Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/HVnbEGjNPPWrTvzKC2Vbye7OHqE.roa
File:                     HVnbEGjNPPWrTvzKC2Vbye7OHqE.roa (raw, json)
Hash identifier:          YsKVwoIjHE51aObHgm0Ec747oVbJFx11OHUGUSvApLg=
Subject key identifier:   1D:59:DB:10:68:CD:3C:F5:AB:4E:FC:CA:0B:65:5B:C9:EE:CE:1E:A1
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       018CC5DD4049D7E997F048AF526CD48A58D7
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/HVnbEGjNPPWrTvzKC2Vbye7OHqE.roa
Signing time:             Mon 01 Jan 2024 16:31:00 +0000
ROA not before:           Mon 01 Jan 2024 16:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200468
IP address blocks:        31.3.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:40:49:d7:e9:97:f0:48:af:52:6c:d4:8a:58:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Jan  1 16:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d59db1068cd3cf5ab4efcca0b655bc9eece1ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a1:e9:5d:56:1d:51:77:e5:3a:d5:af:0b:35:
                    17:8f:bd:35:d4:65:59:95:d6:9a:7a:9b:3a:2f:65:
                    b1:69:44:68:ce:e7:90:bb:7d:0b:fe:45:41:55:6f:
                    56:a4:92:73:a7:20:00:73:f0:8b:7d:44:ec:11:dd:
                    8f:5d:8b:85:57:28:1f:49:8a:2e:50:1d:59:7c:cd:
                    d9:7b:d6:2e:37:f8:b5:db:4c:5e:c8:45:bc:71:98:
                    c8:b6:38:c3:c6:78:09:5f:75:e5:16:79:ed:52:b2:
                    a6:27:a5:66:00:a5:e3:c6:1e:7b:3f:7d:6a:84:49:
                    a6:ef:0a:f4:9b:80:60:55:5c:a6:6d:ba:2a:c6:51:
                    b8:5f:4f:bc:34:38:c9:63:f5:77:48:14:74:3d:8d:
                    97:9d:01:a2:e7:dd:e6:7c:66:bf:d5:07:0b:d2:3b:
                    fa:1d:2b:fb:bb:75:bb:8d:be:62:f0:53:cc:f9:3d:
                    c7:de:4c:63:96:5e:f0:11:20:b4:07:cb:04:e1:5c:
                    e1:ff:20:ff:eb:57:c5:7d:48:61:5a:2f:11:de:9a:
                    56:a0:85:99:be:ea:c0:ff:1a:0e:8d:8f:40:18:ab:
                    df:a3:2f:d0:ba:da:07:47:8e:ba:4f:55:4e:b2:8e:
                    76:78:49:a2:59:0b:48:21:66:8c:26:04:5a:8c:a4:
                    29:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:59:DB:10:68:CD:3C:F5:AB:4E:FC:CA:0B:65:5B:C9:EE:CE:1E:A1
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/HVnbEGjNPPWrTvzKC2Vbye7OHqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:f7:6e:85:f2:44:e2:cd:4f:f3:c7:b2:7d:49:32:41:6b:62:
         36:e4:54:3c:8c:8d:63:cb:99:be:dc:9a:2e:2f:41:39:b9:f0:
         e9:7a:c5:8c:76:05:85:c0:96:ec:f8:36:d8:40:d6:fc:de:57:
         48:a8:25:2f:58:b6:82:ec:fa:9f:08:06:e0:11:9c:55:1b:8f:
         48:02:62:91:aa:ca:a1:c6:28:c4:f0:94:5f:de:d5:d3:8d:c0:
         aa:02:04:29:13:cf:c5:44:54:67:c1:e4:72:46:2a:ac:51:f6:
         22:92:d3:7b:6d:f6:dc:eb:23:46:d2:27:c1:ed:1f:20:e1:55:
         1c:b6:bf:55:c2:13:59:6b:6e:93:69:35:2a:ab:cf:ea:06:f5:
         85:7b:fc:06:7b:db:11:7e:1b:b2:64:27:16:76:83:c9:af:fc:
         82:d0:07:cd:c9:1b:73:2d:e4:c0:88:a9:93:9b:a6:ba:04:4b:
         72:09:58:58:a1:09:9b:80:8e:33:65:f8:b7:ef:73:6a:1b:cc:
         7d:06:06:be:4e:6a:3a:ea:70:0f:c7:0f:ce:35:eb:c4:39:3a:
         7e:3e:0a:88:97:a6:57:0b:da:e1:19:70:d4:29:0b:ef:55:0a:
         bf:91:b4:b5:34:4a:86:e7:f1:b3:76:c8:5d:27:35:cd:6a:c7:
         c8:c2:d4:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3UBJ1+mX8EivUmzUiljXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjQwMTAxMTYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDU5ZGIxMDY4Y2QzY2Y1YWI0ZWZjY2EwYjY1NWJjOWVlY2UxZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqHpXVYdUXflOtWvCzUXj7011GVZ
ldaaeps6L2WxaURozueQu30L/kVBVW9WpJJzpyAAc/CLfUTsEd2PXYuFVygfSYou
UB1ZfM3Ze9YuN/i120xeyEW8cZjItjjDxngJX3XlFnntUrKmJ6VmAKXjxh57P31q
hEmm7wr0m4BgVVymbboqxlG4X0+8NDjJY/V3SBR0PY2XnQGi593mfGa/1QcL0jv6
HSv7u3W7jb5i8FPM+T3H3kxjll7wESC0B8sE4Vzh/yD/61fFfUhhWi8R3ppWoIWZ
vurA/xoOjY9AGKvfoy/QutoHR466T1VOso52eEmiWQtIIWaMJgRajKQpjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1Z2xBozTz1q078ygtlW8nuzh6hMB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvSFZuYkVHak5QUFdyVHZ6S0MyVmJ5ZTdPSHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwPZMA0G
CSqGSIb3DQEBCwUAA4IBAQCy926F8kTizU/zx7J9STJBa2I25FQ8jI1jy5m+3Jou
L0E5ufDpesWMdgWFwJbs+DbYQNb83ldIqCUvWLaC7PqfCAbgEZxVG49IAmKRqsqh
xijE8JRf3tXTjcCqAgQpE8/FRFRnweRyRiqsUfYiktN7bfbc6yNG0ifB7R8g4VUc
tr9VwhNZa26TaTUqq8/qBvWFe/wGe9sRfhuyZCcWdoPJr/yC0AfNyRtzLeTAiKmT
m6a6BEtyCVhYoQmbgI4zZfi373NqG8x9Bga+Tmo66nAPxw/ONevEOTp+PgqIl6ZX
C9rhGXDUKQvvVQq/kbS1NEqG5/GzdshdJzXNasfIwtTP
-----END CERTIFICATE-----