Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dO1O_8axeMhHmGXTK18ozwIkHHA.roa
File:                     dO1O_8axeMhHmGXTK18ozwIkHHA.roa (raw, json)
Hash identifier:          4p22/ChX12PfHfBUQ/9yj6jFjQRAXPArGoGLiCB206U=
Subject key identifier:   74:ED:4E:FF:C6:B1:78:C8:47:98:65:D3:2B:5F:28:CF:02:24:1C:70
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD048CDA31392A59898D023450B24C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dO1O_8axeMhHmGXTK18ozwIkHHA.roa
Signing time:             Tue 02 Jan 2024 06:29:36 +0000
ROA not before:           Tue 02 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204469
IP address blocks:        31.13.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:04:8c:da:31:39:2a:59:89:8d:02:34:50:b2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74ed4effc6b178c8479865d32b5f28cf02241c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:f3:55:44:c1:08:50:30:24:2c:e9:13:83:
                    1a:71:e6:bc:76:3e:71:2d:e4:78:07:da:42:0d:b6:
                    b5:f4:27:ea:b0:b5:80:de:5a:82:99:25:1d:39:d2:
                    3d:19:2a:5b:9e:0d:29:e5:12:74:7d:17:9c:e0:2f:
                    34:2e:1e:ad:02:63:b1:c3:da:0a:26:65:fe:cd:90:
                    7c:51:c6:32:cd:2d:af:e9:d6:53:6a:e2:93:0c:00:
                    b7:26:35:36:f8:60:59:df:ef:d2:00:a5:f5:3b:a1:
                    1e:ee:75:26:37:99:1b:17:21:ae:25:85:d1:18:32:
                    d6:ed:f1:6e:bd:d7:11:3c:d6:a1:65:97:dd:81:73:
                    0e:0b:1f:24:66:b3:77:32:d2:e4:60:a0:05:09:c6:
                    d8:71:f5:39:6a:40:3a:2c:52:33:b5:5f:d3:ba:b3:
                    7b:96:8f:0e:64:b5:45:a5:66:23:a0:57:2f:0c:7f:
                    df:a1:61:52:dc:58:8c:63:23:66:16:b9:2d:0e:48:
                    2d:f7:19:48:3b:ba:81:84:52:f5:32:7c:07:02:81:
                    20:14:e7:48:16:90:a0:02:f1:6f:5b:3a:d7:9f:c8:
                    59:7d:f8:8e:cb:d0:c0:bc:7d:51:2d:83:67:f5:ff:
                    31:ef:3c:e0:5d:47:f4:f8:a0:92:be:89:87:d6:c7:
                    09:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:ED:4E:FF:C6:B1:78:C8:47:98:65:D3:2B:5F:28:CF:02:24:1C:70
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dO1O_8axeMhHmGXTK18ozwIkHHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:9d:6c:7a:20:59:70:87:81:d0:48:eb:0e:88:66:c4:c3:8b:
         6b:05:d5:5d:ab:59:0c:a0:12:93:9c:39:5e:c2:c5:c6:68:d4:
         19:6d:31:60:61:3b:37:18:cb:74:d0:44:61:a4:02:21:6f:bb:
         7f:d0:92:d4:5f:a0:04:35:75:74:58:9d:1c:8f:a5:c6:9e:27:
         17:b7:9d:6c:bf:8c:b0:d6:28:cf:b7:8e:87:15:3d:d2:2b:64:
         15:bf:6b:ba:11:e5:af:ab:1d:e3:93:b8:8d:79:de:5e:fd:8f:
         c3:ac:f2:73:02:5c:c5:bc:1d:0d:94:34:77:b7:78:ba:3e:cb:
         f4:7b:1c:ce:0c:4b:c9:ad:d0:73:6c:d5:59:10:e9:47:77:62:
         2e:71:12:b5:4c:1f:27:fe:23:42:de:c8:dc:59:ad:e4:e0:af:
         c3:74:38:02:ae:4b:64:b5:5a:84:d1:8e:0a:39:a3:df:fa:34:
         09:db:13:21:27:69:1f:3d:89:02:42:1b:53:de:da:ad:78:fb:
         88:06:c8:ff:d4:41:9e:1e:62:bb:49:8d:e2:3d:a2:89:3f:61:
         7a:6f:90:01:09:47:83:93:13:72:0d:ec:1e:3b:13:2a:88:04:
         b4:70:eb:25:1e:38:e4:91:be:0e:13:ea:84:06:7f:27:04:b4:
         34:0a:b7:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QSM2jE5KlmJjQI0ULJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVkNGVmZmM2YjE3OGM4NDc5ODY1ZDMyYjVmMjhjZjAyMjQxYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolrzVUTBCFAwJCzpE4Macea8dj5x
LeR4B9pCDba19CfqsLWA3lqCmSUdOdI9GSpbng0p5RJ0fRec4C80Lh6tAmOxw9oK
JmX+zZB8UcYyzS2v6dZTauKTDAC3JjU2+GBZ3+/SAKX1O6Ee7nUmN5kbFyGuJYXR
GDLW7fFuvdcRPNahZZfdgXMOCx8kZrN3MtLkYKAFCcbYcfU5akA6LFIztV/TurN7
lo8OZLVFpWYjoFcvDH/foWFS3FiMYyNmFrktDkgt9xlIO7qBhFL1MnwHAoEgFOdI
FpCgAvFvWzrXn8hZffiOy9DAvH1RLYNn9f8x7zzgXUf0+KCSvomH1scJawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTtTv/GsXjIR5hl0ytfKM8CJBxwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZE8xT184YXhlTWhIbUdYVEsxOG96d0lrSEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw3wMA0G
CSqGSIb3DQEBCwUAA4IBAQB6nWx6IFlwh4HQSOsOiGbEw4trBdVdq1kMoBKTnDle
wsXGaNQZbTFgYTs3GMt00ERhpAIhb7t/0JLUX6AENXV0WJ0cj6XGnicXt51sv4yw
1ijPt46HFT3SK2QVv2u6EeWvqx3jk7iNed5e/Y/DrPJzAlzFvB0NlDR3t3i6Psv0
exzODEvJrdBzbNVZEOlHd2IucRK1TB8n/iNC3sjcWa3k4K/DdDgCrktktVqE0Y4K
OaPf+jQJ2xMhJ2kfPYkCQhtT3tqtePuIBsj/1EGeHmK7SY3iPaKJP2F6b5ABCUeD
kxNyDeweOxMqiAS0cOslHjjkkb4OE+qEBn8nBLQ0CrcO
-----END CERTIFICATE-----