Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/s606dvasYhZDuf_qMKCXjDgC2Fg.roa
File:                     s606dvasYhZDuf_qMKCXjDgC2Fg.roa (raw, json)
Hash identifier:          Y1bRvY3ELjHN9kZmXzvqpL6lFkke/AIlo6nJCBIAXQM=
Subject key identifier:   B3:AD:3A:76:F6:AC:62:16:43:B9:FF:EA:30:A0:97:8C:38:02:D8:58
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       018CC649F3876362751FF90D7F47FEAAD0E9
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/s606dvasYhZDuf_qMKCXjDgC2Fg.roa
Signing time:             Mon 01 Jan 2024 18:29:44 +0000
ROA not before:           Mon 01 Jan 2024 18:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39089
IP address blocks:        31.133.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f3:87:63:62:75:1f:f9:0d:7f:47:fe:aa:d0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Jan  1 18:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3ad3a76f6ac621643b9ffea30a0978c3802d858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b2:72:ba:7f:01:e0:45:d1:b4:6b:d6:31:84:
                    10:7d:f3:bb:a1:2c:11:0d:0c:16:ea:36:02:c5:04:
                    0c:23:f8:07:09:50:f1:90:68:7b:f9:24:e3:a1:ea:
                    6d:12:90:53:9f:e3:fb:a0:df:28:3b:9e:b5:76:8e:
                    a5:65:ed:07:c7:06:90:3a:72:ad:7f:72:f6:b1:b0:
                    15:ed:37:69:f6:21:e8:81:5d:05:08:01:82:7f:d8:
                    9d:3c:4c:fd:77:4b:b8:4d:a4:22:37:cf:83:41:64:
                    13:fd:9b:73:26:49:04:c4:54:66:0e:52:95:d6:45:
                    6f:38:ad:1e:6a:9b:47:ba:5c:da:d8:85:43:45:6d:
                    87:c7:2c:aa:0d:c0:5a:6d:c3:75:46:5c:b5:f4:cf:
                    b8:a0:42:10:05:fa:67:f8:97:7a:c3:5a:2b:96:11:
                    d4:b9:07:7e:b7:b8:b7:d9:1c:39:9e:19:2e:8f:8f:
                    67:2e:a9:f2:ee:83:0b:b8:47:33:04:18:96:7b:2f:
                    67:7e:6c:16:71:5b:e4:67:6f:f2:ba:56:9c:af:89:
                    1f:7a:db:b1:60:67:d7:41:3c:dd:bb:8a:0c:7a:1c:
                    cb:79:dc:2a:5f:39:c0:b6:07:c8:f2:8f:07:30:80:
                    ae:dc:08:06:d2:87:32:1a:c4:f2:84:b7:36:5b:80:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AD:3A:76:F6:AC:62:16:43:B9:FF:EA:30:A0:97:8C:38:02:D8:58
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/s606dvasYhZDuf_qMKCXjDgC2Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:01:88:d9:c9:03:1b:8c:04:e8:a2:e6:45:e8:27:4c:57:41:
         b6:a3:c6:fc:8a:bd:8a:8d:ba:3a:65:a4:65:e9:66:28:3f:6a:
         c9:e3:23:87:4e:6b:8d:14:2e:cd:d0:f1:e5:6d:f5:35:5c:b6:
         a6:ea:e2:c9:43:17:0c:61:9b:be:e6:1b:83:86:b5:f5:33:a3:
         4a:78:a6:82:05:27:64:eb:be:25:8e:42:1e:3a:a1:3d:e9:15:
         e1:27:31:83:fe:f2:2e:a7:14:7a:b9:b6:60:61:c0:26:96:0d:
         91:8f:94:5e:a7:83:0f:c1:b3:5f:9a:5c:ed:f5:77:d9:36:7d:
         40:3c:95:d6:f1:53:01:65:79:b4:43:22:92:31:db:56:0b:19:
         22:63:77:c2:c3:9a:85:90:43:39:cd:35:1c:7d:1a:3d:08:37:
         b2:26:ca:6f:05:66:80:5d:76:2e:0a:4e:07:4a:9e:7f:6a:51:
         11:be:e6:75:5e:b0:2d:eb:50:ec:c8:84:4a:9a:31:5e:50:9d:
         87:7d:9d:c4:cf:56:5e:49:7c:3f:d8:f0:e3:72:a5:5f:29:59:
         04:54:ff:1c:50:5c:f2:b5:20:ca:0a:63:39:57:86:21:34:5e:
         52:a7:9b:dd:23:7b:30:3d:10:23:46:69:95:44:44:b3:b8:42:
         bf:78:2d:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSfOHY2J1H/kNf0f+qtDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjQwMTAxMTgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2FkM2E3NmY2YWM2MjE2NDNiOWZmZWEzMGEwOTc4YzM4MDJkODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLJyun8B4EXRtGvWMYQQffO7oSwR
DQwW6jYCxQQMI/gHCVDxkGh7+STjoeptEpBTn+P7oN8oO561do6lZe0HxwaQOnKt
f3L2sbAV7Tdp9iHogV0FCAGCf9idPEz9d0u4TaQiN8+DQWQT/ZtzJkkExFRmDlKV
1kVvOK0eaptHulza2IVDRW2HxyyqDcBabcN1Rly19M+4oEIQBfpn+Jd6w1orlhHU
uQd+t7i32Rw5nhkuj49nLqny7oMLuEczBBiWey9nfmwWcVvkZ2/yulacr4kfetux
YGfXQTzdu4oMehzLedwqXznAtgfI8o8HMICu3AgG0ocyGsTyhLc2W4A74wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOtOnb2rGIWQ7n/6jCgl4w4AthYMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvczYwNmR2YXNZaFpEdWZfcU1LQ1hqRGdDMkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4U4MA0G
CSqGSIb3DQEBCwUAA4IBAQBQAYjZyQMbjAToouZF6CdMV0G2o8b8ir2Kjbo6ZaRl
6WYoP2rJ4yOHTmuNFC7N0PHlbfU1XLam6uLJQxcMYZu+5huDhrX1M6NKeKaCBSdk
674ljkIeOqE96RXhJzGD/vIupxR6ubZgYcAmlg2Rj5Rep4MPwbNfmlzt9XfZNn1A
PJXW8VMBZXm0QyKSMdtWCxkiY3fCw5qFkEM5zTUcfRo9CDeyJspvBWaAXXYuCk4H
Sp5/alERvuZ1XrAt61DsyIRKmjFeUJ2HfZ3Ez1ZeSXw/2PDjcqVfKVkEVP8cUFzy
tSDKCmM5V4YhNF5Sp5vdI3swPRAjRmmVRESzuEK/eC3W
-----END CERTIFICATE-----