Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/VQ_1hCEM8uI1fJXZ1W9NXYMbY-g.roa
File:                     VQ_1hCEM8uI1fJXZ1W9NXYMbY-g.roa (raw, json)
Hash identifier:          lJHSQTMiQkxkUNScuPD4/GvgeatUmXMWSsOu/0OPq1o=
Subject key identifier:   55:0F:F5:84:21:0C:F2:E2:35:7C:95:D9:D5:6F:4D:5D:83:1B:63:E8
Certificate issuer:       /CN=3aed80118022ff10eeea5ecb38050035aee0eac7
Certificate serial:       018D18AB89696D24022BFABA7A2F60ECE74A
Authority key identifier: 3A:ED:80:11:80:22:FF:10:EE:EA:5E:CB:38:05:00:35:AE:E0:EA:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/VQ_1hCEM8uI1fJXZ1W9NXYMbY-g.roa
Signing time:             Wed 17 Jan 2024 18:25:11 +0000
ROA not before:           Wed 17 Jan 2024 18:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20454
IP address blocks:        31.24.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:ab:89:69:6d:24:02:2b:fa:ba:7a:2f:60:ec:e7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aed80118022ff10eeea5ecb38050035aee0eac7
        Validity
            Not Before: Jan 17 18:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550ff584210cf2e2357c95d9d56f4d5d831b63e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ec:b7:91:9e:11:03:aa:1e:b8:01:a0:8e:ee:
                    a7:38:db:95:90:cf:37:27:b0:53:db:a2:00:e1:14:
                    05:18:ff:f9:6d:dd:fd:f7:5f:9e:91:bf:00:6c:07:
                    a8:59:74:e6:9c:aa:05:9e:15:2d:79:60:be:c4:75:
                    29:79:b4:17:d6:1c:76:b0:cd:03:ad:51:ad:e0:bf:
                    86:69:36:d1:6e:05:1d:9d:ca:10:71:dc:4a:e3:c0:
                    d5:6e:c9:bc:34:10:ee:1a:94:8a:3c:8d:e5:e6:be:
                    c6:28:76:fe:af:85:ef:f4:5d:8d:29:97:e2:29:ff:
                    84:bc:b3:24:9d:7c:22:87:ec:dc:49:19:23:fe:0f:
                    b2:2d:a4:48:ed:0a:a8:f6:7b:8d:11:b6:dc:83:b3:
                    64:61:fc:fc:6c:ee:9d:aa:a4:a9:93:8a:58:48:fb:
                    c0:19:27:b3:77:f3:af:b7:54:59:4d:d6:d4:36:0f:
                    09:74:4a:82:5c:a3:54:bb:5f:d4:1a:c3:ec:e0:0e:
                    82:3c:54:76:bc:82:cb:00:86:35:e3:26:3e:7a:9e:
                    8d:12:c2:a7:b0:26:f4:ce:ef:8d:12:e4:e0:3e:b7:
                    22:3c:95:b3:61:eb:09:d2:a0:f6:57:d1:20:57:2a:
                    2f:aa:b5:2c:b1:7c:94:a3:5f:df:63:8d:8d:ac:9c:
                    f5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0F:F5:84:21:0C:F2:E2:35:7C:95:D9:D5:6F:4D:5D:83:1B:63:E8
            X509v3 Authority Key Identifier:
                keyid:3A:ED:80:11:80:22:FF:10:EE:EA:5E:CB:38:05:00:35:AE:E0:EA:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ou2AEYAi_xDu6l7LOAUANa7g6sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/VQ_1hCEM8uI1fJXZ1W9NXYMbY-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9466cb-b326-4b17-bba4-3c7ec8228099/1/Ou2AEYAi_xDu6l7LOAUANa7g6sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:4c:76:ad:20:04:1b:36:f7:f3:8a:9d:b9:9d:23:28:70:
