Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/QyS2Y9SUTqtb7IaSTsmFTpByNyE.roa
File:                     QyS2Y9SUTqtb7IaSTsmFTpByNyE.roa (raw, json)
Hash identifier:          fOJIdK7VQ8OwSeQDMKCAXogvU/KCmftCNIizP6aADKw=
Subject key identifier:   43:24:B6:63:D4:94:4E:AB:5B:EC:86:92:4E:C9:85:4E:90:72:37:21
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       018CC94BE5AE99BC5567596E9440F82F4E04
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/QyS2Y9SUTqtb7IaSTsmFTpByNyE.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42719
IP address blocks:        31.128.253.0/24 maxlen: 24
                          31.128.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e5:ae:99:bc:55:67:59:6e:94:40:f8:2f:4e:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4324b663d4944eab5bec86924ec9854e90723721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:88:f8:b9:42:70:20:bd:66:64:04:14:68:ed:
                    83:fb:74:01:a1:53:ec:94:8b:2c:1c:b0:27:aa:4b:
                    f1:b9:8d:e6:fa:43:97:9a:e0:fc:59:5b:33:0d:c1:
                    c2:29:81:30:11:46:3b:e4:60:1e:75:7e:25:86:58:
                    b4:63:20:17:d3:87:a5:e1:ae:b8:c6:35:b5:57:a6:
                    e4:30:9d:f6:5c:07:64:f3:84:ad:b3:e1:36:e4:55:
                    6c:6c:e6:81:02:62:2c:31:82:31:36:36:49:b4:ee:
                    46:b7:f3:ec:52:49:9c:8f:73:f4:7a:a7:27:01:58:
                    4e:50:f0:79:e5:d1:b6:2c:b1:fa:7c:c0:2d:d2:67:
                    56:a3:22:01:73:2f:ae:2f:fb:12:ba:2a:8b:39:a8:
                    af:bb:39:44:f7:20:37:aa:05:11:47:6a:f2:96:a2:
                    90:e7:4d:34:2e:39:f5:b4:ce:10:d5:2c:8a:75:29:
                    f4:39:a9:d9:f7:f4:96:9b:7b:13:64:8d:18:f5:b8:
                    31:fb:02:35:47:79:23:28:36:be:5d:34:0d:1a:a4:
                    3d:12:e1:a1:6d:cd:40:04:39:e0:99:46:8b:67:40:
                    00:de:a8:90:d2:8c:b9:69:18:78:04:8a:f6:bb:31:
                    b3:6a:71:0d:28:7a:d8:2c:dc:10:68:79:75:95:94:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:24:B6:63:D4:94:4E:AB:5B:EC:86:92:4E:C9:85:4E:90:72:37:21
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/QyS2Y9SUTqtb7IaSTsmFTpByNyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.253.0-31.128.254.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:33:48:d8:e2:b9:db:c4:97:59:4a:81:5a:d4:9d:dc:09:68:
         72:5e:38:78:83:ca:58:7f:b3:db:82:44:b2:b5:e6:40:74:25:
         5f:02:69:9f:33:db:d7:35:1f:92:88:1d:1a:76:42:e0:e7:d9:
         46:28:bc:94:4f:7a:da:0e:91:9a:9a:96:d0:d5:7e:0b:54:76:
         e5:d2:79:91:17:98:0a:30:54:23:34:7c:2d:2a:a4:4a:29:de:
         d5:44:22:07:12:1f:63:35:80:62:f6:fa:ca:cb:1c:2b:72:5e:
         ac:93:b5:a8:c0:2e:36:f3:e4:c0:06:f3:4e:6e:8e:db:6b:3a:
         d3:c9:34:e2:c5:e9:f5:3b:d5:56:9d:27:25:db:13:fa:53:f0:
         6f:c0:3e:18:c1:3e:07:40:1a:de:a3:d0:56:9c:a4:57:15:11:
         91:07:3b:2a:61:4b:38:24:d9:df:c8:4d:c4:48:80:a4:e3:20:
         f8:94:7b:b6:69:0c:19:81:43:7f:c5:e2:de:cb:96:6a:df:eb:
         a3:7f:f4:00:05:2d:64:71:29:c1:37:27:3c:8d:df:ec:92:52:
         1f:03:9a:52:3d:a0:61:b8:af:0f:62:46:4d:5c:8e:21:8d:b5:
         2a:89:b7:08:ea:4d:ed:80:e4:fa:eb:8e:b2:45:65:2d:8b:9a:
         01:60:74:0d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJS+WumbxVZ1lulED4L04EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzI0YjY2M2Q0OTQ0ZWFiNWJlYzg2OTI0ZWM5ODU0ZTkwNzIzNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIj4uUJwIL1mZAQUaO2D+3QBoVPs
lIssHLAnqkvxuY3m+kOXmuD8WVszDcHCKYEwEUY75GAedX4lhli0YyAX04el4a64
xjW1V6bkMJ32XAdk84Sts+E25FVsbOaBAmIsMYIxNjZJtO5Gt/PsUkmcj3P0eqcn
AVhOUPB55dG2LLH6fMAt0mdWoyIBcy+uL/sSuiqLOaivuzlE9yA3qgURR2rylqKQ
5000Ljn1tM4Q1SyKdSn0OanZ9/SWm3sTZI0Y9bgx+wI1R3kjKDa+XTQNGqQ9EuGh
bc1ABDngmUaLZ0AA3qiQ0oy5aRh4BIr2uzGzanENKHrYLNwQaHl1lZT8OQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEMktmPUlE6rW+yGkk7JhU6QcjchMB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvUXlTMlk5U1VUcXRiN0lhU1RzbUZUcEJ5TnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfgP0D
BAAfgP4wDQYJKoZIhvcNAQELBQADggEBAH8zSNjiudvEl1lKgVrUndwJaHJeOHiD
ylh/s9uCRLK15kB0JV8CaZ8z29c1H5KIHRp2QuDn2UYovJRPetoOkZqaltDVfgtU
duXSeZEXmAowVCM0fC0qpEop3tVEIgcSH2M1gGL2+srLHCtyXqyTtajALjbz5MAG
805ujttrOtPJNOLF6fU71VadJyXbE/pT8G/APhjBPgdAGt6j0FacpFcVEZEHOyph
Szgk2d/ITcRIgKTjIPiUe7ZpDBmBQ3/F4t7Llmrf66N/9AAFLWRxKcE3JzyN3+yS
Uh8DmlI9oGG4rw9iRk1cjiGNtSqJtwjqTe2A5PrrjrJFZS2LmgFgdA0=
-----END CERTIFICATE-----