Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/WqHA4JzZ3IfLNswGVaYSU8c-Jsc.roa
File:                     WqHA4JzZ3IfLNswGVaYSU8c-Jsc.roa (raw, json)
Hash identifier:          OVwFXCiZc/D3yFwsen9acRn1A82GwMlNCBKErgKXE/Q=
Subject key identifier:   5A:A1:C0:E0:9C:D9:DC:87:CB:36:CC:06:55:A6:12:53:C7:3E:26:C7
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       019265DFA6605E959184AF56777ADFDFEE2D
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/WqHA4JzZ3IfLNswGVaYSU8c-Jsc.roa
Signing time:             Mon 07 Oct 2024 07:26:48 +0000
ROA not before:           Mon 07 Oct 2024 07:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        194.31.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:65:df:a6:60:5e:95:91:84:af:56:77:7a:df:df:ee:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Oct  7 07:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aa1c0e09cd9dc87cb36cc0655a61253c73e26c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:1a:c0:3c:5a:50:de:54:2b:54:33:f8:c3:
                    17:17:2e:54:f5:b9:ba:31:7e:36:a0:fd:04:d1:2c:
                    68:9a:1b:ab:47:6c:57:ff:cf:1b:e0:41:30:57:19:
                    a6:9f:02:28:b9:63:0d:0e:eb:82:19:a2:01:da:80:
                    db:e1:50:f2:1e:0d:d7:be:5c:7c:d4:94:bd:7c:86:
                    fe:ac:d7:30:bc:9c:c0:e2:00:48:dc:48:c3:96:3a:
                    7a:ee:b3:ac:e1:58:69:ad:e8:cc:98:56:29:bd:fa:
                    9d:54:b9:7b:e7:47:81:81:61:34:27:4e:c9:ae:71:
                    14:c2:58:05:fc:6f:1e:ca:46:30:bd:7d:66:ed:1e:
                    7a:b1:24:1d:e6:1a:45:60:e9:24:ad:94:99:c5:c6:
                    c3:72:b3:30:f8:cc:51:84:e6:d6:a7:ba:b4:80:ea:
                    3e:9b:3d:6f:40:59:7f:04:70:47:be:49:bd:6d:bd:
                    5c:c5:71:77:90:51:d8:f1:31:28:45:4d:4e:32:72:
                    40:b7:07:ce:82:e4:f7:b9:93:f3:de:41:88:4b:a1:
                    f0:dc:d9:68:0a:64:5f:79:98:7a:6c:72:29:f4:6d:
                    19:03:6c:78:ab:88:ce:db:58:e3:e6:fc:85:09:08:
                    d6:94:8b:0e:31:d4:8e:ed:c3:30:19:ca:c8:fc:bd:
                    63:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A1:C0:E0:9C:D9:DC:87:CB:36:CC:06:55:A6:12:53:C7:3E:26:C7
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/WqHA4JzZ3IfLNswGVaYSU8c-Jsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8f:ea:3a:a6:53:19:4d:ca:5e:c4:8b:c2:12:90:f2:79:d0:
         e0:b6:41:9f:ed:5e:07:55:6f:3d:f0:39:da:42:24:5f:98:af:
         1e:e5:78:ae:99:de:18:85:f8:e6:84:f3:94:28:05:2f:ac:2f:
         16:a0:bd:c0:d9:25:90:67:76:c8:67:c0:4e:8f:11:d3:6e:4e:
         07:13:86:3f:39:32:ab:22:1d:36:83:91:17:dc:50:6f:e8:fa:
         50:45:ae:dc:06:c1:22:42:b7:a8:7f:3e:66:8e:65:8e:37:2d:
         b3:3d:ec:38:0f:31:fd:77:41:36:7b:ca:36:0c:83:81:d5:64:
         a6:8f:e2:9e:bb:a0:f8:93:0a:09:69:de:18:83:d2:f2:35:0e:
         61:df:ad:06:26:46:c3:90:fa:f0:76:ef:98:ae:25:44:8b:2d:
         f0:10:24:71:f1:1a:e0:c9:70:d9:73:d4:60:85:cb:c7:6e:8b:
         18:0a:54:a6:da:9b:ee:38:94:cf:eb:ec:e4:5a:bc:fc:f0:3e:
         89:e9:e0:c2:6c:99:0c:0d:93:61:0f:5b:cb:6c:a5:a6:19:07:
         85:e3:4d:87:60:7c:13:76:e3:5f:f4:06:48:c6:0f:d8:36:61:
         9d:31:93:51:9d:8a:51:d8:ce:9e:d2:5b:d5:50:96:6e:a5:bb:
         99:bb:69:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJl36ZgXpWRhK9Wd3rf3+4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQxMDA3MDcyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWExYzBlMDljZDlkYzg3Y2IzNmNjMDY1NWE2MTI1M2M3M2UyNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAsawDxaUN5UK1Qz+MMXFy5U9bm6
MX42oP0E0SxomhurR2xX/88b4EEwVxmmnwIouWMNDuuCGaIB2oDb4VDyHg3Xvlx8
1JS9fIb+rNcwvJzA4gBI3EjDljp67rOs4VhprejMmFYpvfqdVLl750eBgWE0J07J
rnEUwlgF/G8eykYwvX1m7R56sSQd5hpFYOkkrZSZxcbDcrMw+MxRhObWp7q0gOo+
mz1vQFl/BHBHvkm9bb1cxXF3kFHY8TEoRU1OMnJAtwfOguT3uZPz3kGIS6Hw3Nlo
CmRfeZh6bHIp9G0ZA2x4q4jO21jj5vyFCQjWlIsOMdSO7cMwGcrI/L1jdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqhwOCc2dyHyzbMBlWmElPHPibHMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvV3FIQTRKelozSWZMTnN3R1ZhWVNVOGMtSnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+dMA0G
CSqGSIb3DQEBCwUAA4IBAQAsj+o6plMZTcpexIvCEpDyedDgtkGf7V4HVW898Dna
QiRfmK8e5Xiumd4YhfjmhPOUKAUvrC8WoL3A2SWQZ3bIZ8BOjxHTbk4HE4Y/OTKr
Ih02g5EX3FBv6PpQRa7cBsEiQreofz5mjmWONy2zPew4DzH9d0E2e8o2DIOB1WSm
j+Keu6D4kwoJad4Yg9LyNQ5h360GJkbDkPrwdu+YriVEiy3wECRx8RrgyXDZc9Rg
hcvHbosYClSm2pvuOJTP6+zkWrz88D6J6eDCbJkMDZNhD1vLbKWmGQeF402HYHwT
duNf9AZIxg/YNmGdMZNRnYpR2M6e0lvVUJZupbuZu2l3
-----END CERTIFICATE-----