Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/531yUaqmvnRQXArtZxsVLTfrWOA.roa
File:                     531yUaqmvnRQXArtZxsVLTfrWOA.roa (raw, json)
Hash identifier:          38uNSZ7f9JAPLBqCMHitV0FZ+Toz22KHvHBYOwQ3+TU=
Subject key identifier:   E7:7D:72:51:AA:A6:BE:74:50:5C:0A:ED:67:1B:15:2D:37:EB:58:E0
Certificate issuer:       /CN=8504ebf9db1710a47bae4508cdaf8131e1674a54
Certificate serial:       018CC26D3EBA95C75F0EE56DD1629CEEA8F3
Authority key identifier: 85:04:EB:F9:DB:17:10:A4:7B:AE:45:08:CD:AF:81:31:E1:67:4A:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/531yUaqmvnRQXArtZxsVLTfrWOA.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        193.160.9.0/24 maxlen: 24
                          91.229.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3e:ba:95:c7:5f:0e:e5:6d:d1:62:9c:ee:a8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8504ebf9db1710a47bae4508cdaf8131e1674a54
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e77d7251aaa6be74505c0aed671b152d37eb58e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:79:d8:a5:53:e7:b2:fe:c4:82:50:db:71:71:
                    38:e8:55:f2:8c:d8:ce:1c:69:66:d3:7b:74:f6:b1:
                    85:a5:08:77:83:cc:a8:8f:2c:ef:04:7e:df:ff:b2:
                    12:58:97:02:77:28:df:85:46:09:46:e1:ef:9d:27:
                    9e:9f:70:66:ce:45:e6:95:42:4e:ab:75:f3:b3:52:
                    9f:5d:3d:8a:ac:9f:ff:2b:02:b6:da:6a:6c:60:a0:
                    eb:7d:76:1c:4b:03:98:c2:81:a2:4f:13:41:0a:85:
                    09:52:17:1c:19:4c:bf:b0:c4:42:05:61:1f:8f:4d:
                    84:d2:89:f9:39:d0:31:3e:03:2b:bb:c4:48:42:aa:
                    62:81:67:11:95:18:15:0a:b0:f5:09:71:51:bb:7a:
                    59:68:00:65:ef:51:1c:9b:a1:02:6d:dc:08:00:03:
                    62:96:ad:8c:bd:72:4b:28:a7:c9:7c:e9:6c:fc:e7:
                    8b:2a:5c:30:ea:83:cb:3e:07:9f:a7:d8:fd:46:e0:
                    86:94:d3:eb:45:1e:e5:1c:ce:bf:00:39:63:c0:5a:
                    14:68:77:93:13:8c:8e:ea:1c:39:08:99:bb:42:3a:
                    69:ee:06:75:c2:9a:69:ec:bf:4a:0e:04:90:ac:51:
                    5a:3e:ca:55:59:0f:67:3e:90:90:89:0b:54:74:b1:
                    f5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7D:72:51:AA:A6:BE:74:50:5C:0A:ED:67:1B:15:2D:37:EB:58:E0
            X509v3 Authority Key Identifier:
                keyid:85:04:EB:F9:DB:17:10:A4:7B:AE:45:08:CD:AF:81:31:E1:67:4A:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/531yUaqmvnRQXArtZxsVLTfrWOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.21.0/24
