Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/1fneVo7g3Q6BoP--WU0t7jR6JkQ.roa
File:                     1fneVo7g3Q6BoP--WU0t7jR6JkQ.roa (raw, json)
Hash identifier:          3lCVlQI3QK06NtSGd45mEOMbb6AgKFzVPBALtE1W++g=
Subject key identifier:   D5:F9:DE:56:8E:E0:DD:0E:81:A0:FF:BE:59:4D:2D:EE:34:7A:26:44
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018CC9BCFC7EBE14A2048D1E759BD1EDC5F4
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/1fneVo7g3Q6BoP--WU0t7jR6JkQ.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        31.24.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fc:7e:be:14:a2:04:8d:1e:75:9b:d1:ed:c5:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5f9de568ee0dd0e81a0ffbe594d2dee347a2644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:45:0b:e3:a9:32:c5:b9:06:03:5c:0d:91:f0:
                    74:d1:70:a6:ad:20:f6:97:59:37:cc:cc:c2:5a:ff:
                    ce:f2:a8:44:b8:65:fd:ab:e2:ee:a4:7c:29:40:3e:
                    98:2a:71:85:45:5c:65:d0:b9:e4:c5:1f:55:54:bd:
                    93:4d:94:75:ca:49:2f:b0:35:79:a7:39:db:9e:11:
                    af:e2:2b:89:48:01:ee:df:0e:d7:ae:0d:78:84:73:
                    c2:2c:dc:b5:87:ef:eb:e2:6f:51:4a:d5:9b:c8:60:
                    3e:10:cf:02:2e:d3:a2:52:6c:d8:a5:4c:d5:19:03:
                    3a:a3:f4:1f:c1:5e:e1:96:33:d5:24:0e:b9:14:3c:
                    f2:61:47:d9:22:70:5b:dd:db:6c:ff:16:48:9f:41:
                    c3:03:6b:32:25:b9:e2:d7:ca:3f:75:ec:91:3e:cf:
                    7a:92:58:cb:94:87:e5:40:c6:04:df:b9:42:5c:13:
                    39:42:e0:e8:c6:88:45:9e:60:b7:83:bf:ba:07:2a:
                    e2:8c:50:d4:d1:a8:1e:a9:06:b6:2b:59:e1:38:c3:
                    61:fa:88:fa:f6:24:3e:fd:d5:f2:40:85:2b:78:90:
                    e7:b4:fa:12:29:da:40:5e:59:d9:7e:2a:98:b3:cd:
                    7e:02:e0:11:e8:a9:26:aa:71:59:37:4b:66:29:a4:
                    31:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F9:DE:56:8E:E0:DD:0E:81:A0:FF:BE:59:4D:2D:EE:34:7A:26:44
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/1fneVo7g3Q6BoP--WU0t7jR6JkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:48:ba:34:ac:fc:85:b9:ba:dc:31:91:4f:f6:7b:dd:1c:e9:
         79:96:99:90:0e:16:d1:bb:70:71:96:cd:96:c1:00:5b:73:8f:
         bd:c4:51:f3:4a:dd:94:b7:60:80:8e:e5:af:e7:9c:a7:4c:a1:
         cc:15:4d:6e:35:5c:33:55:9f:d5:9c:5c:a9:04:7c:37:c7:16:
         aa:34:a1:dd:ac:88:a1:e9:05:17:9f:85:1e:86:db:88:6e:cc:
         98:6f:3a:1a:9e:75:63:90:05:34:5a:88:0b:6d:7c:8d:00:e0:
         4d:c8:ff:dc:09:50:5c:f9:fa:dc:f1:30:7e:65:78:3d:51:1a:
         2a:f4:ff:9d:92:2f:b1:f7:71:43:b6:65:c2:b0:f7:72:6a:dd:
         c1:33:ba:fe:b0:9f:96:96:e9:d9:7a:29:0d:c8:68:2f:be:2f:
         c1:9e:72:49:22:3c:f7:0d:ec:36:24:3b:75:49:72:b6:68:e7:
         2d:3d:17:c4:fc:ea:28:ff:d8:9d:52:c4:8a:2a:52:af:e4:a7:
         61:d4:42:6c:14:c8:de:6f:71:bd:85:ad:9b:bd:34:0d:53:bb:
         48:2f:30:f4:46:db:37:22:d3:1c:63:eb:54:ab:5d:17:2b:4b:
         64:60:e3:b9:4f:60:f6:48:be:ed:b0:f3:66:40:d7:ff:85:ff:
         64:4e:64:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPx+vhSiBI0edZvR7cX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY5ZGU1NjhlZTBkZDBlODFhMGZmYmU1OTRkMmRlZTM0N2EyNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkUL46kyxbkGA1wNkfB00XCmrSD2
l1k3zMzCWv/O8qhEuGX9q+LupHwpQD6YKnGFRVxl0LnkxR9VVL2TTZR1ykkvsDV5
pznbnhGv4iuJSAHu3w7Xrg14hHPCLNy1h+/r4m9RStWbyGA+EM8CLtOiUmzYpUzV
GQM6o/QfwV7hljPVJA65FDzyYUfZInBb3dts/xZIn0HDA2syJbni18o/deyRPs96
kljLlIflQMYE37lCXBM5QuDoxohFnmC3g7+6ByrijFDU0ageqQa2K1nhOMNh+oj6
9iQ+/dXyQIUreJDntPoSKdpAXlnZfiqYs81+AuAR6KkmqnFZN0tmKaQxjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX53laO4N0OgaD/vllNLe40eiZEMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvMWZuZVZvN2czUTZCb1AtLVdVMHQ3alI2SmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj7MA0G
CSqGSIb3DQEBCwUAA4IBAQCrSLo0rPyFubrcMZFP9nvdHOl5lpmQDhbRu3Bxls2W
wQBbc4+9xFHzSt2Ut2CAjuWv55ynTKHMFU1uNVwzVZ/VnFypBHw3xxaqNKHdrIih
6QUXn4UehtuIbsyYbzoannVjkAU0WogLbXyNAOBNyP/cCVBc+frc8TB+ZXg9URoq
9P+dki+x93FDtmXCsPdyat3BM7r+sJ+WlunZeikNyGgvvi/BnnJJIjz3Dew2JDt1
SXK2aOctPRfE/Ooo/9idUsSKKlKv5Kdh1EJsFMjeb3G9ha2bvTQNU7tILzD0Rts3
ItMcY+tUq10XK0tkYOO5T2D2SL7tsPNmQNf/hf9kTmR5
-----END CERTIFICATE-----