Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/rP0glkzn5umuax6EBB28TtLnuIw.roa
File:                     rP0glkzn5umuax6EBB28TtLnuIw.roa (raw, json)
Hash identifier:          cCBJ8eY7Ov0nQAthxEekdXrxeT6OkNgSzrqZ6F9puWs=
Subject key identifier:   AC:FD:20:96:4C:E7:E6:E9:AE:6B:1E:84:04:1D:BC:4E:D2:E7:B8:8C
Certificate issuer:       /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial:       018CC4253DCA4711212BAC74D88AE2ECAE29
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/rP0glkzn5umuax6EBB28TtLnuIw.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36351
IP address blocks:        31.24.225.0/24 maxlen: 24
                          2a02:2498:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3d:ca:47:11:21:2b:ac:74:d8:8a:e2:ec:ae:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acfd20964ce7e6e9ae6b1e84041dbc4ed2e7b88c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:09:3e:c3:1b:83:b9:ea:63:f4:7b:da:f9:49:
                    28:b1:c7:37:95:43:ce:cd:45:77:37:f4:7b:5e:10:
                    fd:a3:fd:9c:ff:40:f3:90:06:ac:44:31:6b:be:61:
                    c8:e9:e9:fe:04:7c:ac:02:2f:59:66:13:61:e0:b4:
                    1e:16:8b:4d:4b:af:b1:fb:92:24:d9:34:17:0b:8a:
                    7c:88:56:8c:30:e6:23:cc:8d:54:0f:8a:f9:ef:b7:
                    f6:4c:75:e2:22:00:a1:44:8a:2b:55:28:dd:15:90:
                    c0:9c:c6:5a:f8:3b:28:38:a2:ed:df:86:b3:78:77:
                    33:1a:3f:78:04:2a:45:54:2f:53:d3:5c:75:d4:a3:
                    4e:dd:c4:4d:19:e1:19:2a:40:eb:b5:7b:fc:c7:e4:
                    63:96:88:66:0c:78:95:c7:ba:38:d3:d8:ed:27:53:
                    72:17:54:88:c0:00:5d:97:55:06:67:05:3d:5c:1f:
                    e8:cb:1c:2a:2f:41:91:f2:95:48:c4:d5:da:e7:14:
                    23:7b:e2:0f:35:70:70:65:87:58:05:04:37:ee:65:
                    7e:96:36:7c:2c:94:2e:09:40:77:3b:3d:97:a5:7b:
                    b0:c8:49:f4:f8:80:42:d0:0a:bc:5a:26:72:24:64:
                    e1:e6:3b:1c:fc:34:f7:2b:77:63:82:f3:a5:00:2c:
                    7c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FD:20:96:4C:E7:E6:E9:AE:6B:1E:84:04:1D:BC:4E:D2:E7:B8:8C
            X509v3 Authority Key Identifier:
                keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/rP0glkzn5umuax6EBB28TtLnuIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.225.0/24
                IPv6:
                  2a02:2498:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:a1:98:a2:6f:b0:65:8c:48:ba:7b:2b:ae:f0:fc:f3:68:2c:
         02:4a:92:d7:05:fe:cb:52:80:d2:a5:9d:81:23:fd:f2:33:d7:
         16:78:2b:59:83:6e:10:b0:3e:8f:9b:b8:ed:31:ed:b4:b8:de:
         ff:5e:4b:dd:94:cb:ee:56:fe:68:45:f2:f2:1c:0b:0a:f5:4f:
         d3:b6:79:ea:32:e9:83:4d:ff:6d:62:0a:0d:db:a5:2d:9a:59:
         f1:f3:69:07:36:0d:5c:38:ee:2c:30:14:1a:57:61:5d:37:18:
         a5:62:31:3b:c6:46:3c:82:6d:5e:0c:6c:d8:33:04:f4:0d:2d:
         b2:e2:46:c5:e4:d8:ec:44:65:d0:38:af:43:a5:c2:b2:d1:59:
         63:bf:ad:db:1f:91:c4:90:4c:20:20:1b:9c:5d:5b:17:e7:21:
         5f:61:8c:be:97:af:54:aa:20:97:be:a7:a5:90:9f:61:9b:0f:
         40:fc:08:83:f9:df:61:a2:f6:d6:10:6a:87:aa:23:b6:73:55:
         49:8f:13:02:c2:f8:84:2c:5b:a2:c0:07:b9:c0:5f:32:cc:ab:
         ca:ee:4a:3b:f8:c1:bc:e4:2d:5d:34:74:6d:5e:ea:8c:25:eb:
         41:54:05:8c:8c:9f:81:1d:ea:ca:72:12:a4:34:b9:3a:52:a4:
         1c:a5:ae:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJT3KRxEhK6x02Iri7K4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2ZkMjA5NjRjZTdlNmU5YWU2YjFlODQwNDFkYmM0ZWQyZTdiODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wk+wxuDuepj9Hva+Ukoscc3lUPO
zUV3N/R7XhD9o/2c/0DzkAasRDFrvmHI6en+BHysAi9ZZhNh4LQeFotNS6+x+5Ik
2TQXC4p8iFaMMOYjzI1UD4r577f2THXiIgChRIorVSjdFZDAnMZa+DsoOKLt34az
eHczGj94BCpFVC9T01x11KNO3cRNGeEZKkDrtXv8x+RjlohmDHiVx7o409jtJ1Ny
F1SIwABdl1UGZwU9XB/oyxwqL0GR8pVIxNXa5xQje+IPNXBwZYdYBQQ37mV+ljZ8
LJQuCUB3Oz2XpXuwyEn0+IBC0Aq8WiZyJGTh5jsc/DT3K3djgvOlACx8TQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKz9IJZM5+bprmsehAQdvE7S57iMMB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvclAwZ2xrem41dW11YXg2RUJCMjhUdExudUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAHxjhMA8E
AgACMAkDBwAqAiSYAAMwDQYJKoZIhvcNAQELBQADggEBADGhmKJvsGWMSLp7K67w
/PNoLAJKktcF/stSgNKlnYEj/fIz1xZ4K1mDbhCwPo+buO0x7bS43v9eS92Uy+5W
/mhF8vIcCwr1T9O2eeoy6YNN/21iCg3bpS2aWfHzaQc2DVw47iwwFBpXYV03GKVi
MTvGRjyCbV4MbNgzBPQNLbLiRsXk2OxEZdA4r0OlwrLRWWO/rdsfkcSQTCAgG5xd
WxfnIV9hjL6Xr1SqIJe+p6WQn2GbD0D8CIP532Gi9tYQaoeqI7ZzVUmPEwLC+IQs
W6LAB7nAXzLMq8ruSjv4wbzkLV00dG1e6owl60FUBYyMn4Ed6spyEqQ0uTpSpByl
rk4=
-----END CERTIFICATE-----