Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/IQUZXLY6K67qzLL00qlDFTbFI4A.roa
File:                     IQUZXLY6K67qzLL00qlDFTbFI4A.roa (raw, json)
Hash identifier:          i2LGBUVywZvEpk4/SQtTLQRcaaA6Wtozsw7OWiT8sfs=
Subject key identifier:   21:05:19:5C:B6:3A:2B:AE:EA:CC:B2:F4:D2:A9:43:15:36:C5:23:80
Certificate issuer:       /CN=4de70403c9d2d7962cf113d93c462f9493d87362
Certificate serial:       018CCA2A53885B539E1A7ACC502D41D3FB2B
Authority key identifier: 4D:E7:04:03:C9:D2:D7:96:2C:F1:13:D9:3C:46:2F:94:93:D8:73:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TecEA8nS15Ys8RPZPEYvlJPYc2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/IQUZXLY6K67qzLL00qlDFTbFI4A.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.31.2.0/24 maxlen: 24
                          185.31.0.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/TecEA8nS15Ys8RPZPEYvlJPYc2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/TecEA8nS15Ys8RPZPEYvlJPYc2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TecEA8nS15Ys8RPZPEYvlJPYc2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:53:88:5b:53:9e:1a:7a:cc:50:2d:41:d3:fb:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4de70403c9d2d7962cf113d93c462f9493d87362
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2105195cb63a2baeeaccb2f4d2a9431536c52380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:29:86:24:e6:80:a8:43:8d:25:a3:e6:56:cd:
                    75:06:98:1f:c3:a1:22:28:49:1f:5b:c3:bf:32:f5:
                    93:9a:51:c4:d7:42:5c:5b:5c:5b:60:c6:53:e8:99:
                    fc:2b:ad:bc:2e:86:bb:e7:d5:3f:c2:f6:51:30:d0:
                    f9:c6:54:22:cd:f9:ab:69:30:e5:c9:00:73:96:2d:
                    28:83:b5:b4:cd:75:b0:a1:4d:92:98:f9:87:c3:ff:
                    46:b1:49:47:0f:a1:78:1a:09:c6:f2:47:f4:af:ad:
                    19:5c:2b:3a:e6:1b:70:a9:00:a2:63:14:e0:a0:fb:
                    66:ea:1f:ef:96:12:47:a1:24:93:b5:dc:d5:60:bd:
                    92:20:16:5c:d6:ba:53:6c:24:2b:4b:46:09:0f:f5:
                    27:76:ab:42:f4:3c:91:9f:f3:6b:fb:21:4b:e8:1f:
                    ef:ad:5e:80:32:02:b6:73:9f:37:da:6b:27:de:ae:
                    68:1e:b6:de:27:4a:35:63:b0:bf:50:92:83:a2:d4:
                    45:42:7b:2c:af:7e:00:ca:19:98:d9:db:6a:c2:89:
                    2c:5c:97:91:3a:87:37:a6:14:ba:8c:60:34:24:0e:
                    c3:e3:15:20:17:4d:a4:89:c5:64:d3:93:5b:cc:cb:
                    68:15:a0:fe:1a:04:84:8c:51:6b:5f:4c:5f:ba:8a:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:05:19:5C:B6:3A:2B:AE:EA:CC:B2:F4:D2:A9:43:15:36:C5:23:80
            X509v3 Authority Key Identifier:
