Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/MRTQDGo714FdT2bZcf70RaXbzTw.roa
File:                     MRTQDGo714FdT2bZcf70RaXbzTw.roa (raw, json)
Hash identifier:          +am1kVR+ox84pqTilBbRprzlJiwWeJC0Dax9Zodw6Z8=
Subject key identifier:   31:14:D0:0C:6A:3B:D7:81:5D:4F:66:D9:71:FE:F4:45:A5:DB:CD:3C
Certificate issuer:       /CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Certificate serial:       018CC49399C40AB6F4111DE8D25983DDC06D
Authority key identifier: C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/MRTQDGo714FdT2bZcf70RaXbzTw.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31713
IP address blocks:        217.113.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:c4:0a:b6:f4:11:1d:e8:d2:59:83:dd:c0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8531ae2ce57c95f5a398930ea45503542801ba1
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3114d00c6a3bd7815d4f66d971fef445a5dbcd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:44:d0:04:5a:92:07:75:fe:98:75:e7:74:5b:
                    33:cf:85:66:a8:24:a5:2a:38:3e:e9:6b:d1:a7:c2:
                    ab:8c:28:34:49:12:da:05:86:b6:8f:9e:09:9b:bf:
                    99:e7:d0:35:1c:d4:7e:ff:eb:ea:81:2e:cf:f9:ac:
                    e2:05:e2:a9:17:bf:95:83:41:7e:c7:29:e1:a1:36:
                    0c:92:e6:02:a6:ff:a7:9d:2c:9b:d0:8a:e4:25:a4:
                    87:3a:8b:77:74:71:9a:e0:3d:76:59:b9:7d:05:5d:
                    41:3b:c5:65:85:d8:83:b7:f9:23:12:ca:90:39:b4:
                    2e:08:b6:b1:e2:72:1b:d5:33:4a:a5:7e:68:44:70:
                    65:ec:8e:f0:b3:d3:49:f0:7d:1a:4e:3b:95:bf:d8:
                    ec:30:a1:7a:e0:9d:40:44:7a:dd:3a:f4:4d:c2:90:
                    c6:a1:22:88:1d:17:db:1f:2c:3a:a4:94:8d:65:16:
                    69:b1:f9:dd:75:41:4d:85:3d:fb:17:74:2f:f2:2b:
                    84:fa:fb:54:9a:98:37:da:b0:05:97:14:5f:47:61:
                    1f:a8:f0:6a:ae:e9:30:1d:8d:f8:55:e6:24:c8:6c:
                    46:b9:aa:9e:10:3d:72:e3:2d:86:21:aa:01:a6:27:
                    06:8b:57:7d:77:e5:df:4b:28:9d:a9:b7:29:41:77:
                    78:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:14:D0:0C:6A:3B:D7:81:5D:4F:66:D9:71:FE:F4:45:A5:DB:CD:3C
            X509v3 Authority Key Identifier:
                keyid:C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/MRTQDGo714FdT2bZcf70RaXbzTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:e8:4a:f8:71:bf:66:f9:1a:66:6c:a7:78:99:0e:3f:3e:83:
         da:68:19:aa:3f:cd:28:52:86:df:dc:1d:e2:25:83:c1:42:23:
         25:84:57:d6:2e:2a:d4:e3:c8:fa:6a:d4:55:7d:1f:99:95:04:
         bb:5b:9c:3e:b8:5f:ac:4a:8c:05:e2:a8:a6:ec:6f:92:4e:bd:
         cb:71:6d:71:a6:9a:5e:e4:ad:9e:6b:7f:e5:49:6d:d3:6a:7a:
         2c:86:f2:04:5a:72:3b:5f:cf:08:35:68:6d:87:b6:35:7c:a9:
         ac:86:27:4a:41:fa:5d:ec:fd:96:40:9d:e0:16:a3:03:68:d5:
         f6:4f:75:3f:aa:a1:3f:81:dc:c9:86:08:b6:10:13:a9:65:06:
         1f:94:46:51:f5:67:e3:22:5d:47:37:fd:9c:8e:01:17:ed:20:
         b2:ea:7c:a1:24:9c:d8:54:13:a6:42:dd:c5:57:0d:94:91:17:
         05:d9:2d:57:1a:c4:34:d8:86:a6:8d:4a:61:23:c4:f7:ad:d1:
         49:90:fd:64:6e:33:0c:6c:cc:2d:cb:70:80:fe:dd:af:27:b3:
         35:12:6f:ae:04:7f:f9:47:d7:46:95:e3:50:ed:21:15:89:da:
         63:60:c9:6e:da:cc:d4:ef:cf:2d:df:7f:a9:80:2e:5e:6c:c8:
         2d:fd:7b:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5nECrb0ER3o0lmD3cBtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTMxYWUyY2U1N2M5NWY1YTM5ODkzMGVhNDU1MDM1NDI4
MDFiYTEwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTE0ZDAwYzZhM2JkNzgxNWQ0ZjY2ZDk3MWZlZjQ0NWE1ZGJjZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUTQBFqSB3X+mHXndFszz4VmqCSl
Kjg+6WvRp8KrjCg0SRLaBYa2j54Jm7+Z59A1HNR+/+vqgS7P+aziBeKpF7+Vg0F+
xynhoTYMkuYCpv+nnSyb0IrkJaSHOot3dHGa4D12Wbl9BV1BO8VlhdiDt/kjEsqQ
ObQuCLax4nIb1TNKpX5oRHBl7I7ws9NJ8H0aTjuVv9jsMKF64J1ARHrdOvRNwpDG
oSKIHRfbHyw6pJSNZRZpsfnddUFNhT37F3Qv8iuE+vtUmpg32rAFlxRfR2EfqPBq
rukwHY34VeYkyGxGuaqeED1y4y2GIaoBpicGi1d9d+XfSyidqbcpQXd41QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEU0AxqO9eBXU9m2XH+9EWl2808MB8GA1UdIwQY
MBaAFMhTGuLOV8lfWjmJMOpFUDVCgBuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjkt
NDVkNTQyZDVmNTVmLzEvTVJUUURHbzcxNEZkVDJiWmNmNzBSYVhielR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjktNDVkNTQyZDVmNTVm
LzEveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XFcMA0G
CSqGSIb3DQEBCwUAA4IBAQB46Er4cb9m+RpmbKd4mQ4/PoPaaBmqP80oUobf3B3i
JYPBQiMlhFfWLirU48j6atRVfR+ZlQS7W5w+uF+sSowF4qim7G+STr3LcW1xpppe
5K2ea3/lSW3TanoshvIEWnI7X88INWhth7Y1fKmshidKQfpd7P2WQJ3gFqMDaNX2
T3U/qqE/gdzJhgi2EBOpZQYflEZR9WfjIl1HN/2cjgEX7SCy6nyhJJzYVBOmQt3F
Vw2UkRcF2S1XGsQ02IamjUphI8T3rdFJkP1kbjMMbMwty3CA/t2vJ7M1Em+uBH/5
R9dGleNQ7SEVidpjYMlu2szU788t33+pgC5ebMgt/Xsb
-----END CERTIFICATE-----