                  193.160.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:3c:eb:9b:7a:4a:80:fa:54:10:1c:1e:ed:13:ff:29:73:57:
         f7:35:37:d9:33:49:6b:e4:38:b7:4b:9d:3f:4e:bc:49:54:0e:
         1c:d1:26:44:1b:c1:b5:b4:4e:80:60:81:46:54:bd:18:07:43:
         65:d0:b7:b3:e2:5a:52:76:03:9e:6d:a9:20:94:71:2e:a0:48:
         b4:b4:de:23:fc:5d:54:33:e3:29:7c:1e:9d:7a:72:a1:e3:c4:
         0d:30:92:48:bd:78:6b:e4:e5:47:14:10:af:ab:27:7f:3f:32:
         94:60:e1:13:23:63:67:41:33:9d:aa:30:ee:41:14:85:c2:b3:
         a9:35:a5:ce:8d:ba:d9:2a:1f:c1:93:64:14:26:60:4c:8b:d2:
         89:7a:5b:9e:9f:c7:7b:6b:df:55:55:76:d4:1e:d6:89:6d:59:
         df:fc:d7:81:da:de:80:46:65:81:55:43:35:9c:6a:9d:52:68:
         58:aa:40:db:de:5b:0b:6f:b9:55:05:f5:2d:e2:ca:bc:fc:e2:
         af:6a:e9:ee:56:ba:4a:8b:8a:d0:73:e0:de:40:f9:8e:c8:cc:
         c5:a8:9b:1c:56:05:0c:5c:97:1c:12:1a:42:de:7e:d9:0c:a0:
         cd:ac:2e:13:0a:0f:97:ac:cc:8d:46:df:9a:83:2c:bc:5f:7b:
         c3:46:7a:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbT66lcdfDuVt0WKc7qjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MDRlYmY5ZGIxNzEwYTQ3YmFlNDUwOGNkYWY4MTMxZTE2
NzRhNTQwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzdkNzI1MWFhYTZiZTc0NTA1YzBhZWQ2NzFiMTUyZDM3ZWI1OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3nYpVPnsv7EglDbcXE46FXyjNjO
HGlm03t09rGFpQh3g8yojyzvBH7f/7ISWJcCdyjfhUYJRuHvnSeen3BmzkXmlUJO
q3Xzs1KfXT2KrJ//KwK22mpsYKDrfXYcSwOYwoGiTxNBCoUJUhccGUy/sMRCBWEf
j02E0on5OdAxPgMru8RIQqpigWcRlRgVCrD1CXFRu3pZaABl71Ecm6ECbdwIAANi
lq2MvXJLKKfJfOls/OeLKlww6oPLPgefp9j9RuCGlNPrRR7lHM6/ADljwFoUaHeT
E4yO6hw5CJm7Qjpp7gZ1wppp7L9KDgSQrFFaPspVWQ9nPpCQiQtUdLH1QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOd9clGqpr50UFwK7WcbFS0361jgMB8GA1UdIwQY
MBaAFIUE6/nbFxCke65FCM2vgTHhZ0pUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFFUci1kc1hFS1I3cmtVSXphLUJNZUZuU2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83ZWZlMDEtZWM3NC00MGFjLWEyMzgt
YTliMWRmNDRjZTJmLzEvNTMxeVVhcW12blJRWEFydFp4c1ZMVGZyV09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83ZWZlMDEtZWM3NC00MGFjLWEyMzgtYTliMWRmNDRjZTJm
LzEvaFFUci1kc1hFS1I3cmtVSXphLUJNZUZuU2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+UVAwQA
waAJMA0GCSqGSIb3DQEBCwUAA4IBAQDFPOubekqA+lQQHB7tE/8pc1f3NTfZM0lr
5Di3S50/TrxJVA4c0SZEG8G1tE6AYIFGVL0YB0Nl0Lez4lpSdgOebakglHEuoEi0
tN4j/F1UM+MpfB6denKh48QNMJJIvXhr5OVHFBCvqyd/PzKUYOETI2NnQTOdqjDu
QRSFwrOpNaXOjbrZKh/Bk2QUJmBMi9KJeluen8d7a99VVXbUHtaJbVnf/NeB2t6A
RmWBVUM1nGqdUmhYqkDb3lsLb7lVBfUt4sq8/OKvaunuVrpKi4rQc+DeQPmOyMzF
qJscVgUMXJccEhpC3n7ZDKDNrC4TCg+XrMyNRt+agyy8X3vDRnrQ
-----END CERTIFICATE-----