                keyid:4D:E7:04:03:C9:D2:D7:96:2C:F1:13:D9:3C:46:2F:94:93:D8:73:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TecEA8nS15Ys8RPZPEYvlJPYc2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/IQUZXLY6K67qzLL00qlDFTbFI4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/250127-85d7-46b4-8865-bf0da5e8ce7f/1/TecEA8nS15Ys8RPZPEYvlJPYc2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.0.0-185.31.2.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:3c:ac:8a:d9:3b:08:c8:4e:e8:2c:c4:8d:f9:80:b3:37:b3:
         ab:b7:06:d4:4a:95:1a:77:a4:58:9f:2d:e8:9d:6a:84:74:94:
         74:1d:01:7a:3c:49:f6:2e:ba:a6:0b:c3:e2:48:7d:67:ae:c3:
         e2:4c:2d:0f:e0:46:12:28:89:5e:22:7d:be:a9:83:13:84:e2:
         24:1d:d3:70:f9:65:49:1b:44:b0:7d:f9:64:77:f7:97:30:d7:
         d5:64:a7:b4:58:fa:5a:55:f3:79:33:c0:e9:36:3e:3e:5c:71:
         e5:0c:c5:aa:3b:b0:d1:49:0b:f7:0b:21:1d:4a:ba:43:7a:c5:
         41:ff:32:26:ef:1b:f2:d5:59:44:7f:47:86:d2:c3:1b:6e:2c:
         ab:a6:58:4a:0c:cd:9e:f0:7c:77:4f:2a:de:55:37:d7:57:70:
         82:66:cc:64:c6:37:1d:6f:88:6c:5a:0b:b4:d0:6a:7b:eb:8c:
         1a:cf:51:7e:92:57:34:74:ca:04:1c:1d:4b:17:34:79:7f:63:
         2c:69:51:e4:66:94:52:c7:5f:00:a6:25:4f:3f:33:89:73:c2:
         9c:19:53:97:98:6f:0d:dc:9b:8d:68:39:28:db:12:a0:57:cf:
         8b:72:fc:72:be:76:a7:43:b1:f6:d6:58:0d:32:14:00:39:71:
         44:9c:b2:56
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzKKlOIW1OeGnrMUC1B0/srMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZTcwNDAzYzlkMmQ3OTYyY2YxMTNkOTNjNDYyZjk0OTNk
ODczNjIwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA1MTk1Y2I2M2EyYmFlZWFjY2IyZjRkMmE5NDMxNTM2YzUyMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSmGJOaAqEONJaPmVs11Bpgfw6Ei
KEkfW8O/MvWTmlHE10JcW1xbYMZT6Jn8K628Loa759U/wvZRMND5xlQizfmraTDl
yQBzli0og7W0zXWwoU2SmPmHw/9GsUlHD6F4GgnG8kf0r60ZXCs65htwqQCiYxTg
oPtm6h/vlhJHoSSTtdzVYL2SIBZc1rpTbCQrS0YJD/UndqtC9DyRn/Nr+yFL6B/v
rV6AMgK2c5832msn3q5oHrbeJ0o1Y7C/UJKDotRFQnssr34AyhmY2dtqwoksXJeR
Ooc3phS6jGA0JA7D4xUgF02kicVk05NbzMtoFaD+GgSEjFFrX0xfuoq0jQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFCEFGVy2Oiuu6syy9NKpQxU2xSOAMB8GA1UdIwQY
MBaAFE3nBAPJ0teWLPET2TxGL5ST2HNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGVjRUE4blMxNVlzOFJQWlBFWXZsSlBZYzJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yNTAxMjctODVkNy00NmI0LTg4NjUt
YmYwZGE1ZThjZTdmLzEvSVFVWlhMWTZLNjdxekxMMDBxbERGVGJGSTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yNTAxMjctODVkNy00NmI0LTg4NjUtYmYwZGE1ZThjZTdm
LzEvVGVjRUE4blMxNVlzOFJQWlBFWXZsSlBZYzJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwC5HwME
ALkfAjANBgkqhkiG9w0BAQsFAAOCAQEALjysitk7CMhO6CzEjfmAszezq7cG1EqV
GnekWJ8t6J1qhHSUdB0BejxJ9i66pgvD4kh9Z67D4kwtD+BGEiiJXiJ9vqmDE4Ti
JB3TcPllSRtEsH35ZHf3lzDX1WSntFj6WlXzeTPA6TY+Plxx5QzFqjuw0UkL9wsh
HUq6Q3rFQf8yJu8b8tVZRH9HhtLDG24sq6ZYSgzNnvB8d08q3lU311dwgmbMZMY3
HW+IbFoLtNBqe+uMGs9RfpJXNHTKBBwdSxc0eX9jLGlR5GaUUsdfAKYlTz8ziXPC
nBlTl5hvDdybjWg5KNsSoFfPi3L8cr52p0Ox9tZYDTIUADlxRJyyVg==
-----END CERTIFICATE-----