Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/Uo0y8OtSGOk7M6ksVn0t3JIE0vI.roa
File:                     Uo0y8OtSGOk7M6ksVn0t3JIE0vI.roa (raw, json)
Hash identifier:          Qn6nhe8pgy+het/cCHdKQzZyAze115DCYALX01oJ0H0=
Subject key identifier:   52:8D:32:F0:EB:52:18:E9:3B:33:A9:2C:56:7D:2D:DC:92:04:D2:F2
Certificate issuer:       /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial:       018E096BC2FA005BB8C1C76282EED4E44DCB
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/Uo0y8OtSGOk7M6ksVn0t3JIE0vI.roa
Signing time:             Mon 04 Mar 2024 12:24:00 +0000
ROA not before:           Mon 04 Mar 2024 12:24:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60334
IP address blocks:        31.128.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:6b:c2:fa:00:5b:b8:c1:c7:62:82:ee:d4:e4:4d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
        Validity
            Not Before: Mar  4 12:24:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=528d32f0eb5218e93b33a92c567d2ddc9204d2f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:48:75:c2:64:e4:eb:2a:97:da:87:c5:f1:a9:
                    a8:5e:ae:21:28:57:44:7e:b7:73:14:a8:12:59:07:
                    ad:dc:7f:65:f3:8d:96:58:55:ae:88:ff:d9:fa:48:
                    10:d5:f9:58:37:bf:44:de:24:d6:71:4c:66:3f:f7:
                    07:73:f3:11:7b:28:3d:7e:60:30:ba:e0:e7:6a:08:
                    48:51:76:ea:e8:55:1f:8f:84:b4:12:cd:6e:3f:f8:
                    7a:65:0e:21:38:fa:4b:93:cd:03:a5:40:6e:62:4a:
                    56:ac:13:86:5c:c5:8f:ec:1d:2f:50:fa:2a:6e:7d:
                    d5:48:a9:80:23:e3:bc:03:a3:a0:39:b9:e5:30:92:
                    9c:94:c7:78:c2:34:ae:8b:10:ed:32:c7:bc:9b:9e:
                    a3:aa:55:e5:02:b1:f5:e1:87:bf:2e:b5:4b:c1:37:
                    94:53:ae:1c:7a:a4:58:60:3d:c3:ba:d8:6d:d3:f7:
                    2d:97:41:9d:c7:f8:40:b2:9f:4c:eb:14:38:16:93:
                    7e:4c:16:28:3a:85:50:95:95:39:81:87:3e:e1:8b:
                    cd:4a:5a:d1:9f:62:cb:a3:9d:b4:18:b6:7a:c9:5a:
                    69:55:05:7a:62:ff:da:06:d1:76:59:ec:1e:d6:9a:
                    70:63:18:48:1c:45:be:1d:f9:24:29:b0:6b:92:c5:
                    7b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:8D:32:F0:EB:52:18:E9:3B:33:A9:2C:56:7D:2D:DC:92:04:D2:F2
            X509v3 Authority Key Identifier:
                keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/Uo0y8OtSGOk7M6ksVn0t3JIE0vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:79:a1:16:c1:fa:d3:b3:e9:21:4a:d9:ec:ff:11:67:09:c7:
         dd:5b:2e:d7:de:09:9b:36:5f:2b:ba:79:90:9b:44:e9:fc:29:
         4b:1d:12:19:36:94:a0:75:55:19:b3:17:fd:38:da:ec:10:1e:
         9c:8e:7c:f2:0b:d0:6c:61:32:70:10:e8:a8:e8:8d:a1:55:b2:
         04:9f:7e:20:6d:1c:47:b9:a1:29:42:97:4c:d4:25:bd:80:88:
         bf:29:71:33:87:72:15:b1:3d:53:4f:3b:ff:a0:3c:bb:96:23:
         b4:ed:f3:fb:1d:92:f4:71:6c:2e:8a:7b:ac:f1:d4:80:17:cd:
         93:05:4f:9d:35:50:ad:7e:ab:a2:cd:5c:28:b3:de:11:0f:79:
         70:e6:25:88:cd:88:b9:ed:26:7b:28:0d:56:1d:3f:63:e3:4b:
         22:5e:11:8f:b0:1e:7d:71:1f:b0:1f:58:42:e6:76:99:8f:cf:
         aa:bc:c6:c1:56:18:b0:5f:02:8c:3b:1b:51:47:87:c9:3f:77:
         6d:e2:d3:e8:38:f7:39:e3:25:89:95:45:57:8d:31:20:e8:b7:
         a7:a2:f4:33:3e:ea:1c:e9:6f:e2:c5:99:53:15:0d:59:f6:80:
         04:19:1f:bc:9a:c6:01:81:b4:fe:cd:cc:4f:7c:b9:f0:3d:69:
         d4:19:4c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4Ja8L6AFu4wcdigu7U5E3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjQwMzA0MTIyNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjhkMzJmMGViNTIxOGU5M2IzM2E5MmM1NjdkMmRkYzkyMDRkMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uh1wmTk6yqX2ofF8amoXq4hKFdE
frdzFKgSWQet3H9l842WWFWuiP/Z+kgQ1flYN79E3iTWcUxmP/cHc/MReyg9fmAw
uuDnaghIUXbq6FUfj4S0Es1uP/h6ZQ4hOPpLk80DpUBuYkpWrBOGXMWP7B0vUPoq
bn3VSKmAI+O8A6OgObnlMJKclMd4wjSuixDtMse8m56jqlXlArH14Ye/LrVLwTeU
U64ceqRYYD3Dutht0/ctl0Gdx/hAsp9M6xQ4FpN+TBYoOoVQlZU5gYc+4YvNSlrR
n2LLo520GLZ6yVppVQV6Yv/aBtF2Wewe1ppwYxhIHEW+HfkkKbBrksV7nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKNMvDrUhjpOzOpLFZ9LdySBNLyMB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvVW8weThPdFNHT2s3TTZrc1ZuMHQzSklFMHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4C3MA0G
CSqGSIb3DQEBCwUAA4IBAQB8eaEWwfrTs+khStns/xFnCcfdWy7X3gmbNl8runmQ
m0Tp/ClLHRIZNpSgdVUZsxf9ONrsEB6cjnzyC9BsYTJwEOio6I2hVbIEn34gbRxH
uaEpQpdM1CW9gIi/KXEzh3IVsT1TTzv/oDy7liO07fP7HZL0cWwuinus8dSAF82T
BU+dNVCtfquizVwos94RD3lw5iWIzYi57SZ7KA1WHT9j40siXhGPsB59cR+wH1hC
5naZj8+qvMbBVhiwXwKMOxtRR4fJP3dt4tPoOPc54yWJlUVXjTEg6LenovQzPuoc
6W/ixZlTFQ1Z9oAEGR+8msYBgbT+zcxPfLnwPWnUGUxu
-----END CERTIFICATE-----