Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/QP2WbRv_yD2N_3sd9malNncX4Us.roa
File:                     QP2WbRv_yD2N_3sd9malNncX4Us.roa (raw, json)
Hash identifier:          S/ngORpPFZiiKoY0a0p5xwlWDHsZPR0hw2UGQFg9+eU=
Subject key identifier:   40:FD:96:6D:1B:FF:C8:3D:8D:FF:7B:1D:F6:66:A5:36:77:17:E1:4B
Certificate issuer:       /CN=3025fd339aa64504f289a00c4173c55a0002eb44
Certificate serial:       018CC56E9E3F0BF7DF84ED0C39C458300ADD
Authority key identifier: 30:25:FD:33:9A:A6:45:04:F2:89:A0:0C:41:73:C5:5A:00:02:EB:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCX9M5qmRQTyiaAMQXPFWgAC60Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/QP2WbRv_yD2N_3sd9malNncX4Us.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210879
IP address blocks:        31.216.61.0/24 maxlen: 24
                          2a11:4980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/MCX9M5qmRQTyiaAMQXPFWgAC60Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/MCX9M5qmRQTyiaAMQXPFWgAC60Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCX9M5qmRQTyiaAMQXPFWgAC60Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 11:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9e:3f:0b:f7:df:84:ed:0c:39:c4:58:30:0a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3025fd339aa64504f289a00c4173c55a0002eb44
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40fd966d1bffc83d8dff7b1df666a5367717e14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:16:c6:ec:b3:81:89:c9:22:63:cc:20:b0:c6:
                    ba:81:56:bc:3c:d2:f3:fd:9d:d7:bd:fd:a1:14:74:
                    f1:36:f3:4d:46:81:3a:f1:2d:40:44:c3:28:da:34:
                    d4:0d:1e:7f:eb:09:de:2c:3b:c5:86:df:c0:21:11:
                    da:b5:ff:0a:d0:0f:f9:bf:32:62:01:fd:71:3b:72:
                    f3:25:ae:78:c4:6c:ae:96:9a:2d:e9:04:36:29:26:
                    c1:0c:94:bd:e2:c1:22:b7:32:97:08:3e:9c:49:64:
                    47:b1:f3:26:71:b6:5e:4b:b4:1d:8a:9c:c3:ef:c8:
                    2a:48:c5:c5:02:0a:67:06:38:c0:b3:c7:83:84:4c:
                    03:f8:b3:0d:9a:26:a6:05:2f:15:e4:f2:7e:fa:c3:
                    93:c5:f8:5f:31:5c:cb:01:d2:8c:e1:a3:89:f5:7b:
                    44:32:2d:09:30:d7:b7:64:af:e0:8c:f8:12:76:27:
                    c5:6a:a0:fd:5c:77:6e:4d:93:3d:d0:f6:f8:1c:65:
                    cf:1e:4e:07:93:3e:41:9a:1b:0d:e2:78:b1:22:ff:
                    cd:a2:21:2d:75:ab:fc:30:25:7a:5f:89:c0:5a:9e:
                    7d:29:50:d3:19:a0:48:5e:44:4d:24:1d:8d:8e:ca:
                    a3:ab:dd:0a:90:69:c4:36:d8:1a:68:6a:11:5c:73:
                    08:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FD:96:6D:1B:FF:C8:3D:8D:FF:7B:1D:F6:66:A5:36:77:17:E1:4B
            X509v3 Authority Key Identifier:
