Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/m0lDdky0RZqsE7aILPGM-vvFfgE.roa
File:                     m0lDdky0RZqsE7aILPGM-vvFfgE.roa (raw, json)
Hash identifier:          GRPeOFM21tf7nECIRUGauXT4/xW9Y6vKsBajtrPDRvE=
Subject key identifier:   9B:49:43:76:4C:B4:45:9A:AC:13:B6:88:2C:F1:8C:FA:FB:C5:7E:01
Certificate issuer:       /CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
Certificate serial:       018CC500699A8C2A805B0CD0ACEE775E7D4C
Authority key identifier: A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/m0lDdky0RZqsE7aILPGM-vvFfgE.roa
Signing time:             Mon 01 Jan 2024 12:29:47 +0000
ROA not before:           Mon 01 Jan 2024 12:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.31.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:69:9a:8c:2a:80:5b:0c:d0:ac:ee:77:5e:7d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
        Validity
            Not Before: Jan  1 12:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b4943764cb4459aac13b6882cf18cfafbc57e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:70:e5:7f:96:c5:27:26:a0:f5:c2:9e:30:bd:
                    3f:9c:b4:20:3d:35:66:e7:97:48:ab:3c:66:48:3a:
                    17:b6:47:f7:36:c5:30:9c:37:fd:3a:29:dd:46:73:
                    13:ec:49:c2:75:0d:d1:47:f4:d6:53:dc:cf:37:ca:
                    73:65:40:4c:d5:1c:2c:5d:ee:be:7f:d5:6c:b7:60:
                    cb:8c:cd:28:66:78:2b:bd:e4:9b:0a:5d:75:34:68:
                    d5:0b:db:50:82:ef:1c:a0:42:19:33:91:5b:69:62:
                    11:5b:46:a3:4d:39:62:d4:aa:e1:ca:33:5f:58:2f:
                    86:9d:9c:cc:ef:16:5c:d0:3c:4b:12:ed:30:44:64:
                    3a:0b:db:cf:bd:50:10:28:88:ac:fa:ed:aa:f0:75:
                    48:10:bf:42:60:1b:28:4f:a6:59:4c:dd:99:e1:4e:
                    7e:85:48:8b:13:46:5b:12:82:9a:a1:23:13:7b:14:
                    20:65:b5:db:d3:16:4f:9a:aa:45:4f:75:e3:7e:fa:
                    51:e5:8a:1f:d3:e7:0f:e1:12:d3:16:57:4f:f3:f6:
                    32:ad:15:ce:81:50:dc:31:72:58:fa:d0:ef:74:70:
                    5a:78:bb:58:e5:0e:90:81:7e:6a:1f:57:d3:ab:fe:
                    f5:92:2c:66:39:b5:a7:6e:a9:17:1d:56:6f:6e:72:
                    88:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:49:43:76:4C:B4:45:9A:AC:13:B6:88:2C:F1:8C:FA:FB:C5:7E:01
            X509v3 Authority Key Identifier:
                keyid:A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/m0lDdky0RZqsE7aILPGM-vvFfgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:72:c0:b3:e8:e8:e2:6a:1a:36:cc:98:fc:49:e8:45:35:ca:
         5b:2b:78:8a:52:51:28:43:1f:f4:ce:f8:66:d1:42:d6:19:6e:
         e5:a7:25:47:57:76:14:d9:94:54:fc:17:52:09:8a:0a:71:cd:
         1e:d6:61:8b:b5:09:83:fb:6e:d3:ad:1a:76:cd:0f:27:53:1d:
         34:4e:19:50:bc:54:1a:9b:ca:2b:83:be:15:7c:c9:0f:62:03:
         06:c8:a8:69:45:57:21:aa:5a:38:aa:9f:03:f1:ab:81:6c:60:
         6f:e8:29:01:5d:54:08:19:d2:34:1c:f6:7b:a6:b3:db:3e:8d:
         f1:9c:7e:ba:42:60:27:fc:73:8b:d8:73:07:33:6d:b5:0a:25:
         4d:2a:6a:c4:9b:a7:ae:6c:a3:c6:34:07:92:3d:e4:43:58:71:
         ad:76:b3:19:51:ae:99:ab:18:6b:98:1a:93:6f:9f:c5:8f:cf:
         03:1e:6f:06:ca:a1:df:45:ac:d2:95:bf:e8:0a:9c:ff:73:84:
         ff:fc:fe:35:1d:75:d7:f4:c5:48:e7:c8:4b:a9:8b:cd:21:b0:
         cc:71:d2:bc:42:e9:46:07:04:f4:b4:41:a3:e0:37:9d:82:81:
         5a:9f:f1:f9:21:2c:e0:d5:f3:3c:56:01:4f:d7:bd:55:0b:e5:
         d6:9e:00:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGmajCqAWwzQrO53Xn1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OGFkNTQ2ZjFhMGVmOGNmNzVjOTJhNzQ4YmQ1Yzg2MzYy
ZTIwOWIwHhcNMjQwMTAxMTIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQ5NDM3NjRjYjQ0NTlhYWMxM2I2ODgyY2YxOGNmYWZiYzU3ZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Dlf5bFJyag9cKeML0/nLQgPTVm
55dIqzxmSDoXtkf3NsUwnDf9OindRnMT7EnCdQ3RR/TWU9zPN8pzZUBM1RwsXe6+
f9Vst2DLjM0oZngrveSbCl11NGjVC9tQgu8coEIZM5FbaWIRW0ajTTli1KrhyjNf
WC+GnZzM7xZc0DxLEu0wRGQ6C9vPvVAQKIis+u2q8HVIEL9CYBsoT6ZZTN2Z4U5+
hUiLE0ZbEoKaoSMTexQgZbXb0xZPmqpFT3XjfvpR5Yof0+cP4RLTFldP8/YyrRXO
gVDcMXJY+tDvdHBaeLtY5Q6QgX5qH1fTq/71kixmObWnbqkXHVZvbnKIVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtJQ3ZMtEWarBO2iCzxjPr7xX4BMB8GA1UdIwQY
MBaAFKiK1UbxoO+M91ySp0i9XIY2LiCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEt
MThlYjc3OWE2NDk3LzEvbTBsRGRreTBSWnFzRTdhSUxQR00tdnZGZmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEtMThlYjc3OWE2NDk3
LzEvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR9vMA0G
CSqGSIb3DQEBCwUAA4IBAQABcsCz6Ojiaho2zJj8SehFNcpbK3iKUlEoQx/0zvhm
0ULWGW7lpyVHV3YU2ZRU/BdSCYoKcc0e1mGLtQmD+27TrRp2zQ8nUx00ThlQvFQa
m8org74VfMkPYgMGyKhpRVchqlo4qp8D8auBbGBv6CkBXVQIGdI0HPZ7prPbPo3x
nH66QmAn/HOL2HMHM221CiVNKmrEm6eubKPGNAeSPeRDWHGtdrMZUa6ZqxhrmBqT
b5/Fj88DHm8GyqHfRazSlb/oCpz/c4T//P41HXXX9MVI58hLqYvNIbDMcdK8QulG
BwT0tEGj4DedgoFan/H5ISzg1fM8VgFP171VC+XWngAJ
-----END CERTIFICATE-----