Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/rN31QMMD6hcyDtQQjiJaOxnLNXE.roa
File:                     rN31QMMD6hcyDtQQjiJaOxnLNXE.roa (raw, json)
Hash identifier:          QHCnSQKSWHpGgjN5p8DQcMxBf77cUuFEzjsxXItvxoU=
Subject key identifier:   AC:DD:F5:40:C3:03:EA:17:32:0E:D4:10:8E:22:5A:3B:19:CB:35:71
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0192D331EAECD734595980EBD4128F315717
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/rN31QMMD6hcyDtQQjiJaOxnLNXE.roa
Signing time:             Mon 28 Oct 2024 12:55:16 +0000
ROA not before:           Mon 28 Oct 2024 12:55:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13237
IP address blocks:        89.19.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:31:ea:ec:d7:34:59:59:80:eb:d4:12:8f:31:57:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Oct 28 12:55:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acddf540c303ea17320ed4108e225a3b19cb3571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:74:ca:42:2b:16:4c:5d:87:6c:70:1d:02:59:
                    e0:eb:79:e5:43:0b:66:43:02:99:14:e2:85:79:d9:
                    c9:f8:48:40:43:8c:f9:67:5a:80:63:41:64:89:fd:
                    88:6e:e3:f1:71:98:b5:94:f6:c5:cc:44:ba:2e:3f:
                    c1:c1:4a:93:f9:32:00:85:28:36:6b:d6:a6:c1:dd:
                    07:69:db:85:fb:82:2e:eb:10:0d:16:47:c0:4d:35:
                    f6:3f:40:b3:f0:7c:ff:74:b9:9d:72:90:8d:3d:cb:
                    59:6d:05:e6:88:3a:df:96:4a:fb:4f:05:47:32:02:
                    be:1f:1c:74:5b:83:31:9d:b6:d2:bf:66:d7:7a:44:
                    14:98:60:51:de:f8:b8:b7:9d:34:94:99:e9:40:f3:
                    0f:2a:f2:3d:e3:3e:b4:c0:6f:c3:17:75:b5:92:18:
                    b6:6d:14:38:bb:a8:03:3a:d8:db:cb:fc:9d:85:26:
                    fb:21:20:d5:5f:11:0b:75:11:12:e3:80:36:0b:43:
                    e4:0a:6d:fb:a7:b7:48:b9:ba:1b:df:06:f3:0b:4b:
                    3e:36:a7:48:21:04:09:4e:91:5b:37:e6:9f:1e:17:
                    e0:e4:a9:8b:aa:eb:d2:f0:e5:69:64:db:c1:16:ef:
                    ae:de:28:31:4c:5a:81:4e:c3:2d:48:8b:ed:47:48:
                    e8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DD:F5:40:C3:03:EA:17:32:0E:D4:10:8E:22:5A:3B:19:CB:35:71
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/rN31QMMD6hcyDtQQjiJaOxnLNXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:da:42:8e:cc:31:c4:ab:47:a3:cf:dd:77:2f:1b:02:ba:29:
         c2:8e:79:d8:77:47:d3:81:b8:a6:7c:de:d7:46:da:2c:27:3e:
         1a:e8:b6:7f:f0:46:a3:2c:82:0b:a1:cc:66:8a:42:d0:b3:0f:
         86:41:f9:89:69:bd:c2:54:70:6c:83:43:57:41:e2:8e:7f:8a:
         7b:fd:7c:88:e3:a9:f3:48:1e:fe:4d:c3:a4:37:6b:d1:91:b0:
         54:18:4c:72:0a:ca:35:9c:61:a4:bc:06:b2:58:c7:b7:86:80:
         e5:cd:86:90:38:7c:c2:1a:18:de:18:c0:0b:86:93:ee:e2:bf:
         47:79:13:7a:9d:43:91:b7:e9:c6:74:18:eb:cc:09:0b:cb:92:
         fd:59:9b:b3:66:f2:53:d8:95:cd:32:7f:25:c7:a6:d1:ff:a9:
         b4:10:20:d6:1c:a3:9a:28:0e:b4:bb:0f:aa:c5:1a:55:6a:aa:
         2b:06:0b:c7:2c:80:41:10:2c:fd:4e:c1:3a:a8:ac:02:33:1f:
         8f:29:17:47:48:09:e9:6b:d3:9c:15:0e:f2:42:59:9b:5f:23:
         50:8b:b2:e3:ad:d7:24:31:c7:f8:db:b7:6c:f2:f0:e5:9b:ea:
         b4:0a:20:d9:17:bf:f6:bd:bb:33:2e:9d:13:9d:ef:82:95:dc:
         5e:b3:23:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTMers1zRZWYDr1BKPMVcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQxMDI4MTI1NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RkZjU0MGMzMDNlYTE3MzIwZWQ0MTA4ZTIyNWEzYjE5Y2IzNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03TKQisWTF2HbHAdAlng63nlQwtm
QwKZFOKFednJ+EhAQ4z5Z1qAY0Fkif2IbuPxcZi1lPbFzES6Lj/BwUqT+TIAhSg2
a9amwd0HaduF+4Iu6xANFkfATTX2P0Cz8Hz/dLmdcpCNPctZbQXmiDrflkr7TwVH
MgK+Hxx0W4MxnbbSv2bXekQUmGBR3vi4t500lJnpQPMPKvI94z60wG/DF3W1khi2
bRQ4u6gDOtjby/ydhSb7ISDVXxELdRES44A2C0PkCm37p7dIubob3wbzC0s+NqdI
IQQJTpFbN+afHhfg5KmLquvS8OVpZNvBFu+u3igxTFqBTsMtSIvtR0jotwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzd9UDDA+oXMg7UEI4iWjsZyzVxMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvck4zMVFNTUQ2aGN5RHRRUWppSmFPeG5MTlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRPoMA0G
CSqGSIb3DQEBCwUAA4IBAQB/2kKOzDHEq0ejz913LxsCuinCjnnYd0fTgbimfN7X
RtosJz4a6LZ/8EajLIILocxmikLQsw+GQfmJab3CVHBsg0NXQeKOf4p7/XyI46nz
SB7+TcOkN2vRkbBUGExyCso1nGGkvAayWMe3hoDlzYaQOHzCGhjeGMALhpPu4r9H
eRN6nUORt+nGdBjrzAkLy5L9WZuzZvJT2JXNMn8lx6bR/6m0ECDWHKOaKA60uw+q
xRpVaqorBgvHLIBBECz9TsE6qKwCMx+PKRdHSAnpa9OcFQ7yQlmbXyNQi7Ljrdck
Mcf427ds8vDlm+q0CiDZF7/2vbszLp0Tne+CldxesyOn
-----END CERTIFICATE-----