Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/31dGIG1LjBokqF1nzNdPN__9e0c.roa
File:                     31dGIG1LjBokqF1nzNdPN__9e0c.roa (raw, json)
Hash identifier:          /48T0lpKVoII1eY4PE4qSsw0cR6W60COKX7S3nM4nAE=
Subject key identifier:   DF:57:46:20:6D:4B:8C:1A:24:A8:5D:67:CC:D7:4F:37:FF:FD:7B:47
Certificate issuer:       /CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Certificate serial:       0192D9DE4C0BAE796D7E75380BEAD8FA21B4
Authority key identifier: 42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/31dGIG1LjBokqF1nzNdPN__9e0c.roa
Signing time:             Tue 29 Oct 2024 20:01:17 +0000
ROA not before:           Tue 29 Oct 2024 20:01:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203285
IP address blocks:        91.247.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:de:4c:0b:ae:79:6d:7e:75:38:0b:ea:d8:fa:21:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
        Validity
            Not Before: Oct 29 20:01:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df5746206d4b8c1a24a85d67ccd74f37fffd7b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a5:59:a9:72:79:76:9a:6f:f3:ac:10:f8:bc:
                    11:a8:6e:06:b3:f6:8b:26:13:65:e7:86:52:80:4b:
                    18:42:15:5a:ef:68:3a:8e:ff:7e:64:72:e2:12:f8:
                    4b:f9:84:35:c4:77:d8:be:c0:00:69:a6:e2:74:31:
                    9e:25:98:d3:35:34:df:56:5d:74:61:89:f7:f1:ae:
                    5f:28:ce:e1:52:ab:97:ba:29:81:aa:94:6f:41:a2:
                    3a:ca:a7:c0:b4:d9:8e:9c:70:66:25:af:7c:a8:34:
                    ca:29:5e:cc:33:09:fd:bd:63:7b:5e:36:f1:89:17:
                    f5:25:b0:97:f1:4e:16:21:c9:11:8c:0e:09:a1:ec:
                    49:98:ef:ba:82:71:08:ad:61:84:d1:13:da:a2:7f:
                    a5:fc:8b:87:06:90:23:7c:84:9e:94:91:b5:d1:b3:
                    f7:e4:cd:79:25:5d:18:ee:e3:4b:be:c4:33:2e:52:
                    a0:3c:61:20:8a:e5:44:cc:96:bf:e0:8b:00:79:b9:
                    4b:71:7b:1b:23:d4:48:91:12:c9:9f:51:80:d5:cd:
                    cd:0e:e7:45:cd:ba:a7:e6:6c:97:eb:b6:1d:46:cd:
                    45:3f:83:b4:80:e6:3c:c4:62:7a:5c:34:6d:eb:ff:
                    05:8d:71:32:00:2c:5a:69:c8:c7:85:04:8e:9a:52:
                    a1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:57:46:20:6D:4B:8C:1A:24:A8:5D:67:CC:D7:4F:37:FF:FD:7B:47
            X509v3 Authority Key Identifier:
                keyid:42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/31dGIG1LjBokqF1nzNdPN__9e0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:93:cf:b2:c3:bf:d0:af:cc:ed:b5:3a:19:b6:a2:fa:85:47:
         a0:b6:48:08:c0:8f:4d:8b:ed:5d:d0:43:67:48:a8:21:31:f2:
         8d:d9:45:dd:0d:83:ca:7a:9f:50:5f:46:6e:e0:3f:66:7c:a0:
         f4:e4:fe:88:b3:6c:5e:65:35:6f:d5:56:d3:ce:3d:42:92:74:
         2e:53:38:00:29:20:52:8d:8a:5e:84:06:0e:b4:05:32:c3:17:
         8f:7b:b9:25:ed:48:73:6f:a0:bd:73:ff:74:e7:a0:19:86:74:
         dc:aa:23:ab:67:8b:d6:4a:2e:1b:42:49:d3:d2:46:51:c8:4d:
         49:96:3f:46:0a:9f:7d:99:97:0a:3b:76:b7:b7:ed:5d:d4:07:
         6f:d7:8c:ec:e7:ff:77:08:d6:08:04:81:c9:db:3e:df:b2:ed:
         9b:d9:27:64:dd:a5:a8:5d:c9:82:7f:59:ea:ce:a9:b6:dd:33:
         9a:b5:37:69:eb:33:99:7d:ed:78:3b:52:d2:53:19:49:69:61:
         20:ff:26:80:bf:a6:ef:f0:d8:be:9c:b0:05:42:dc:4f:eb:6f:
         30:3f:c8:b9:2e:c0:e1:fe:cd:05:88:59:6a:4a:48:71:6b:3e:
         fa:b6:9c:24:bd:c1:e4:ce:84:f7:31:3c:de:c8:fa:59:07:4d:
         8f:05:f2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLZ3kwLrnltfnU4C+rY+iG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2Y0YTEyOGQwOWRmYzRiOGIwMzVhMTJjZDgzMWY5Zjdi
MDE0NjkwHhcNMjQxMDI5MjAwMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjU3NDYyMDZkNGI4YzFhMjRhODVkNjdjY2Q3NGYzN2ZmZmQ3YjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqVZqXJ5dppv86wQ+LwRqG4Gs/aL
JhNl54ZSgEsYQhVa72g6jv9+ZHLiEvhL+YQ1xHfYvsAAaabidDGeJZjTNTTfVl10
YYn38a5fKM7hUquXuimBqpRvQaI6yqfAtNmOnHBmJa98qDTKKV7MMwn9vWN7Xjbx
iRf1JbCX8U4WIckRjA4JoexJmO+6gnEIrWGE0RPaon+l/IuHBpAjfISelJG10bP3
5M15JV0Y7uNLvsQzLlKgPGEgiuVEzJa/4IsAeblLcXsbI9RIkRLJn1GA1c3NDudF
zbqn5myX67YdRs1FP4O0gOY8xGJ6XDRt6/8FjXEyACxaacjHhQSOmlKhRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9XRiBtS4waJKhdZ8zXTzf//XtHMB8GA1UdIwQY
MBaAFELPShKNCd/EuLA1oSzYMfn3sBRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEt
MGIwNDM3NWY5YjM2LzEvMzFkR0lHMUxqQm9rcUYxbnpOZFBOX185ZTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEtMGIwNDM3NWY5YjM2
LzEvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/eoMA0G
CSqGSIb3DQEBCwUAA4IBAQBhk8+yw7/Qr8zttToZtqL6hUegtkgIwI9Ni+1d0ENn
SKghMfKN2UXdDYPKep9QX0Zu4D9mfKD05P6Is2xeZTVv1VbTzj1CknQuUzgAKSBS
jYpehAYOtAUywxePe7kl7Uhzb6C9c/9056AZhnTcqiOrZ4vWSi4bQknT0kZRyE1J
lj9GCp99mZcKO3a3t+1d1Adv14zs5/93CNYIBIHJ2z7fsu2b2Sdk3aWoXcmCf1nq
zqm23TOatTdp6zOZfe14O1LSUxlJaWEg/yaAv6bv8Ni+nLAFQtxP628wP8i5LsDh
/s0FiFlqSkhxaz76tpwkvcHkzoT3MTzeyPpZB02PBfLO
-----END CERTIFICATE-----