Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/QMqLTG9JaOf8HBW1rWCbCN8zxUI.roa
File:                     QMqLTG9JaOf8HBW1rWCbCN8zxUI.roa (raw, json)
Hash identifier:          PtqaObOGwyqA4zGRk4FJydAnYrZ3sV/H13kkzJEjdZs=
Subject key identifier:   40:CA:8B:4C:6F:49:68:E7:FC:1C:15:B5:AD:60:9B:08:DF:33:C5:42
Certificate issuer:       /CN=31c6bbaf409f5fd6d709c4d7d24344a292a3caa5
Certificate serial:       018CC49232C0866CE982622C0B1FF3ECAAFF
Authority key identifier: 31:C6:BB:AF:40:9F:5F:D6:D7:09:C4:D7:D2:43:44:A2:92:A3:CA:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mca7r0CfX9bXCcTX0kNEopKjyqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/QMqLTG9JaOf8HBW1rWCbCN8zxUI.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.223.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/Mca7r0CfX9bXCcTX0kNEopKjyqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/Mca7r0CfX9bXCcTX0kNEopKjyqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mca7r0CfX9bXCcTX0kNEopKjyqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:32:c0:86:6c:e9:82:62:2c:0b:1f:f3:ec:aa:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31c6bbaf409f5fd6d709c4d7d24344a292a3caa5
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40ca8b4c6f4968e7fc1c15b5ad609b08df33c542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:69:9e:bf:7a:15:70:50:61:50:a5:de:b7:46:
                    94:20:80:a6:33:ce:69:ec:af:d7:29:f6:bb:75:48:
                    0e:97:47:04:7a:ff:b2:8f:1a:9c:5b:ef:ee:37:0c:
                    58:57:2c:a6:c7:a4:c0:73:d7:d0:dc:07:a1:89:65:
                    86:16:82:0d:ab:1f:f2:62:b4:e9:f4:7f:a3:bc:84:
                    3e:25:d6:f4:f1:04:ae:9e:ee:b0:6e:d7:e8:90:56:
                    17:16:9f:b9:86:3d:ea:a0:66:11:4e:ac:a5:80:79:
                    02:a2:f5:5c:d2:87:26:22:66:bb:73:96:38:ef:d7:
                    44:36:55:ac:ce:b4:d3:f4:bf:82:df:de:ee:ec:ec:
                    81:59:de:86:68:1b:21:64:9e:ae:17:5f:19:16:82:
                    44:d9:3f:e6:83:7b:4e:1b:ee:94:7a:77:27:d5:46:
                    31:85:6e:25:dd:9c:71:dc:f6:2b:bb:a2:74:ae:5c:
                    a9:d0:58:5b:5c:fc:33:50:9a:3b:dd:e6:35:c7:96:
                    c4:d4:cc:fb:b3:21:42:46:00:e2:83:0a:36:bb:97:
                    f4:f7:3c:c2:59:47:46:f4:f6:f7:74:91:55:5b:17:
                    20:36:f2:0e:99:d2:00:e6:7b:8f:58:50:c8:9b:ea:
                    c9:9d:2c:9e:11:16:b2:31:3c:d3:a4:98:83:f6:42:
                    d1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CA:8B:4C:6F:49:68:E7:FC:1C:15:B5:AD:60:9B:08:DF:33:C5:42
            X509v3 Authority Key Identifier:
