Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/DAMauTmzJz7QjZhuU10zBp28QQA.roa
File:                     DAMauTmzJz7QjZhuU10zBp28QQA.roa (raw, json)
Hash identifier:          NuirW3flQuKypAUeVPhzytvXIO1qTBCqvIvGoYMcqTs=
Subject key identifier:   0C:03:1A:B9:39:B3:27:3E:D0:8D:98:6E:53:5D:33:06:9D:BC:41:00
Certificate issuer:       /CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
Certificate serial:       018CC7942494D154976ECCDF101D54A21FC2
Authority key identifier: EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/DAMauTmzJz7QjZhuU10zBp28QQA.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202284
IP address blocks:        31.13.184.0/22 maxlen: 24
                          2a04:bb00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:24:94:d1:54:97:6e:cc:df:10:1d:54:a2:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c031ab939b3273ed08d986e535d33069dbc4100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2a:8f:52:91:c3:9b:c4:a2:6a:d8:9f:e0:3a:
                    90:bc:da:51:6e:ea:1a:7a:57:3a:db:76:fb:24:e7:
                    87:ce:8c:0a:43:05:26:ac:0a:0f:a0:ed:37:45:80:
                    a2:a8:64:f1:a9:f6:7e:54:9a:84:aa:ce:f6:5f:da:
                    46:3d:60:a3:e3:82:3e:ba:d0:43:cb:6e:c5:7e:a9:
                    ce:8a:0f:8a:ec:9f:65:ad:d8:a9:66:15:94:a7:b8:
                    d7:5e:6c:e7:e3:de:82:cc:0b:2a:2d:57:d6:13:24:
                    bf:1e:22:6c:61:4f:b3:17:27:3c:92:f1:2b:66:f3:
                    6e:63:04:27:34:d7:ff:74:0f:a4:97:40:a3:93:c7:
                    88:cd:46:40:5f:14:d3:4e:b5:b3:a0:47:92:71:0c:
                    30:e9:be:42:bd:a6:22:98:20:c2:3f:4c:5e:b1:23:
                    77:8c:1a:87:d8:93:ce:41:d7:16:93:f2:d7:18:00:
                    09:fc:3e:cb:7d:b0:80:30:13:3f:6e:34:af:83:f9:
                    3f:7c:f4:a5:8e:72:2a:7f:05:87:a4:33:64:39:27:
                    fd:71:87:73:3a:9f:85:0d:47:60:3a:83:0a:68:28:
                    0a:cd:13:e5:cf:c5:63:2a:19:6e:42:82:7b:fb:61:
                    5d:b3:e1:71:af:f8:f9:2f:12:d8:08:bf:31:3b:e4:
                    dc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:03:1A:B9:39:B3:27:3E:D0:8D:98:6E:53:5D:33:06:9D:BC:41:00
            X509v3 Authority Key Identifier:
                keyid:EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/DAMauTmzJz7QjZhuU10zBp28QQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.184.0/22
                IPv6:
                  2a04:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:74:26:9d:fc:0d:cd:0a:21:fd:b3:b6:96:23:36:93:05:ab:
         8c:0a:e1:95:3b:56:5c:4e:f3:6b:ac:b7:bf:2e:bd:62:5f:cb:
         bc:e9:28:ab:9f:19:07:c0:ff:2c:c7:28:10:53:ee:a3:8a:b4:
         1a:49:7c:24:76:86:ac:ae:e7:d3:0c:71:cc:15:c8:7a:cf:6b:
         0a:c8:0d:25:37:56:c8:cc:60:39:fe:23:8f:be:e3:94:57:35:
         e5:ea:f2:64:4e:1f:93:8f:e2:18:72:54:37:73:63:35:d7:49:
         e4:0c:35:8b:13:b4:21:2c:b5:80:f1:37:1d:a0:12:ff:6e:a4:
         06:a5:36:64:a9:ff:96:76:94:2a:9b:53:1e:b0:22:02:42:62:
         bc:fb:a7:c4:bf:88:fb:86:2a:6d:44:53:b2:f8:f4:20:8a:2b:
         8a:04:6e:9a:9d:ef:2e:05:54:de:a9:57:00:2c:5b:82:eb:f8:
         21:68:c4:6d:02:a5:06:f5:49:ae:86:c2:c2:c0:6e:4c:96:8c:
         51:80:f2:ba:26:0d:70:dc:88:1d:9b:5b:f1:19:db:fe:7f:2b:
         e8:ac:f2:69:c6:8b:f5:78:6c:a6:e6:56:53:04:8f:8a:99:2b:
         b7:49:55:55:4d:6b:f5:b3:70:71:dc:4b:25:21:fe:6d:05:32:
         7a:f0:3b:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlCSU0VSXbszfEB1Uoh/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDk1NzhlNDk4MjVjNDJmM2MxMzFiOTRjYjBmZGRlNWM3
OWFkNzcwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzAzMWFiOTM5YjMyNzNlZDA4ZDk4NmU1MzVkMzMwNjlkYmM0MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSqPUpHDm8Siatif4DqQvNpRbuoa
elc623b7JOeHzowKQwUmrAoPoO03RYCiqGTxqfZ+VJqEqs72X9pGPWCj44I+utBD
y27FfqnOig+K7J9lrdipZhWUp7jXXmzn496CzAsqLVfWEyS/HiJsYU+zFyc8kvEr
ZvNuYwQnNNf/dA+kl0Cjk8eIzUZAXxTTTrWzoEeScQww6b5CvaYimCDCP0xesSN3
jBqH2JPOQdcWk/LXGAAJ/D7LfbCAMBM/bjSvg/k/fPSljnIqfwWHpDNkOSf9cYdz
Op+FDUdgOoMKaCgKzRPlz8VjKhluQoJ7+2Fds+Fxr/j5LxLYCL8xO+TcvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAwDGrk5syc+0I2YblNdMwadvEEAMB8GA1UdIwQY
MBaAFO7ZV45JglxC88ExuUyw/d5cea13MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYt
M2UxMGQxYWI3NDA4LzEvREFNYXVUbXpKejdRalpodVUxMHpCcDI4UVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYtM2UxMGQxYWI3NDA4
LzEvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCHw24MA0E
AgACMAcDBQMqBLsAMA0GCSqGSIb3DQEBCwUAA4IBAQA8dCad/A3NCiH9s7aWIzaT
BauMCuGVO1ZcTvNrrLe/Lr1iX8u86SirnxkHwP8sxygQU+6jirQaSXwkdoasrufT
DHHMFch6z2sKyA0lN1bIzGA5/iOPvuOUVzXl6vJkTh+Tj+IYclQ3c2M110nkDDWL
E7QhLLWA8TcdoBL/bqQGpTZkqf+WdpQqm1MesCICQmK8+6fEv4j7hiptRFOy+PQg
iiuKBG6ane8uBVTeqVcALFuC6/ghaMRtAqUG9UmuhsLCwG5MloxRgPK6Jg1w3Igd
m1vxGdv+fyvorPJpxov1eGym5lZTBI+KmSu3SVVVTWv1s3Bx3EslIf5tBTJ68Duc
-----END CERTIFICATE-----