Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/RycV49rX90Et0Y2iDDfrXugVtL0.roa
File:                     RycV49rX90Et0Y2iDDfrXugVtL0.roa (raw, json)
Hash identifier:          E/yq0WYOr+P4EEe4vQVRf1WSYaREKrp0ptgB4tc1NzY=
Subject key identifier:   47:27:15:E3:DA:D7:F7:41:2D:D1:8D:A2:0C:37:EB:5E:E8:15:B4:BD
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       018CC2DAE83DD0EC355CBBC0C44AC0ACD84F
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/RycV49rX90Et0Y2iDDfrXugVtL0.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216136
IP address blocks:        194.31.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e8:3d:d0:ec:35:5c:bb:c0:c4:4a:c0:ac:d8:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=472715e3dad7f7412dd18da20c37eb5ee815b4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e3:46:23:47:2e:09:7c:3b:07:82:ed:e0:0b:
                    40:a3:ff:ac:57:e0:d0:7b:7e:b4:32:50:b6:cc:75:
                    9e:24:be:7b:01:64:3e:de:0c:18:7a:a6:c8:b7:69:
                    27:18:da:96:b9:25:47:ff:12:37:af:3a:0e:8f:96:
                    76:40:1f:45:f7:b8:99:db:0a:a9:07:a8:21:ab:c0:
                    92:6f:6e:ad:a1:ff:3a:2f:bc:45:3c:78:f7:11:2d:
                    c0:cd:f9:e2:bb:5e:5a:aa:28:8f:23:b4:20:4e:b3:
                    4d:e3:8d:99:71:bd:30:0a:17:cd:54:20:73:75:04:
                    7d:90:1c:4d:42:a9:2c:d3:e0:4a:0b:05:ad:c0:e8:
                    85:df:16:70:32:1d:a0:24:6b:a7:30:b0:87:ab:c1:
                    ea:8e:bb:e0:28:6b:c0:e0:4b:27:e6:d3:a9:45:8d:
                    2c:b2:98:3f:87:50:fa:f8:8a:98:dd:3f:f0:7a:9f:
                    bf:de:2c:4c:65:44:5e:cc:6c:d9:79:9f:87:b5:6e:
                    a2:8f:d0:86:28:ba:e0:12:7f:5c:d0:48:f0:67:71:
                    2d:fd:d5:3a:44:f9:62:f9:b2:75:af:2f:62:15:bb:
                    11:22:54:a7:08:b5:47:f2:79:47:5c:46:7e:81:90:
                    cc:f0:46:01:15:fe:37:ed:48:c1:28:3c:f5:fc:5a:
                    ba:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:27:15:E3:DA:D7:F7:41:2D:D1:8D:A2:0C:37:EB:5E:E8:15:B4:BD
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/RycV49rX90Et0Y2iDDfrXugVtL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:a9:84:30:60:43:26:06:37:85:65:33:b1:04:11:b4:80:a3:
         4d:da:37:8f:d8:70:29:da:7a:df:62:67:1d:f2:9d:2b:1a:a7:
         5e:b1:c0:8b:63:29:2a:63:f7:db:2b:48:ff:33:14:40:a6:48:
         0c:89:95:0c:6c:1b:55:e0:9e:9a:dd:d0:2a:27:48:7b:e1:75:
         00:ae:d9:2d:a9:dd:4c:78:05:17:63:42:9f:5d:80:3d:cd:e9:
         c2:da:4e:31:46:93:25:7e:25:d0:cb:47:35:5e:56:e6:cc:e4:
         3a:6d:cc:9e:dc:92:74:50:42:6e:88:57:b2:7e:89:63:51:c4:
         af:4c:70:2c:ee:2d:8e:cd:d9:66:65:bc:e3:93:8a:8f:b1:80:
         64:57:0c:ba:09:d9:26:bd:14:f2:de:de:92:a9:e8:e5:87:a2:
         32:cc:4d:ba:e0:a9:8c:bb:ca:ff:14:85:cb:85:fa:22:8f:87:
         c7:99:82:8c:23:4f:66:5c:9a:39:24:d4:e3:31:d9:f4:a2:fc:
         cd:75:d8:da:db:35:93:ba:f9:24:07:aa:e6:72:9f:86:35:52:
         1d:51:fc:e9:19:59:da:c7:64:7e:f8:9f:ee:30:ad:38:f1:1a:
         00:59:fd:72:72:c6:ba:89:2e:72:97:07:e6:8e:38:de:8e:0a:
         80:c1:1e:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ug90Ow1XLvAxErArNhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzI3MTVlM2RhZDdmNzQxMmRkMThkYTIwYzM3ZWI1ZWU4MTViNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluNGI0cuCXw7B4Lt4AtAo/+sV+DQ
e360MlC2zHWeJL57AWQ+3gwYeqbIt2knGNqWuSVH/xI3rzoOj5Z2QB9F97iZ2wqp
B6ghq8CSb26tof86L7xFPHj3ES3Azfniu15aqiiPI7QgTrNN442Zcb0wChfNVCBz
dQR9kBxNQqks0+BKCwWtwOiF3xZwMh2gJGunMLCHq8HqjrvgKGvA4Esn5tOpRY0s
spg/h1D6+IqY3T/wep+/3ixMZURezGzZeZ+HtW6ij9CGKLrgEn9c0EjwZ3Et/dU6
RPli+bJ1ry9iFbsRIlSnCLVH8nlHXEZ+gZDM8EYBFf437UjBKDz1/Fq6eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcnFePa1/dBLdGNogw3617oFbS9MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvUnljVjQ5clg5MEV0MFkyaUREZnJYdWdWdEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+GMA0G
CSqGSIb3DQEBCwUAA4IBAQBvqYQwYEMmBjeFZTOxBBG0gKNN2jeP2HAp2nrfYmcd
8p0rGqdescCLYykqY/fbK0j/MxRApkgMiZUMbBtV4J6a3dAqJ0h74XUArtktqd1M
eAUXY0KfXYA9zenC2k4xRpMlfiXQy0c1XlbmzOQ6bcye3JJ0UEJuiFeyfoljUcSv
THAs7i2OzdlmZbzjk4qPsYBkVwy6CdkmvRTy3t6Sqejlh6IyzE264KmMu8r/FIXL
hfoij4fHmYKMI09mXJo5JNTjMdn0ovzNddja2zWTuvkkB6rmcp+GNVIdUfzpGVna
x2R++J/uMK048RoAWf1ycsa6iS5ylwfmjjjejgqAwR44
-----END CERTIFICATE-----