Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/AhDMQ2XtjkCjhcUlzS96675I5EA.roa
File:                     AhDMQ2XtjkCjhcUlzS96675I5EA.roa (raw, json)
Hash identifier:          OILGpZHgOyAGc0xJcfdpo/reGYgizY7ShfkMhEVZHJM=
Subject key identifier:   02:10:CC:43:65:ED:8E:40:A3:85:C5:25:CD:2F:7A:EB:BE:48:E4:40
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       018CC7946B349DB27FE2629C5B65BA65479B
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/AhDMQ2XtjkCjhcUlzS96675I5EA.roa
Signing time:             Tue 02 Jan 2024 00:30:41 +0000
ROA not before:           Tue 02 Jan 2024 00:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201128
IP address blocks:        85.153.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:6b:34:9d:b2:7f:e2:62:9c:5b:65:ba:65:47:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jan  2 00:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0210cc4365ed8e40a385c525cd2f7aebbe48e440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5c:c3:6e:46:0a:02:c3:9f:03:99:7d:a9:af:
                    0c:0c:7b:19:e2:f5:c1:ba:fa:2e:4f:a9:ec:f2:4f:
                    68:ff:a3:ee:ed:f7:9b:a6:35:d1:66:65:a1:b6:58:
                    35:87:b5:d9:fd:03:fb:ca:b4:30:ad:a7:d3:10:1a:
                    4d:d4:dc:f1:db:c8:3d:8e:de:f6:01:99:e2:b3:b2:
                    01:3d:46:0c:de:e5:91:e8:cf:ac:85:55:e9:ae:fc:
                    3f:16:92:32:e4:2b:e9:ec:31:97:a7:69:8f:59:85:
                    15:20:b9:e5:4a:8d:d2:cb:32:a3:11:89:a4:de:9d:
                    66:95:fa:4a:32:5b:fd:99:34:f5:e6:ea:9e:82:ef:
                    e5:1c:6d:7a:64:3e:e6:ce:e8:51:01:2b:fc:92:63:
                    f2:ca:c2:93:42:18:ae:fb:6d:67:f3:c6:ac:1c:90:
                    18:99:d8:e6:1e:24:a8:be:6c:c8:96:c5:51:c2:56:
                    25:c9:38:2e:71:51:5c:d0:f3:70:07:5e:5e:97:e5:
                    fe:be:f4:a2:ee:87:7e:88:77:19:19:01:13:14:26:
                    c4:3d:6c:16:bd:a3:20:96:21:41:78:7f:89:67:b7:
                    e0:6d:a1:59:b4:95:38:58:9d:72:ab:ae:c4:d2:61:
                    2e:a5:9d:cb:3b:86:d4:9a:3f:f5:72:33:0d:2f:af:
                    43:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:10:CC:43:65:ED:8E:40:A3:85:C5:25:CD:2F:7A:EB:BE:48:E4:40
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/AhDMQ2XtjkCjhcUlzS96675I5EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:a8:85:0f:92:26:03:c9:3d:6c:42:69:c0:ba:02:11:0d:0d:
         d1:db:fd:d5:3a:30:d8:15:17:53:b3:f5:1b:0d:4e:18:20:40:
         95:87:47:c3:e9:b7:83:37:6e:66:90:3f:cf:24:43:0b:49:ef:
         a9:d7:81:13:dc:b2:10:32:44:77:8b:ad:ab:89:cc:68:8e:76:
         8d:f5:22:ed:e8:a6:d3:ae:e7:8e:91:94:c1:ff:f2:fa:39:5a:
         51:c5:5b:86:b5:c7:60:31:f5:d8:bf:f4:1e:00:40:31:46:53:
         56:d7:a8:7a:ba:90:15:00:92:87:47:40:26:67:f2:d0:87:ff:
         37:14:b5:93:c4:52:62:91:27:39:52:8b:d1:84:66:94:a4:a3:
         83:bd:f4:f9:90:a1:36:3a:ca:ea:4b:08:cb:e6:11:93:42:db:
         ca:b6:12:d3:f0:17:10:76:a8:25:c1:bb:89:9e:cf:4a:d4:51:
         22:57:9a:10:ad:e2:09:b6:ff:bb:c0:50:98:1e:fa:66:cb:23:
         ec:ef:2c:59:14:43:43:54:5f:aa:5e:4a:a6:08:14:37:e0:a2:
         da:0e:03:2d:d5:27:ec:94:1b:b1:58:27:7c:21:e2:67:d3:28:
         4e:69:cb:3b:a9:68:58:1d:4c:d3:40:df:13:03:98:b5:39:f4:
         bf:dc:c9:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGs0nbJ/4mKcW2W6ZUebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjQwMTAyMDAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjEwY2M0MzY1ZWQ4ZTQwYTM4NWM1MjVjZDJmN2FlYmJlNDhlNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVzDbkYKAsOfA5l9qa8MDHsZ4vXB
uvouT6ns8k9o/6Pu7febpjXRZmWhtlg1h7XZ/QP7yrQwrafTEBpN1Nzx28g9jt72
AZnis7IBPUYM3uWR6M+shVXprvw/FpIy5Cvp7DGXp2mPWYUVILnlSo3SyzKjEYmk
3p1mlfpKMlv9mTT15uqegu/lHG16ZD7mzuhRASv8kmPyysKTQhiu+21n88asHJAY
mdjmHiSovmzIlsVRwlYlyTgucVFc0PNwB15el+X+vvSi7od+iHcZGQETFCbEPWwW
vaMgliFBeH+JZ7fgbaFZtJU4WJ1yq67E0mEupZ3LO4bUmj/1cjMNL69DAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIQzENl7Y5Ao4XFJc0veuu+SORAMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvQWhETVEyWHRqa0NqaGNVbHpTOTY2NzVJNUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZlAMA0G
CSqGSIb3DQEBCwUAA4IBAQCRqIUPkiYDyT1sQmnAugIRDQ3R2/3VOjDYFRdTs/Ub
DU4YIECVh0fD6beDN25mkD/PJEMLSe+p14ET3LIQMkR3i62ricxojnaN9SLt6KbT
rueOkZTB//L6OVpRxVuGtcdgMfXYv/QeAEAxRlNW16h6upAVAJKHR0AmZ/LQh/83
FLWTxFJikSc5UovRhGaUpKODvfT5kKE2OsrqSwjL5hGTQtvKthLT8BcQdqglwbuJ
ns9K1FEiV5oQreIJtv+7wFCYHvpmyyPs7yxZFENDVF+qXkqmCBQ34KLaDgMt1Sfs
lBuxWCd8IeJn0yhOacs7qWhYHUzTQN8TA5i1OfS/3Mn5
-----END CERTIFICATE-----