         b0:50:9e:b3:7b:2b:6f:9f:9e:33:43:21:49:70:ec:18:c6:b0:
         44:9a:2e:b7:e7:ce:05:be:a2:e4:0f:f2:f7:7f:62:f0:2a:1f:
         1e:b8:46:e1:a3:94:7f:7b:05:83:5a:b0:9a:1d:f4:55:f9:aa:
         d5:bd:58:5a:b8:d5:df:db:77:ba:60:ad:03:c1:9c:94:3c:2c:
         d2:ec:a5:ce:3a:c5:0c:5f:5e:ff:57:dc:01:9f:76:02:bb:a6:
         bc:36:56:af:32:4b:c5:15:56:80:11:ef:d8:60:89:1d:36:24:
         29:bd:98:c7:d6:1d:c0:c3:d7:4a:01:0f:c0:86:82:52:a3:52:
         e7:1a:66:0e:b7:b1:61:38:fc:ee:9f:b2:92:1c:9d:a5:9b:20:
         82:2e:5d:50:c4:fb:66:a2:d5:8d:12:f8:0b:d7:32:f3:a5:74:
         1f:e1:7a:09:0d:91:c8:7d:b9:70:4c:e4:07:8f:0e:de:34:0d:
         97:5c:5a:44:49:a5:fe:2e:24:c2:8b:7d:82:b1:82:18:fc:b7:
         e3:6e:a2:5f:ce:64:3d:58:57:1d:13:b6:f1:1b:de:c1:31:7a:
         5c:99:18:b5:1b:a3:69:d0:ac:98:41:32:60:11:4e:7c:1b:2c:
         c7:67:eb:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0Yq4lpbSQCK/q6ei9g7OdKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZWQ4MDExODAyMmZmMTBlZWVhNWVjYjM4MDUwMDM1YWVl
MGVhYzcwHhcNMjQwMTE3MTgyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBmZjU4NDIxMGNmMmUyMzU3Yzk1ZDlkNTZmNGQ1ZDgzMWI2M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOy3kZ4RA6oeuAGgju6nONuVkM83
J7BT26IA4RQFGP/5bd3991+ekb8AbAeoWXTmnKoFnhUteWC+xHUpebQX1hx2sM0D
rVGt4L+GaTbRbgUdncoQcdxK48DVbsm8NBDuGpSKPI3l5r7GKHb+r4Xv9F2NKZfi
Kf+EvLMknXwih+zcSRkj/g+yLaRI7Qqo9nuNEbbcg7NkYfz8bO6dqqSpk4pYSPvA
GSezd/Ovt1RZTdbUNg8JdEqCXKNUu1/UGsPs4A6CPFR2vILLAIY14yY+ep6NEsKn
sCb0zu+NEuTgPrciPJWzYesJ0qD2V9EgVyovqrUssXyUo1/fY42NrJz1iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUP9YQhDPLiNXyV2dVvTV2DG2PoMB8GA1UdIwQY
MBaAFDrtgBGAIv8Q7upeyzgFADWu4OrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3UyQUVZQWlfeER1Nmw3TE9BVUFOYTdnNnNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NDY2Y2ItYjMyNi00YjE3LWJiYTQt
M2M3ZWM4MjI4MDk5LzEvVlFfMWhDRU04dUkxZkpYWjFXOU5YWU1iWS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NDY2Y2ItYjMyNi00YjE3LWJiYTQtM2M3ZWM4MjI4MDk5
LzEvT3UyQUVZQWlfeER1Nmw3TE9BVUFOYTdnNnNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxhSMA0G
CSqGSIb3DQEBCwUAA4IBAQAF+kx2rSAEGzb384qduZ0jKHCwUJ6zeytvn54zQyFJ
cOwYxrBEmi63584FvqLkD/L3f2LwKh8euEbho5R/ewWDWrCaHfRV+arVvVhauNXf
23e6YK0DwZyUPCzS7KXOOsUMX17/V9wBn3YCu6a8NlavMkvFFVaAEe/YYIkdNiQp
vZjH1h3Aw9dKAQ/AhoJSo1LnGmYOt7FhOPzun7KSHJ2lmyCCLl1QxPtmotWNEvgL
1zLzpXQf4XoJDZHIfblwTOQHjw7eNA2XXFpESaX+LiTCi32CsYIY/LfjbqJfzmQ9
WFcdE7bxG97BMXpcmRi1G6Np0KyYQTJgEU58GyzHZ+vC
-----END CERTIFICATE-----