
         4d:ae:0a:ba:f7:2a:27:44:7b:47:7e:da:3c:b0:88:97:47:17:
         86:e1:31:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAa9qxQZe7xJK40Ic5G2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjQwMTAyMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U1ZmJiYzgyYzg2ZWU4Mzg1ZDJkNjAyMTVhZWU3MzU0Zjc4ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbsaD/fCXKvsVxRnOEilwzaV+77i
3niboQfhljUaJxEIWSO7A5HJ7CAxvdNxJHN7NY1tkvUnTSV0pS3g3BcZEsCcQ+rA
/LphMvbhfYd85TVy1I3zuQnJlEqEIfIKLPIuCvW6/tLtJGvIpYAaJajmTlg2Z7X7
GkHF1ne7gyRAqOKWBVmMu50oUTXuqv8GagXvVXNmtLNuwK+R8VMa0INKOX46Hz1f
syuydOO10nr4T/bawiPNQMkJXF3cmMPHU1wMdt+57UJXcevIki37qeXavGm52XEm
4htGBPWxy+7wIoTqiKwQQ04AS2Z+ccBTuGsPeltlkEj/FaTKZa7go4nmiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfl+7yCyG7oOF0tYCFa7nNU9430MB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvRi1YN3ZJTElidWc0WFMxZ0lWcnVjMVQzamZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyiHMA0G
CSqGSIb3DQEBCwUAA4IBAQBI5vwbAyr0VVc7zD9+6KXpi69LvIzy1B4B25rWxiPp
9KqrxjLVlaKu/TJ62N+sqV7pBLcDrNDvd1dvY7stsDSNWDQ2NqcKg8FqEKCWg1mm
V6RLP3w2kiQAqDzge8jr4TJbJ1P3kmwc3atX1PXWoJ+72xifM2o4YAts9bHA1Dtt
0F38uJw1PXbanHkR+ujC05khHG05p/so7Ce6oSdmKFYK6F3YZD44GcVrzAPGQ0q1
juBU2ELEhVs6OYSf/3ZwoSsrblyWMElhwvDDxbu0CczSypC9e0cKuoGu05FypEHF
gp8sV0nNfl3BlfFNrgq69yonRHtHfto8sIiXRxeG4TH3
-----END CERTIFICATE-----