                keyid:31:C6:BB:AF:40:9F:5F:D6:D7:09:C4:D7:D2:43:44:A2:92:A3:CA:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mca7r0CfX9bXCcTX0kNEopKjyqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/QMqLTG9JaOf8HBW1rWCbCN8zxUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/cbf93c-6dda-4824-8033-41c3cf908e97/1/Mca7r0CfX9bXCcTX0kNEopKjyqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.223.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:97:45:55:a6:ce:73:b4:1c:64:8c:ee:c6:c1:da:95:47:91:
         31:72:69:78:25:b6:98:e9:99:a4:fe:a8:2c:c5:b2:90:ef:47:
         64:48:17:c4:23:f2:fb:e6:93:88:d5:f3:0a:70:2d:42:87:6c:
         73:24:c8:b4:bb:ce:dd:38:11:b3:ea:b0:7c:fa:22:f4:31:0f:
         bb:73:a6:b0:37:0d:6e:18:ec:e3:43:6a:11:d3:63:c7:e3:f9:
         83:a8:64:89:15:85:46:b7:5d:de:ce:79:d7:ed:a4:d4:9d:a8:
         ff:a5:37:76:e1:b4:3f:bc:4c:be:d4:91:39:3e:79:76:fe:7f:
         51:50:99:96:6c:3a:a8:f5:c8:0d:04:fe:82:b6:40:a7:41:8b:
         55:8f:2f:d7:3a:5a:01:d5:7f:0b:c0:9f:8d:44:77:a3:ea:dc:
         95:d1:55:e5:84:fc:a9:df:b2:83:f3:32:82:ba:d7:c5:a4:ba:
         f7:73:f3:7d:8a:88:c3:14:2e:c4:1c:69:65:86:e8:28:64:99:
         da:0d:8e:32:91:64:02:f0:45:19:86:32:53:3a:b2:ca:7e:2c:
         95:0f:bd:f7:a5:e9:55:d6:30:87:fd:07:b3:b7:38:c0:76:31:
         2b:55:65:da:39:91:48:61:91:40:55:e4:a9:87:96:61:ea:8f:
         47:c4:d1:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjLAhmzpgmIsCx/z7Kr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYzZiYmFmNDA5ZjVmZDZkNzA5YzRkN2QyNDM0NGEyOTJh
M2NhYTUwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNhOGI0YzZmNDk2OGU3ZmMxYzE1YjVhZDYwOWIwOGRmMzNjNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmmev3oVcFBhUKXet0aUIICmM85p
7K/XKfa7dUgOl0cEev+yjxqcW+/uNwxYVyymx6TAc9fQ3AehiWWGFoINqx/yYrTp
9H+jvIQ+Jdb08QSunu6wbtfokFYXFp+5hj3qoGYRTqylgHkCovVc0ocmIma7c5Y4
79dENlWszrTT9L+C397u7OyBWd6GaBshZJ6uF18ZFoJE2T/mg3tOG+6Uencn1UYx
hW4l3Zxx3PYru6J0rlyp0FhbXPwzUJo73eY1x5bE1Mz7syFCRgDigwo2u5f09zzC
WUdG9Pb3dJFVWxcgNvIOmdIA5nuPWFDIm+rJnSyeERayMTzTpJiD9kLRewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDKi0xvSWjn/BwVta1gmwjfM8VCMB8GA1UdIwQY
MBaAFDHGu69An1/W1wnE19JDRKKSo8qlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNhN3IwQ2ZYOWJYQ2NUWDBrTkVvcEtqeXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jYmY5M2MtNmRkYS00ODI0LTgwMzMt
NDFjM2NmOTA4ZTk3LzEvUU1xTFRHOUphT2Y4SEJXMXJXQ2JDTjh6eFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jYmY5M2MtNmRkYS00ODI0LTgwMzMtNDFjM2NmOTA4ZTk3
LzEvTWNhN3IwQ2ZYOWJYQ2NUWDBrTkVvcEtqeXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd/QMA0G
CSqGSIb3DQEBCwUAA4IBAQDKl0VVps5ztBxkjO7GwdqVR5Excml4JbaY6Zmk/qgs
xbKQ70dkSBfEI/L75pOI1fMKcC1Ch2xzJMi0u87dOBGz6rB8+iL0MQ+7c6awNw1u
GOzjQ2oR02PH4/mDqGSJFYVGt13eznnX7aTUnaj/pTd24bQ/vEy+1JE5Pnl2/n9R
UJmWbDqo9cgNBP6CtkCnQYtVjy/XOloB1X8LwJ+NRHej6tyV0VXlhPyp37KD8zKC
utfFpLr3c/N9iojDFC7EHGllhugoZJnaDY4ykWQC8EUZhjJTOrLKfiyVD733pelV
1jCH/QeztzjAdjErVWXaOZFIYZFAVeSph5Zh6o9HxNEn
-----END CERTIFICATE-----