Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/FQJAi_4cUSpjAQVAiZVjd6Oif1Q.roa
File:                     FQJAi_4cUSpjAQVAiZVjd6Oif1Q.roa (raw, json)
Hash identifier:          pY5A/nKHcYDKmJrJHKzu7+Ei+HoSw7208hrJq2+MQHk=
Subject key identifier:   15:02:40:8B:FE:1C:51:2A:63:01:05:40:89:95:63:77:A3:A2:7F:54
Certificate issuer:       /CN=b464e0af28b755c4ec88010d94298697d1883933
Certificate serial:       018CC501513A3532C184336D47365AAFA639
Authority key identifier: B4:64:E0:AF:28:B7:55:C4:EC:88:01:0D:94:29:86:97:D1:88:39:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/FQJAi_4cUSpjAQVAiZVjd6Oif1Q.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31083
IP address blocks:        2.56.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:51:3a:35:32:c1:84:33:6d:47:36:5a:af:a6:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b464e0af28b755c4ec88010d94298697d1883933
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1502408bfe1c512a6301054089956377a3a27f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:41:4e:53:5f:f5:d2:d9:fd:7a:1e:6d:13:
                    9b:38:88:06:51:78:f2:b8:b7:52:1d:fd:58:30:39:
                    a3:8e:f7:74:bd:65:cb:d6:67:c2:63:ea:c4:4a:e6:
                    4d:e4:ed:8a:50:11:79:51:16:18:3f:d9:b1:9e:07:
                    84:39:62:61:48:2a:9f:c7:02:25:7c:d8:93:63:3b:
                    81:cc:d3:c3:c4:3a:50:0f:f2:6a:41:57:e4:bc:aa:
                    fb:02:e8:7f:5e:bf:ef:98:8a:57:33:9a:0c:78:95:
                    d2:82:00:b1:a1:c0:bb:fe:93:95:71:af:5c:c1:fe:
                    db:d5:1b:f8:a4:03:d9:37:ea:38:0e:30:b6:33:52:
                    9d:67:51:08:8a:e6:2b:33:ee:6c:23:f1:a3:40:c7:
                    22:0f:3c:f9:fd:4c:8f:3d:1e:6a:6e:77:75:51:25:
                    23:d2:e8:9f:26:34:97:ad:e8:27:3f:df:fa:e3:fa:
                    51:cd:41:2c:3e:27:6f:b8:d3:23:8d:b0:83:3e:32:
                    e2:4d:f5:4a:a9:e2:33:30:8e:95:3f:e9:45:6e:87:
                    0d:37:1f:75:14:56:73:3d:2e:d2:99:7c:40:d5:bf:
                    28:93:07:71:18:36:e1:3c:60:cd:7e:5c:59:52:c4:
                    5b:9c:c0:ca:f6:5e:94:c7:a2:49:35:be:d1:a3:43:
                    8e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:02:40:8B:FE:1C:51:2A:63:01:05:40:89:95:63:77:A3:A2:7F:54
            X509v3 Authority Key Identifier:
                keyid:B4:64:E0:AF:28:B7:55:C4:EC:88:01:0D:94:29:86:97:D1:88:39:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/FQJAi_4cUSpjAQVAiZVjd6Oif1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:33:64:00:5f:d8:88:36:53:06:0d:cf:d1:11:bf:c0:60:46:
         59:66:39:a5:10:ae:22:cc:f9:10:77:53:30:e2:d9:d7:0f:af:
         91:0b:ab:39:c7:bd:48:6c:c8:0d:1b:6a:60:3f:a9:e9:5a:02:
         6a:cb:ef:44:04:b5:2d:ca:6d:c1:98:19:e0:97:02:d7:7a:13:
         ab:ac:f3:ab:49:ba:93:fb:e4:e6:81:05:2e:7e:ef:8d:53:0e:
         23:e8:24:42:00:9c:9b:f9:6b:90:9f:01:a0:d7:53:ba:da:46:
         81:ab:a9:52:3d:9d:4d:ee:98:97:e7:b5:b7:c1:bc:cf:bb:e5:
         42:8b:13:2f:1d:a1:8c:1a:78:27:26:2e:49:11:a1:63:54:83:
         23:26:0b:a8:43:22:30:76:8a:8f:99:83:be:92:5b:89:74:fe:
         ba:80:b4:7d:7d:6e:76:00:4a:37:d5:a5:40:be:92:34:3a:03:
         c5:12:e6:ae:cc:8e:1c:65:b3:ab:16:2b:98:51:16:3e:d0:63:
         16:ed:f8:b2:39:51:61:bc:9b:5a:b6:b0:4f:12:d9:65:49:8c:
         99:5a:1b:f4:07:5f:3f:41:78:da:78:9c:9e:93:18:1a:87:e8:
         f1:fa:8d:5c:ab:f1:3a:bf:8d:86:89:9d:3e:b0:7e:21:82:bc:
         09:49:92:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVE6NTLBhDNtRzZar6Y5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjRlMGFmMjhiNzU1YzRlYzg4MDEwZDk0Mjk4Njk3ZDE4
ODM5MzMwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTAyNDA4YmZlMWM1MTJhNjMwMTA1NDA4OTk1NjM3N2EzYTI3ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSZBTlNf9dLZ/XoebRObOIgGUXjy
uLdSHf1YMDmjjvd0vWXL1mfCY+rESuZN5O2KUBF5URYYP9mxngeEOWJhSCqfxwIl
fNiTYzuBzNPDxDpQD/JqQVfkvKr7Auh/Xr/vmIpXM5oMeJXSggCxocC7/pOVca9c
wf7b1Rv4pAPZN+o4DjC2M1KdZ1EIiuYrM+5sI/GjQMciDzz5/UyPPR5qbnd1USUj
0uifJjSXregnP9/64/pRzUEsPidvuNMjjbCDPjLiTfVKqeIzMI6VP+lFbocNNx91
FFZzPS7SmXxA1b8okwdxGDbhPGDNflxZUsRbnMDK9l6Ux6JJNb7Ro0OOLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUCQIv+HFEqYwEFQImVY3ejon9UMB8GA1UdIwQY
MBaAFLRk4K8ot1XE7IgBDZQphpfRiDkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdUZ3J5aTNWY1RzaUFFTmxDbUdsOUdJT1RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8wY2FhNmQtMTA5ZS00NWYzLWE5MzIt
NDc1YzVjOTFmNDc0LzEvRlFKQWlfNGNVU3BqQVFWQWlaVmpkNk9pZjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8wY2FhNmQtMTA5ZS00NWYzLWE5MzItNDc1YzVjOTFmNDc0
LzEvdEdUZ3J5aTNWY1RzaUFFTmxDbUdsOUdJT1RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjgPMA0G
CSqGSIb3DQEBCwUAA4IBAQB8M2QAX9iINlMGDc/REb/AYEZZZjmlEK4izPkQd1Mw
4tnXD6+RC6s5x71IbMgNG2pgP6npWgJqy+9EBLUtym3BmBnglwLXehOrrPOrSbqT
++TmgQUufu+NUw4j6CRCAJyb+WuQnwGg11O62kaBq6lSPZ1N7piX57W3wbzPu+VC
ixMvHaGMGngnJi5JEaFjVIMjJguoQyIwdoqPmYO+kluJdP66gLR9fW52AEo31aVA
vpI0OgPFEuauzI4cZbOrFiuYURY+0GMW7fiyOVFhvJtatrBPEtllSYyZWhv0B18/
QXjaeJyekxgah+jx+o1cq/E6v42GiZ0+sH4hgrwJSZKw
-----END CERTIFICATE-----