                keyid:30:25:FD:33:9A:A6:45:04:F2:89:A0:0C:41:73:C5:5A:00:02:EB:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCX9M5qmRQTyiaAMQXPFWgAC60Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/QP2WbRv_yD2N_3sd9malNncX4Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4a523b-7244-422d-9004-c4aa9db1abb5/1/MCX9M5qmRQTyiaAMQXPFWgAC60Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.61.0/24
                IPv6:
                  2a11:4980::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:20:4e:ac:96:1e:67:ac:42:9b:ec:86:a3:91:83:77:4f:32:
         5e:49:a8:8b:17:5f:a7:54:cc:fa:2d:be:36:82:ad:cd:f5:df:
         d7:e8:1c:53:5f:cd:d0:e5:ac:78:64:98:4a:16:08:55:40:b0:
         c4:ec:09:64:81:b8:3f:40:a4:59:0e:3f:f6:65:50:bb:0a:8f:
         c0:2e:c5:cb:dc:40:83:cc:f1:32:5b:bc:b0:56:1d:be:14:3a:
         d5:c6:ad:95:7b:97:9f:38:a8:3f:1d:c4:bd:f7:c1:77:7a:7a:
         69:1a:95:e0:5b:a2:f0:5a:76:d8:98:be:e8:bc:15:44:71:f5:
         fc:a8:8b:c1:05:c2:d9:d8:68:a9:66:b2:23:5b:2f:01:0a:93:
         52:06:e7:f6:a0:97:01:f3:13:08:ce:8f:8d:d0:06:42:09:68:
         75:ab:a8:f4:ce:80:a8:b2:f5:53:c3:4f:bc:b3:96:2a:54:66:
         9d:27:fd:2d:02:92:90:dc:9c:54:13:86:49:b4:23:a6:8b:aa:
         ed:65:a8:bc:f7:0e:11:23:63:b9:72:49:00:e5:21:ff:a8:2f:
         9c:9c:67:1a:15:aa:87:9f:7a:66:a4:13:c2:ca:ee:03:c6:74:
         27:97:6c:cb:9b:8d:64:74:b9:35:cc:8a:6d:67:b9:f2:fc:65:
         44:9c:57:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbp4/C/ffhO0MOcRYMArdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjVmZDMzOWFhNjQ1MDRmMjg5YTAwYzQxNzNjNTVhMDAw
MmViNDQwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGZkOTY2ZDFiZmZjODNkOGRmZjdiMWRmNjY2YTUzNjc3MTdlMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxbG7LOBickiY8wgsMa6gVa8PNLz
/Z3Xvf2hFHTxNvNNRoE68S1ARMMo2jTUDR5/6wneLDvFht/AIRHatf8K0A/5vzJi
Af1xO3LzJa54xGyulpot6QQ2KSbBDJS94sEitzKXCD6cSWRHsfMmcbZeS7QdipzD
78gqSMXFAgpnBjjAs8eDhEwD+LMNmiamBS8V5PJ++sOTxfhfMVzLAdKM4aOJ9XtE
Mi0JMNe3ZK/gjPgSdifFaqD9XHduTZM90Pb4HGXPHk4Hkz5BmhsN4nixIv/NoiEt
dav8MCV6X4nAWp59KVDTGaBIXkRNJB2Njsqjq90KkGnENtgaaGoRXHMIKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFED9lm0b/8g9jf97HfZmpTZ3F+FLMB8GA1UdIwQY
MBaAFDAl/TOapkUE8omgDEFzxVoAAutEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNYOU01cW1SUVR5aWFBTVFYUEZXZ0FDNjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YTUyM2ItNzI0NC00MjJkLTkwMDQt
YzRhYTlkYjFhYmI1LzEvUVAyV2JSdl95RDJOXzNzZDltYWxObmNYNFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YTUyM2ItNzI0NC00MjJkLTkwMDQtYzRhYTlkYjFhYmI1
LzEvTUNYOU01cW1SUVR5aWFBTVFYUEZXZ0FDNjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAH9g9MA0E
AgACMAcDBQMqEUmAMA0GCSqGSIb3DQEBCwUAA4IBAQCPIE6slh5nrEKb7IajkYN3
TzJeSaiLF1+nVMz6Lb42gq3N9d/X6BxTX83Q5ax4ZJhKFghVQLDE7Alkgbg/QKRZ
Dj/2ZVC7Co/ALsXL3ECDzPEyW7ywVh2+FDrVxq2Ve5efOKg/HcS998F3enppGpXg
W6LwWnbYmL7ovBVEcfX8qIvBBcLZ2GipZrIjWy8BCpNSBuf2oJcB8xMIzo+N0AZC
CWh1q6j0zoCosvVTw0+8s5YqVGadJ/0tApKQ3JxUE4ZJtCOmi6rtZai89w4RI2O5
ckkA5SH/qC+cnGcaFaqHn3pmpBPCyu4DxnQnl2zLm41kdLk1zIptZ7ny/GVEnFdR
-----END CERTIFICATE-----