Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/22WCdXlneLGqwQg3RCJgPdoox0k.roa
File:                     22WCdXlneLGqwQg3RCJgPdoox0k.roa (raw, json)
Hash identifier:          0Uf2XeO6g4VQ3tLaJ5BxNowAcPCXCXuoJTTHBkhk7pw=
Subject key identifier:   DB:65:82:75:79:67:78:B1:AA:C1:08:37:44:22:60:3D:DA:28:C7:49
Certificate issuer:       /CN=63ee6d1d1eccaf9799bbd5f2b6dace46d86df48b
Certificate serial:       0191DB6DC127474DECAD9CE4ED50485B3F97
Authority key identifier: 63:EE:6D:1D:1E:CC:AF:97:99:BB:D5:F2:B6:DA:CE:46:D8:6D:F4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/22WCdXlneLGqwQg3RCJgPdoox0k.roa
Signing time:             Tue 10 Sep 2024 10:14:48 +0000
ROA not before:           Tue 10 Sep 2024 10:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        31.43.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:6d:c1:27:47:4d:ec:ad:9c:e4:ed:50:48:5b:3f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63ee6d1d1eccaf9799bbd5f2b6dace46d86df48b
        Validity
            Not Before: Sep 10 10:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db658275796778b1aac108374422603dda28c749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f0:9c:d7:56:be:6a:89:9d:71:ec:12:ec:40:
                    77:f6:96:d7:98:9e:82:82:cf:37:1d:cb:b3:8b:c3:
                    0a:f0:e8:12:e4:d0:d4:9d:5e:10:55:c5:ea:19:94:
                    46:b3:2c:4d:97:3a:90:c7:d6:be:76:48:36:a3:ac:
                    42:7b:ad:c8:bf:e6:48:8e:89:ad:71:b4:d1:cd:c1:
                    b9:11:4d:1c:b8:16:f9:9a:af:74:29:5e:c7:be:a1:
                    7e:d0:a8:d9:0c:75:bd:2e:34:ff:c7:50:59:30:41:
                    a8:97:96:13:f2:40:c9:b7:30:06:36:c2:a0:cc:52:
                    de:70:3f:29:76:36:c1:b8:ca:14:18:ca:dd:1a:89:
                    13:02:e1:c2:d4:d6:12:e7:f2:0f:89:79:51:9d:d4:
                    13:c7:57:02:ad:70:33:9a:2b:c2:ee:fc:b7:2a:c9:
                    b7:e9:f7:4e:2e:55:9f:13:6b:6f:d6:ca:af:34:5f:
                    a7:d3:13:50:8a:f8:33:7d:09:13:42:10:aa:ac:9e:
                    eb:55:b4:96:1e:06:53:fd:d0:c2:6b:06:d1:28:18:
                    7d:9d:f5:69:09:81:90:0a:18:0a:5c:44:30:26:81:
                    3c:7a:65:08:7a:78:7b:d2:24:68:49:8e:4c:2b:1a:
                    58:3f:67:d5:4c:a7:ce:f8:c3:f5:49:67:62:29:27:
                    04:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:65:82:75:79:67:78:B1:AA:C1:08:37:44:22:60:3D:DA:28:C7:49
            X509v3 Authority Key Identifier:
                keyid:63:EE:6D:1D:1E:CC:AF:97:99:BB:D5:F2:B6:DA:CE:46:D8:6D:F4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/22WCdXlneLGqwQg3RCJgPdoox0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:cf:a0:1e:45:34:60:67:87:0d:d8:5f:0c:9a:22:cb:66:a4:
