Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/qqXqCJ1D8o5IUPc1q-0ZJerHz9o.roa
File:                     qqXqCJ1D8o5IUPc1q-0ZJerHz9o.roa (raw, json)
Hash identifier:          mtCZXf26GoOUXGn1Y+ce1KqUVRZmCKym2BPnkleEH3g=
Subject key identifier:   AA:A5:EA:08:9D:43:F2:8E:48:50:F7:35:AB:ED:19:25:EA:C7:CF:DA
Certificate issuer:       /CN=0007534eb77caa836f8f118630164e0236e5fe86
Certificate serial:       018CC9B882F978687580460649F8BB8D4737
Authority key identifier: 00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/qqXqCJ1D8o5IUPc1q-0ZJerHz9o.roa
Signing time:             Tue 02 Jan 2024 10:29:21 +0000
ROA not before:           Tue 02 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197923
IP address blocks:        31.135.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:82:f9:78:68:75:80:46:06:49:f8:bb:8d:47:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0007534eb77caa836f8f118630164e0236e5fe86
        Validity
            Not Before: Jan  2 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa5ea089d43f28e4850f735abed1925eac7cfda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f5:82:fa:a0:86:7e:6d:1c:14:7e:bf:44:45:
                    7d:ad:31:2b:e7:e7:56:f4:1b:90:4a:e5:e6:e9:36:
                    bf:5b:fa:ce:e1:06:1e:7b:56:c5:ed:64:b8:ab:50:
                    22:1b:f8:dc:7a:4b:69:38:32:d9:ec:31:3b:46:8b:
                    f7:12:7e:ae:4b:9a:64:b0:5f:86:45:03:5c:3a:f7:
                    f0:f7:66:64:eb:d7:fd:8c:7f:50:7d:d9:f6:5c:7e:
                    60:b2:5b:4d:8d:d3:76:45:07:a5:fc:db:ac:3c:14:
                    14:9f:96:7e:fb:88:8f:8b:5b:75:b6:b5:1f:0d:9b:
                    f9:7a:02:b6:ce:06:d7:93:10:74:b5:6a:2f:62:b1:
                    3a:42:6c:52:5e:6e:f8:73:09:e5:6f:9b:31:bf:86:
                    5f:f3:f4:5a:81:dc:f1:38:47:21:81:b3:a3:10:bb:
                    a7:26:28:18:bd:b4:6b:96:03:51:8c:98:a9:c5:4f:
                    cf:29:ee:db:df:5f:b1:3e:e4:c2:a6:de:ca:b3:78:
                    2b:5f:16:e7:68:3f:dd:a4:79:ff:78:09:1d:7e:35:
                    72:a6:a0:af:9c:43:a8:8d:61:39:07:0f:e5:87:f6:
                    bd:9f:7f:b5:73:af:83:19:f9:f5:27:b8:0f:f4:ca:
                    39:48:f2:20:96:dd:58:5e:b5:b8:f1:9e:bc:35:10:
                    00:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A5:EA:08:9D:43:F2:8E:48:50:F7:35:AB:ED:19:25:EA:C7:CF:DA
            X509v3 Authority Key Identifier:
                keyid:00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/qqXqCJ1D8o5IUPc1q-0ZJerHz9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5e:9c:c8:82:7a:2c:22:02:92:a8:96:ce:7f:d4:cf:37:75:
         33:3a:1e:0d:dd:b1:56:0e:b5:45:05:1b:a9:3e:b4:d9:3a:80:
         2e:92:b8:22:ba:73:5e:87:12:65:b3:22:f9:0a:96:08:a2:46:
         67:8e:fc:89:8d:d4:7d:bf:cf:84:52:30:5f:5c:d9:3f:f4:86:
         2d:ef:cc:74:11:06:11:36:6b:2f:d6:b2:4a:6d:59:b1:1b:91:
         4b:34:7b:33:47:2a:10:c5:34:0a:1e:0b:84:1f:68:67:31:9b:
         d9:ff:e6:8c:2e:5a:e2:3a:cf:5d:85:0f:d8:90:3f:46:86:c4:
         9c:87:c4:e2:f9:35:45:64:3c:b5:ae:50:57:ab:64:f3:75:2e:
         5a:c2:7e:46:ac:69:d8:33:37:5c:15:d8:52:20:a5:a5:5f:3b:
         4d:16:37:e2:4d:c0:88:44:15:87:27:0a:5e:86:53:5c:58:5a:
         40:44:5c:db:22:45:26:ef:0f:29:98:d6:60:72:6b:21:85:22:
         76:c0:a7:49:90:12:9e:fb:f7:e0:31:27:4d:d5:bc:8e:93:3f:
         e5:a6:4f:6f:29:13:f5:7b:69:92:a1:60:46:71:ba:5f:1b:13:
         f0:15:f0:1a:f4:2f:62:e4:c8:a0:6a:97:5b:e1:b2:ad:28:89:
         b5:9f:e8:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuIL5eGh1gEYGSfi7jUc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDc1MzRlYjc3Y2FhODM2ZjhmMTE4NjMwMTY0ZTAyMzZl
NWZlODYwHhcNMjQwMTAyMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWE1ZWEwODlkNDNmMjhlNDg1MGY3MzVhYmVkMTkyNWVhYzdjZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPWC+qCGfm0cFH6/REV9rTEr5+dW
9BuQSuXm6Ta/W/rO4QYee1bF7WS4q1AiG/jcektpODLZ7DE7Rov3En6uS5pksF+G
RQNcOvfw92Zk69f9jH9Qfdn2XH5gsltNjdN2RQel/NusPBQUn5Z++4iPi1t1trUf
DZv5egK2zgbXkxB0tWovYrE6QmxSXm74cwnlb5sxv4Zf8/RagdzxOEchgbOjELun
JigYvbRrlgNRjJipxU/PKe7b31+xPuTCpt7Ks3grXxbnaD/dpHn/eAkdfjVypqCv
nEOojWE5Bw/lh/a9n3+1c6+DGfn1J7gP9Mo5SPIglt1YXrW48Z68NRAAjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKql6gidQ/KOSFD3NavtGSXqx8/aMB8GA1UdIwQY
MBaAFAAHU063fKqDb48RhjAWTgI25f6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgt
NmQxYzliMTUzY2YwLzEvcXFYcUNKMUQ4bzVJVVBjMXEtMFpKZXJIejlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgtNmQxYzliMTUzY2Yw
LzEvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4eyMA0G
CSqGSIb3DQEBCwUAA4IBAQBcXpzIgnosIgKSqJbOf9TPN3UzOh4N3bFWDrVFBRup
PrTZOoAukrgiunNehxJlsyL5CpYIokZnjvyJjdR9v8+EUjBfXNk/9IYt78x0EQYR
Nmsv1rJKbVmxG5FLNHszRyoQxTQKHguEH2hnMZvZ/+aMLlriOs9dhQ/YkD9GhsSc
h8Ti+TVFZDy1rlBXq2TzdS5awn5GrGnYMzdcFdhSIKWlXztNFjfiTcCIRBWHJwpe
hlNcWFpARFzbIkUm7w8pmNZgcmshhSJ2wKdJkBKe+/fgMSdN1byOkz/lpk9vKRP1
e2mSoWBGcbpfGxPwFfAa9C9i5Migapdb4bKtKIm1n+i4
-----END CERTIFICATE-----