Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/dWB5v_50s28dCnQL8B8bFn58q18.roa
File:                     dWB5v_50s28dCnQL8B8bFn58q18.roa (raw, json)
Hash identifier:          pyj99aGAlWW7KJ5ZJq2AB9ncbyLG79M0Bh7ShdPddh0=
Subject key identifier:   75:60:79:BF:FE:74:B3:6F:1D:0A:74:0B:F0:1F:1B:16:7E:7C:AB:5F
Certificate issuer:       /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial:       019423D6ABF2757FB240FE8667256642A334
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/dWB5v_50s28dCnQL8B8bFn58q18.roa
Signing time:             Wed 01 Jan 2025 21:47:38 +0000
ROA not before:           Wed 01 Jan 2025 21:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60334
IP address blocks:        31.128.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ab:f2:75:7f:b2:40:fe:86:67:25:66:42:a3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
        Validity
            Not Before: Jan  1 21:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=756079bffe74b36f1d0a740bf01f1b167e7cab5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7f:b2:75:be:c8:50:16:3f:4b:ba:7c:46:d0:
                    9b:26:90:54:12:e9:2c:b1:c4:f4:18:26:c3:d3:43:
                    45:d6:96:fa:ff:e0:43:8f:3e:0b:e5:62:fe:ba:59:
                    25:37:1f:ae:a5:47:68:9d:73:1c:75:9e:c0:64:26:
                    9c:92:d1:f0:10:19:aa:35:29:2b:5f:e3:06:81:46:
                    37:36:e8:41:20:a2:eb:d1:72:c5:fb:b7:a0:08:22:
                    3f:8b:99:86:84:e5:d2:9c:5c:b8:23:03:d3:c3:16:
                    11:5b:4a:92:62:8c:20:7d:a3:db:76:1f:23:8f:23:
                    61:c8:ab:7d:1c:ab:bb:79:04:af:62:cd:01:b9:33:
                    dd:11:2e:ef:0c:42:f4:c4:22:42:cf:6e:95:e9:05:
                    a5:16:71:de:15:0e:93:79:be:b4:54:90:8d:94:f5:
                    a5:4b:b0:de:47:c3:6a:fd:ec:bf:ef:7a:77:52:ec:
                    cd:41:98:19:d5:34:18:04:1d:2b:ea:11:2d:a0:d6:
                    2c:86:b2:75:4c:2d:5e:e0:37:90:0d:b6:13:32:c5:
                    15:9f:c8:65:a6:f6:41:5d:9e:89:8a:91:7d:92:1e:
                    8f:bb:a4:0d:36:c9:8c:50:32:50:f4:11:4b:c2:95:
                    8f:f5:ab:3e:5c:97:20:75:9e:30:fc:ac:2c:98:7a:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:60:79:BF:FE:74:B3:6F:1D:0A:74:0B:F0:1F:1B:16:7E:7C:AB:5F
            X509v3 Authority Key Identifier:
                keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/dWB5v_50s28dCnQL8B8bFn58q18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:30:c2:f7:3a:c2:b6:23:ca:cc:7d:14:8c:1d:c1:e3:7d:d4:
         6a:1f:e5:63:ec:8f:1b:c3:7e:6f:09:9e:37:44:ec:f2:a5:56:
         4f:6a:6c:4f:27:11:03:d0:28:6c:a5:17:65:a5:7a:49:2f:56:
         76:9c:74:a0:87:79:eb:32:09:9e:8e:db:2f:09:69:f0:9a:37:
         39:9c:65:ee:8a:76:ea:5a:5b:c7:ce:80:00:ca:cb:1a:7e:74:
         4b:d2:27:24:49:36:f3:6a:6d:be:2d:0a:79:36:16:94:a9:83:
         aa:06:54:a7:29:c2:f8:cf:50:36:87:12:5e:73:bc:c7:ca:7f:
         bf:c0:74:4c:58:8c:f8:bb:ea:4a:e3:15:b7:c8:9a:2e:ab:b7:
         0b:a3:7b:69:5f:87:12:9f:2d:8a:b2:5e:39:57:0d:77:57:5b:
         48:10:21:f9:38:3b:b9:36:63:00:9c:35:df:24:ec:00:0a:2b:
         18:42:6d:52:24:07:4f:49:34:1d:01:2c:40:e7:d0:5a:54:48:
         fb:ac:67:ad:e0:16:17:e6:d9:bb:20:2c:e1:29:05:53:e8:3d:
         8c:9b:4b:89:c5:b1:f9:fb:e7:7b:72:60:42:0d:13:bc:c4:d8:
         ae:5a:b9:85:57:0f:fb:34:c4:18:92:5c:6b:2a:0e:01:66:46:
         f6:14:11:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qvydX+yQP6GZyVmQqM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTYwNzliZmZlNzRiMzZmMWQwYTc0MGJmMDFmMWIxNjdlN2NhYjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX+ydb7IUBY/S7p8RtCbJpBUEuks
scT0GCbD00NF1pb6/+BDjz4L5WL+ulklNx+upUdonXMcdZ7AZCacktHwEBmqNSkr
X+MGgUY3NuhBIKLr0XLF+7egCCI/i5mGhOXSnFy4IwPTwxYRW0qSYowgfaPbdh8j
jyNhyKt9HKu7eQSvYs0BuTPdES7vDEL0xCJCz26V6QWlFnHeFQ6Teb60VJCNlPWl
S7DeR8Nq/ey/73p3UuzNQZgZ1TQYBB0r6hEtoNYshrJ1TC1e4DeQDbYTMsUVn8hl
pvZBXZ6JipF9kh6Pu6QNNsmMUDJQ9BFLwpWP9as+XJcgdZ4w/KwsmHq/6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVgeb/+dLNvHQp0C/AfGxZ+fKtfMB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvZFdCNXZfNTBzMjhkQ25RTDhCOGJGbjU4cTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4C3MA0G
CSqGSIb3DQEBCwUAA4IBAQCVMML3OsK2I8rMfRSMHcHjfdRqH+Vj7I8bw35vCZ43
ROzypVZPamxPJxED0ChspRdlpXpJL1Z2nHSgh3nrMgmejtsvCWnwmjc5nGXuinbq
WlvHzoAAyssafnRL0ickSTbzam2+LQp5NhaUqYOqBlSnKcL4z1A2hxJec7zHyn+/
wHRMWIz4u+pK4xW3yJouq7cLo3tpX4cSny2Ksl45Vw13V1tIECH5ODu5NmMAnDXf
JOwACisYQm1SJAdPSTQdASxA59BaVEj7rGet4BYX5tm7ICzhKQVT6D2Mm0uJxbH5
++d7cmBCDRO8xNiuWrmFVw/7NMQYklxrKg4BZkb2FBF0
-----END CERTIFICATE-----