Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/0qrDFNO_JGfHrubWypY4XHAaPY8.roa
File:                     0qrDFNO_JGfHrubWypY4XHAaPY8.roa (raw, json)
Hash identifier:          +FRgXZ1LvCv6lPkboOvlciLj/ub6zEc2osSdbCKD+sc=
Subject key identifier:   D2:AA:C3:14:D3:BF:24:67:C7:AE:E6:D6:CA:96:38:5C:70:1A:3D:8F
Certificate issuer:       /CN=3aed80118022ff10eeea5ecb38050035aee0eac7
Certificate serial:       018D183F8162695A1E47A6E2461CE6A48813
Authority key identifier: 3A:ED:80:11:80:22:FF:10:EE:EA:5E:CB:38:05:00:35:AE:E0:EA:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/0qrDFNO_JGfHrubWypY4XHAaPY8.roa
Signing time:             Wed 17 Jan 2024 16:27:11 +0000
ROA not before:           Wed 17 Jan 2024 16:27:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47721
IP address blocks:        31.24.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:3f:81:62:69:5a:1e:47:a6:e2:46:1c:e6:a4:88:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aed80118022ff10eeea5ecb38050035aee0eac7
        Validity
            Not Before: Jan 17 16:27:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2aac314d3bf2467c7aee6d6ca96385c701a3d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b5:d7:65:b5:a0:1f:7c:7b:ae:c6:2f:f7:e3:
                    07:f6:13:45:70:b5:e3:dd:79:85:e7:3b:fa:97:1c:
                    81:53:48:61:d2:61:f3:56:6d:61:33:b1:15:8c:21:
                    2d:a5:75:fd:db:7e:85:75:44:ab:a5:39:45:9c:7b:
                    42:5b:21:ef:b0:14:16:88:6f:56:4b:f9:f4:40:61:
                    b1:4c:08:19:74:fe:4a:d2:78:a9:91:be:b7:8c:94:
                    3a:23:a7:7b:2a:b1:c1:f7:a7:21:89:09:b1:7f:ad:
                    69:e6:68:7c:2f:a7:c8:c6:0e:9c:fa:cb:3a:41:20:
                    aa:9b:2a:e4:bb:f3:ba:da:1a:78:06:f9:4a:39:d7:
                    14:99:92:36:bf:7a:b5:a2:66:73:45:3d:5b:86:cd:
                    5f:59:b5:a7:0a:85:5b:83:5e:0d:d8:af:ab:2d:3b:
                    55:19:a5:ff:02:11:73:a3:f7:ed:99:e6:3e:4e:f1:
                    b7:f7:68:fa:d0:b7:c3:86:15:4b:65:d4:44:22:c5:
                    ee:68:60:18:c7:27:c2:7e:e8:d1:4a:9b:57:f6:ed:
                    d8:b8:41:7e:c7:c3:f4:f1:91:87:e6:ad:84:9f:fc:
                    30:f6:ed:0b:04:b9:d3:64:d7:ed:f7:08:7e:3d:2c:
                    27:e9:be:6e:87:0c:9b:85:06:b9:3f:73:77:d0:70:
                    77:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:AA:C3:14:D3:BF:24:67:C7:AE:E6:D6:CA:96:38:5C:70:1A:3D:8F
            X509v3 Authority Key Identifier:
                keyid:3A:ED:80:11:80:22:FF:10:EE:EA:5E:CB:38:05:00:35:AE:E0:EA:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/0qrDFNO_JGfHrubWypY4XHAaPY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:77:31:93:09:3f:cf:d9:78:ff:61:94:03:87:ff:7e:a2:77:
