Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Xk8XF_H94v2lh-jthmDRv46_gI4.roa
File:                     Xk8XF_H94v2lh-jthmDRv46_gI4.roa (raw, json)
Hash identifier:          jiqzdpLZQvUVAKj9J4hydf2qg+DHR2E49kmZChsVCR0=
Subject key identifier:   5E:4F:17:17:F1:FD:E2:FD:A5:87:E8:ED:86:60:D1:BF:8E:BF:80:8E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255B3DFC06A538F84B6EBD71E3C199
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Xk8XF_H94v2lh-jthmDRv46_gI4.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36352
IP address blocks:        194.31.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:3d:fc:06:a5:38:f8:4b:6e:bd:71:e3:c1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4f1717f1fde2fda587e8ed8660d1bf8ebf808e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1a:da:90:0a:7e:2e:29:e5:fa:63:ca:4b:94:
                    42:7f:bd:61:e5:be:56:d6:da:19:86:36:4a:a1:6d:
                    29:7d:4f:90:f3:4c:24:a8:65:f3:3a:e0:5e:75:32:
                    14:dd:9f:1a:3c:66:6e:c4:d8:7f:43:f3:4a:9d:fc:
                    5c:af:36:4b:d3:3d:3c:63:c2:34:02:53:8f:67:84:
                    1c:af:42:a9:3f:37:1e:b1:07:72:fe:7c:c3:2e:be:
                    dd:14:1a:43:e6:9c:9d:77:9e:b4:09:ab:12:9c:14:
                    ad:58:de:4b:68:9f:9d:ed:38:da:fe:39:4b:26:72:
                    2d:4a:b0:ed:2b:b2:09:60:79:2f:3b:89:eb:14:66:
                    94:5f:2c:1a:47:71:c0:ee:b4:ee:71:f6:97:96:fb:
                    50:3a:82:50:50:4a:37:8c:69:61:1b:38:b4:7c:cd:
                    bc:ac:90:ac:30:56:84:6d:67:6c:c4:93:56:1c:e1:
                    93:9c:6a:11:42:d8:1a:20:cf:35:70:0a:a1:31:ac:
                    af:c8:f4:c1:b3:68:91:c2:8b:da:66:f6:1b:3c:96:
                    13:d3:8b:5b:c5:3a:f5:ce:33:31:38:d0:cd:43:92:
                    d7:52:31:d3:07:24:fd:f8:80:33:f6:fc:c8:90:93:
                    87:6e:09:53:61:74:f6:f0:f4:cc:c7:0c:af:a7:54:
                    84:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4F:17:17:F1:FD:E2:FD:A5:87:E8:ED:86:60:D1:BF:8E:BF:80:8E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Xk8XF_H94v2lh-jthmDRv46_gI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3c:51:3a:46:54:1c:98:b2:e0:92:73:7a:98:f9:e2:c4:9f:
         3d:b5:97:90:2c:84:bb:c0:50:fe:f9:0d:dc:20:c7:de:31:5a:
         2e:c4:eb:65:af:07:b2:b4:fc:f7:e8:7e:97:3e:fc:8d:ab:05:
         5d:d3:05:1f:3a:15:55:a0:97:94:73:3a:03:00:9c:44:28:28:
         5f:a9:a2:2f:22:fc:62:ec:b8:eb:34:34:03:af:0b:23:88:6f:
         cd:ed:d8:9b:d3:11:16:64:86:69:ed:63:b2:49:ba:5e:ed:64:
         19:94:a6:52:31:44:90:f8:0a:e3:df:e4:9f:09:7c:31:df:4d:
         ba:3f:67:b6:d1:4e:d9:07:98:b5:a5:29:a3:4f:97:97:6e:e9:
         7e:3e:50:d8:2d:7a:00:01:09:15:35:7f:99:0e:69:7a:58:04:
         fc:e2:dc:4c:82:ad:b1:50:77:95:53:62:9b:ae:36:3a:15:46:
         f2:a7:2a:8c:67:ed:8c:1c:a7:c0:82:49:bf:59:50:6e:3e:33:
         67:cb:dc:32:11:8f:11:81:20:32:8d:cc:49:88:99:5b:33:ea:
         5a:02:f7:ce:e7:3a:f2:c7:b3:89:36:1a:0c:f9:67:10:47:a5:
         09:b2:60:0a:2d:38:4d:18:3d:14:9f:c2:fe:e2:73:cd:a8:6e:
         92:bd:2b:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVs9/AalOPhLbr1x48GZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRmMTcxN2YxZmRlMmZkYTU4N2U4ZWQ4NjYwZDFiZjhlYmY4MDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBrakAp+Linl+mPKS5RCf71h5b5W
1toZhjZKoW0pfU+Q80wkqGXzOuBedTIU3Z8aPGZuxNh/Q/NKnfxcrzZL0z08Y8I0
AlOPZ4Qcr0KpPzcesQdy/nzDLr7dFBpD5pydd560CasSnBStWN5LaJ+d7Tja/jlL
JnItSrDtK7IJYHkvO4nrFGaUXywaR3HA7rTucfaXlvtQOoJQUEo3jGlhGzi0fM28
rJCsMFaEbWdsxJNWHOGTnGoRQtgaIM81cAqhMayvyPTBs2iRwovaZvYbPJYT04tb
xTr1zjMxONDNQ5LXUjHTByT9+IAz9vzIkJOHbglTYXT28PTMxwyvp1SEswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5PFxfx/eL9pYfo7YZg0b+Ov4COMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvWGs4WEZfSDk0djJsaC1qdGhtRFJ2NDZfZ0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCvPFE6RlQcmLLgknN6mPnixJ89tZeQLIS7wFD++Q3c
IMfeMVouxOtlrweytPz36H6XPvyNqwVd0wUfOhVVoJeUczoDAJxEKChfqaIvIvxi
7LjrNDQDrwsjiG/N7dib0xEWZIZp7WOySbpe7WQZlKZSMUSQ+Arj3+SfCXwx3026
P2e20U7ZB5i1pSmjT5eXbul+PlDYLXoAAQkVNX+ZDml6WAT84txMgq2xUHeVU2Kb
rjY6FUbypyqMZ+2MHKfAgkm/WVBuPjNny9wyEY8RgSAyjcxJiJlbM+paAvfO5zry
x7OJNhoM+WcQR6UJsmAKLThNGD0Un8L+4nPNqG6SvSub
-----END CERTIFICATE-----