Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qBzD8GhRA2Dtcoe6CRB6AMW5IvA.roa
File:                     qBzD8GhRA2Dtcoe6CRB6AMW5IvA.roa (raw, json)
Hash identifier:          34tFQ0Eu3GEE0uP6GuEKNgu7TiHylOICOZy95MskedY=
Subject key identifier:   A8:1C:C3:F0:68:51:03:60:ED:72:87:BA:09:10:7A:00:C5:B9:22:F0
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018DF4A9DB07D7B9F6E65522A381433343A1
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qBzD8GhRA2Dtcoe6CRB6AMW5IvA.roa
Signing time:             Thu 29 Feb 2024 11:39:48 +0000
ROA not before:           Thu 29 Feb 2024 11:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        31.43.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:a9:db:07:d7:b9:f6:e6:55:22:a3:81:43:33:43:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Feb 29 11:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81cc3f068510360ed7287ba09107a00c5b922f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:de:a8:c7:de:dd:54:91:aa:71:f2:f2:ef:8b:
                    cf:69:ff:31:34:6b:5e:6e:e8:7c:5a:e1:c7:ad:ef:
                    db:0e:07:a5:58:66:26:da:f0:5e:87:0c:a5:8c:97:
                    aa:3c:c6:38:af:07:2a:f2:60:a2:49:b7:f4:99:ec:
                    7a:ac:6f:42:54:55:05:a3:55:ea:a8:e7:46:b8:82:
                    0c:70:61:dc:03:d4:3f:4f:0f:fd:0b:2e:d3:5d:bf:
                    15:18:a6:90:9b:af:a3:89:b7:52:22:4f:47:8d:ab:
                    ad:d1:29:ae:d2:4e:f9:51:96:42:23:8d:6e:7a:c9:
                    e4:94:a6:b7:53:3c:c1:ea:a1:18:d8:f6:7d:f8:01:
                    64:47:75:ab:18:f7:d0:bf:d4:4e:cf:3d:07:ee:52:
                    60:95:ec:42:92:7c:aa:47:55:4c:85:09:e8:8a:10:
                    d0:cb:3f:c7:6a:6b:87:9a:da:a2:ca:6a:3a:b8:70:
                    61:34:df:a8:a8:b9:e9:75:58:22:ee:a4:6d:77:92:
                    9a:38:2e:a7:e6:58:52:04:09:3d:6d:33:c9:2c:60:
                    6b:fd:fb:87:db:9d:da:bb:f3:c2:96:94:b3:ce:f1:
                    1a:a7:2e:aa:0a:e1:07:99:dd:e4:a9:e9:bd:4a:c9:
                    aa:ed:c6:3b:13:8b:c8:10:82:50:80:93:58:46:ca:
                    a4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1C:C3:F0:68:51:03:60:ED:72:87:BA:09:10:7A:00:C5:B9:22:F0
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qBzD8GhRA2Dtcoe6CRB6AMW5IvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:53:12:8c:86:91:80:f7:c9:55:50:c6:c6:52:0b:69:3d:6f:
         81:fe:2d:9a:34:c9:d1:23:3c:3e:0d:fc:ed:c5:f5:6e:ac:bd:
         4f:9b:5f:57:8e:87:c8:4e:23:4e:a2:89:a6:e8:75:44:02:6f:
         ca:b1:3b:eb:78:f6:d8:1e:7c:ba:65:fb:19:f9:ed:1a:07:ca:
         c7:1f:4d:36:b9:30:91:84:2f:75:36:da:1a:e4:8f:53:86:a4:
         b4:3c:24:12:c5:fc:79:39:b3:0a:ad:c3:30:97:f7:c6:8f:bb:
         7c:a0:d3:50:ac:3a:8c:33:4d:5b:f0:db:46:80:a3:ec:05:ef:
         92:e7:09:80:8a:15:e9:16:17:45:ca:d7:fa:32:fd:80:4b:41:
         a7:42:88:71:7b:d8:ac:e4:04:25:87:51:f1:b0:66:b6:80:54:
         42:d4:11:d4:70:22:3a:50:a2:55:9d:02:8c:9d:75:00:d0:23:
         2b:ab:62:2b:16:8d:4f:25:d2:1d:83:30:c8:4d:19:b9:68:84:
         58:47:10:84:26:69:d3:f2:48:22:77:dc:74:bd:63:d7:30:98:
         d9:64:38:30:8b:85:bf:f6:c8:74:a4:a5:74:a2:70:28:fe:f1:
         76:ca:31:c1:39:51:73:3b:7b:d8:e9:bf:34:05:62:e1:00:22:
         f8:3b:83:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30qdsH17n25lUio4FDM0OhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwMjI5MTEzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFjYzNmMDY4NTEwMzYwZWQ3Mjg3YmEwOTEwN2EwMGM1YjkyMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs96ox97dVJGqcfLy74vPaf8xNGte
buh8WuHHre/bDgelWGYm2vBehwyljJeqPMY4rwcq8mCiSbf0mex6rG9CVFUFo1Xq
qOdGuIIMcGHcA9Q/Tw/9Cy7TXb8VGKaQm6+jibdSIk9Hjaut0Smu0k75UZZCI41u
esnklKa3UzzB6qEY2PZ9+AFkR3WrGPfQv9ROzz0H7lJglexCknyqR1VMhQnoihDQ
yz/HamuHmtqiymo6uHBhNN+oqLnpdVgi7qRtd5KaOC6n5lhSBAk9bTPJLGBr/fuH
253au/PClpSzzvEapy6qCuEHmd3kqem9Ssmq7cY7E4vIEIJQgJNYRsqklQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgcw/BoUQNg7XKHugkQegDFuSLwMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvcUJ6RDhHaFJBMkR0Y29lNkNSQjZBTVc1SXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyulMA0G
CSqGSIb3DQEBCwUAA4IBAQCWUxKMhpGA98lVUMbGUgtpPW+B/i2aNMnRIzw+Dfzt
xfVurL1Pm19XjofITiNOoomm6HVEAm/KsTvrePbYHny6ZfsZ+e0aB8rHH002uTCR
hC91Ntoa5I9ThqS0PCQSxfx5ObMKrcMwl/fGj7t8oNNQrDqMM01b8NtGgKPsBe+S
5wmAihXpFhdFytf6Mv2AS0GnQohxe9is5AQlh1HxsGa2gFRC1BHUcCI6UKJVnQKM
nXUA0CMrq2IrFo1PJdIdgzDITRm5aIRYRxCEJmnT8kgid9x0vWPXMJjZZDgwi4W/
9sh0pKV0onAo/vF2yjHBOVFzO3vY6b80BWLhACL4O4NU
-----END CERTIFICATE-----