         f3:a2:72:b9:dc:b1:e2:97:a6:d8:7b:15:42:00:71:c5:9f:94:
         62:d6:31:40:1c:f6:f1:bb:84:78:c3:40:dd:73:8f:14:ad:eb:
         6c:cb:32:12:22:94:43:f8:54:7b:be:97:a2:ca:6b:6d:b3:0c:
         e1:88:11:23:6f:d9:9e:78:89:9d:2b:28:f1:28:45:ec:d4:43:
         9e:e0:86:d1:f8:5d:5b:b0:7c:96:b6:c9:d4:0a:83:7e:0b:c1:
         4b:df:bd:93:d1:7a:e1:ba:86:ad:77:96:23:4e:0e:e9:de:4a:
         93:0a:06:06:c6:8e:6d:0e:73:c9:2e:64:3b:24:8c:b5:a7:d4:
         70:06:41:27:53:b8:7f:38:d5:23:a9:ac:6b:9a:b9:98:bf:c8:
         a8:0b:1c:01:a3:d7:a4:38:b6:9e:c8:43:7f:1b:d0:83:bc:6a:
         24:20:6f:f3:cd:fc:8b:f0:8b:49:3c:75:6f:30:39:dc:c3:30:
         9e:df:a7:97:64:b4:2c:de:c9:70:a0:13:42:30:8a:67:21:8a:
         b6:56:5c:e0:91:26:a2:30:69:f2:f2:e1:98:d1:84:e0:48:5c:
         4e:1f:b3:af:b7:c3:ca:23:37:4a:80:9e:36:44:fc:1c:19:26:
         61:d6:08:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0YP4FiaVoeR6biRhzmpIgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZWQ4MDExODAyMmZmMTBlZWVhNWVjYjM4MDUwMDM1YWVl
MGVhYzcwHhcNMjQwMTE3MTYyNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmFhYzMxNGQzYmYyNDY3YzdhZWU2ZDZjYTk2Mzg1YzcwMWEzZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLXXZbWgH3x7rsYv9+MH9hNFcLXj
3XmF5zv6lxyBU0hh0mHzVm1hM7EVjCEtpXX9236FdUSrpTlFnHtCWyHvsBQWiG9W
S/n0QGGxTAgZdP5K0nipkb63jJQ6I6d7KrHB96chiQmxf61p5mh8L6fIxg6c+ss6
QSCqmyrku/O62hp4BvlKOdcUmZI2v3q1omZzRT1bhs1fWbWnCoVbg14N2K+rLTtV
GaX/AhFzo/ftmeY+TvG392j60LfDhhVLZdREIsXuaGAYxyfCfujRSptX9u3YuEF+
x8P08ZGH5q2En/ww9u0LBLnTZNft9wh+PSwn6b5uhwybhQa5P3N30HB3CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKqwxTTvyRnx67m1sqWOFxwGj2PMB8GA1UdIwQY
MBaAFDrtgBGAIv8Q7upeyzgFADWu4OrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3UyQUVZQWlfeER1Nmw3TE9BVUFOYTdnNnNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NDY2Y2ItYjMyNi00YjE3LWJiYTQt
M2M3ZWM4MjI4MDk5LzEvMHFyREZOT19KR2ZIcnViV3lwWTRYSEFhUFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NDY2Y2ItYjMyNi00YjE3LWJiYTQtM2M3ZWM4MjI4MDk5
LzEvT3UyQUVZQWlfeER1Nmw3TE9BVUFOYTdnNnNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxhSMA0G
CSqGSIb3DQEBCwUAA4IBAQCCdzGTCT/P2Xj/YZQDh/9+onfzonK53LHil6bYexVC
AHHFn5Ri1jFAHPbxu4R4w0Ddc48UretsyzISIpRD+FR7vpeiymttswzhiBEjb9me
eImdKyjxKEXs1EOe4IbR+F1bsHyWtsnUCoN+C8FL372T0Xrhuoatd5YjTg7p3kqT
CgYGxo5tDnPJLmQ7JIy1p9RwBkEnU7h/ONUjqaxrmrmYv8ioCxwBo9ekOLaeyEN/
G9CDvGokIG/zzfyL8ItJPHVvMDncwzCe36eXZLQs3slwoBNCMIpnIYq2VlzgkSai
MGny8uGY0YTgSFxOH7Ovt8PKIzdKgJ42RPwcGSZh1gj6
-----END CERTIFICATE-----