Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/fRsZG0PHZPuhU-6QpDbPAODKMT0.roa
File:                     fRsZG0PHZPuhU-6QpDbPAODKMT0.roa (raw, json)
Hash identifier:          G8+L84DOntGe2pEq0wBTX0ojVKNJaA3Aoeev75Mv1UU=
Subject key identifier:   7D:1B:19:1B:43:C7:64:FB:A1:53:EE:90:A4:36:CF:00:E0:CA:31:3D
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2AA35ED9900020B14CA3D129B23D3D
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/fRsZG0PHZPuhU-6QpDbPAODKMT0.roa
Signing time:             Tue 02 Jan 2024 12:34:01 +0000
ROA not before:           Tue 02 Jan 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216158
IP address blocks:        31.200.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a3:5e:d9:90:00:20:b1:4c:a3:d1:29:b2:3d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d1b191b43c764fba153ee90a436cf00e0ca313d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:64:9e:bb:7a:d5:a2:a5:b3:af:34:18:71:15:
                    1c:e9:2d:e0:f0:18:bf:e0:4e:98:18:63:8f:d3:c1:
                    f9:74:4e:61:20:75:9b:2d:c5:5b:42:1d:3f:80:57:
                    0c:93:65:35:c7:e1:c9:2a:0d:10:27:e4:a4:8f:c1:
                    71:a6:2e:f6:ec:cb:be:96:53:7c:cb:1a:ad:f1:4a:
                    8d:d0:17:0d:be:63:ee:20:21:8a:e0:20:33:36:0f:
                    04:da:0c:e5:39:56:f2:7d:89:71:24:4f:13:b1:ee:
                    12:f0:37:ab:9a:0b:93:bf:b4:4c:6d:39:10:62:bf:
                    ec:63:33:03:7a:77:dd:66:06:d4:27:75:0c:88:80:
                    05:6b:f5:53:ce:27:0a:cf:27:ed:f9:cc:cb:24:16:
                    38:b6:7f:8a:e3:bf:b5:32:59:cc:3f:a3:05:70:42:
                    0d:38:7f:3c:37:22:fe:26:cd:c3:94:75:d1:4d:86:
                    a2:3a:82:2e:5f:4c:00:2d:e5:1d:02:42:d3:40:96:
                    19:97:dc:8f:95:0b:74:c7:dc:b4:c8:7b:68:a0:b8:
                    cd:39:27:fe:9a:7c:ca:f0:4c:ae:fa:42:92:4e:10:
                    d8:6d:c3:ad:cd:3b:2d:b7:2e:91:f6:ea:fe:d6:03:
                    a2:fc:d5:4f:0f:bf:ab:28:4c:37:0e:93:8b:e4:07:
                    2b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1B:19:1B:43:C7:64:FB:A1:53:EE:90:A4:36:CF:00:E0:CA:31:3D
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/fRsZG0PHZPuhU-6QpDbPAODKMT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7c:85:fe:5b:60:c7:cf:c9:c4:1e:fa:80:8e:e6:9d:c1:cf:
         6c:c1:57:79:db:fa:39:e8:25:7d:6b:25:ac:d4:14:65:4c:c8:
         a9:20:54:c7:2d:72:fb:38:b9:9e:28:9c:79:12:0e:a8:1d:a7:
         fc:ec:cc:7a:79:fd:bb:0a:4c:c0:3f:1e:da:a6:32:1c:a5:89:
         77:b6:f4:b0:76:45:b1:d3:58:37:cc:0e:81:85:c4:aa:55:a5:
         df:51:6d:04:0c:58:9a:35:9f:71:b3:4e:d4:0f:8b:11:27:ee:
         fd:53:bd:59:e5:c5:dd:6b:f8:bb:c3:c0:19:ad:13:82:07:35:
         de:d6:6c:7c:f7:53:46:f0:c4:ac:72:98:ab:29:f7:e1:e0:ca:
         1b:46:d0:3f:50:bb:1d:bf:90:5e:89:45:a6:a2:76:b8:8f:7c:
         87:f0:c5:ce:72:e0:19:6f:77:45:8d:1c:85:9a:ed:41:06:fd:
         58:84:e0:62:56:70:b2:70:c8:cd:57:db:f4:10:b6:71:b1:f9:
         9e:3f:a9:12:c9:41:37:0a:2b:f0:e6:f2:4b:85:bb:15:60:7c:
         72:93:f1:54:86:fa:4e:ea:37:a9:8f:e7:ff:1f:70:79:68:3c:
         a6:07:65:53:c9:a6:92:25:f6:b6:6e:80:55:44:88:51:1c:ae:
         63:68:fe:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqNe2ZAAILFMo9Epsj09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFiMTkxYjQzYzc2NGZiYTE1M2VlOTBhNDM2Y2YwMGUwY2EzMTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWSeu3rVoqWzrzQYcRUc6S3g8Bi/
4E6YGGOP08H5dE5hIHWbLcVbQh0/gFcMk2U1x+HJKg0QJ+Skj8Fxpi727Mu+llN8
yxqt8UqN0BcNvmPuICGK4CAzNg8E2gzlOVbyfYlxJE8Tse4S8DermguTv7RMbTkQ
Yr/sYzMDenfdZgbUJ3UMiIAFa/VTzicKzyft+czLJBY4tn+K47+1MlnMP6MFcEIN
OH88NyL+Js3DlHXRTYaiOoIuX0wALeUdAkLTQJYZl9yPlQt0x9y0yHtooLjNOSf+
mnzK8Eyu+kKSThDYbcOtzTstty6R9ur+1gOi/NVPD7+rKEw3DpOL5AcrowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0bGRtDx2T7oVPukKQ2zwDgyjE9MB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvZlJzWkcwUEhaUHVoVS02UXBEYlBBT0RLTVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8j5MA0G
CSqGSIb3DQEBCwUAA4IBAQA7fIX+W2DHz8nEHvqAjuadwc9swVd52/o56CV9ayWs
1BRlTMipIFTHLXL7OLmeKJx5Eg6oHaf87Mx6ef27CkzAPx7apjIcpYl3tvSwdkWx
01g3zA6BhcSqVaXfUW0EDFiaNZ9xs07UD4sRJ+79U71Z5cXda/i7w8AZrROCBzXe
1mx891NG8MSscpirKffh4MobRtA/ULsdv5BeiUWmona4j3yH8MXOcuAZb3dFjRyF
mu1BBv1YhOBiVnCycMjNV9v0ELZxsfmeP6kSyUE3Civw5vJLhbsVYHxyk/FUhvpO
6jepj+f/H3B5aDymB2VTyaaSJfa2boBVRIhRHK5jaP5K
-----END CERTIFICATE-----