         c0:88:74:d0:fe:37:36:93:60:a0:9c:ee:fe:63:e9:5b:80:43:
         b0:c7:89:59:d5:77:2f:f7:0d:2b:c3:36:38:6a:c1:82:22:d7:
         40:3d:a4:1e:f9:90:bc:06:0a:e5:cd:8c:d5:73:d6:7a:90:a5:
         44:cb:9b:cf:83:7d:77:06:7d:31:d0:c9:84:4b:ae:ea:30:9c:
         6e:e9:9c:1a:71:e6:9d:2a:1d:ce:74:f3:9a:1d:3a:bb:2d:52:
         51:df:03:62:f0:97:ca:b5:b6:c1:bf:d0:36:f5:a8:b2:3c:c7:
         9a:74:11:a3:d2:05:51:92:00:d7:8a:06:d0:9f:c4:f5:bc:cf:
         21:d3:f4:28:aa:45:dc:0d:ee:44:66:8d:49:b7:f7:d4:c5:72:
         43:8b:1a:2e:6d:f3:a5:38:24:b7:5a:5d:c4:a6:4c:e9:b3:9c:
         0e:bd:69:77:f6:53:c0:4f:db:22:4a:0d:54:74:22:eb:f1:e1:
         1a:8a:7a:27:dc:ef:34:81:7b:2d:49:3c:88:b8:2f:a7:b3:d9:
         05:65:f8:43:df:92:2c:47:bc:8d:ff:f5:e3:20:33:44:59:b9:
         68:a4:a2:99:8b:48:20:d0:5d:0d:08:8b:96:c0:e1:2f:85:94:
         c6:36:77:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHbbcEnR03srZzk7VBIWz+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZWU2ZDFkMWVjY2FmOTc5OWJiZDVmMmI2ZGFjZTQ2ZDg2
ZGY0OGIwHhcNMjQwOTEwMTAxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjY1ODI3NTc5Njc3OGIxYWFjMTA4Mzc0NDIyNjAzZGRhMjhjNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPCc11a+aomdcewS7EB39pbXmJ6C
gs83Hcuzi8MK8OgS5NDUnV4QVcXqGZRGsyxNlzqQx9a+dkg2o6xCe63Iv+ZIjomt
cbTRzcG5EU0cuBb5mq90KV7HvqF+0KjZDHW9LjT/x1BZMEGol5YT8kDJtzAGNsKg
zFLecD8pdjbBuMoUGMrdGokTAuHC1NYS5/IPiXlRndQTx1cCrXAzmivC7vy3Ksm3
6fdOLlWfE2tv1sqvNF+n0xNQivgzfQkTQhCqrJ7rVbSWHgZT/dDCawbRKBh9nfVp
CYGQChgKXEQwJoE8emUIenh70iRoSY5MKxpYP2fVTKfO+MP1SWdiKScELQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtlgnV5Z3ixqsEIN0QiYD3aKMdJMB8GA1UdIwQY
MBaAFGPubR0ezK+XmbvV8rbazkbYbfSLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS01dEhSN01yNWVadTlYeXR0ck9SdGh0OUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZGMxZDktZWJhNC00MmM4LWIzZDYt
ZDFjNWYxYjUxZTE3LzEvMjJXQ2RYbG5lTEdxd1FnM1JDSmdQZG9veDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZGMxZDktZWJhNC00MmM4LWIzZDYtZDFjNWYxYjUxZTE3
LzEvWS01dEhSN01yNWVadTlYeXR0ck9SdGh0OUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyujMA0G
CSqGSIb3DQEBCwUAA4IBAQBqz6AeRTRgZ4cN2F8MmiLLZqTAiHTQ/jc2k2CgnO7+
Y+lbgEOwx4lZ1Xcv9w0rwzY4asGCItdAPaQe+ZC8BgrlzYzVc9Z6kKVEy5vPg313
Bn0x0MmES67qMJxu6ZwaceadKh3OdPOaHTq7LVJR3wNi8JfKtbbBv9A29aiyPMea
dBGj0gVRkgDXigbQn8T1vM8h0/QoqkXcDe5EZo1Jt/fUxXJDixoubfOlOCS3Wl3E
pkzps5wOvWl39lPAT9siSg1UdCLr8eEainon3O80gXstSTyIuC+ns9kFZfhD35Is
R7yN//XjIDNEWblopKKZi0gg0F0NCIuWwOEvhZTGNncZ
-----END CERTIFICATE-----