Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yDAFKm-gDm5204Yom19MtKQWI8I.roa
File:                     yDAFKm-gDm5204Yom19MtKQWI8I.roa (raw, json)
Hash identifier:          FZNSWa7l3RMWHVn3mjabT52dUBNs29bQFkoy9KhuA9Y=
Subject key identifier:   C8:30:05:2A:6F:A0:0E:6E:76:D3:86:28:9B:5F:4C:B4:A4:16:23:C2
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01934B33936EE0F149AAE127F957B28DB9AD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yDAFKm-gDm5204Yom19MtKQWI8I.roa
Signing time:             Wed 20 Nov 2024 20:11:31 +0000
ROA not before:           Wed 20 Nov 2024 20:11:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215168
IP address blocks:        194.31.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:33:93:6e:e0:f1:49:aa:e1:27:f9:57:b2:8d:b9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Nov 20 20:11:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c830052a6fa00e6e76d386289b5f4cb4a41623c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f0:06:2d:31:2d:0a:f2:95:c9:73:87:3c:63:
                    c1:d7:34:e6:46:9a:d2:83:e5:04:6a:7b:25:3a:9d:
                    fa:0c:41:57:e0:54:c4:eb:96:ef:96:84:d8:ed:d7:
                    92:84:12:8a:a3:b7:bd:6c:b1:f9:a7:05:ce:d3:6e:
                    45:57:94:69:d5:d2:5d:7c:a9:c1:ce:c8:ba:37:2e:
                    cc:c3:a4:6c:90:21:a7:b8:ae:e4:e7:95:67:7a:12:
                    3b:ba:00:f2:1d:d1:86:41:8c:43:15:94:24:1f:92:
                    49:f0:c3:bf:dc:d4:5e:54:08:68:5c:16:18:a6:53:
                    24:bf:58:4a:fa:95:08:3a:f0:ec:22:5d:95:f7:43:
                    5b:2f:56:fa:4a:bb:7d:f2:4b:c4:41:8a:d5:a4:98:
                    55:2b:72:45:24:99:0f:e7:e2:67:0c:eb:9f:ca:5d:
                    4b:67:dd:f6:72:70:69:cf:95:31:54:97:ff:d1:f7:
                    c1:39:8c:3d:5c:17:69:b4:22:ba:e7:7e:ff:5d:3f:
                    5c:44:97:4e:da:a2:8d:41:0c:fe:d4:50:f6:85:f4:
                    d8:ae:a2:c9:b4:7e:9c:a2:a9:79:74:8f:8f:c7:24:
                    9e:34:97:65:23:d7:82:2f:9f:64:f8:63:8d:b1:dc:
                    ef:96:67:ec:86:d0:39:76:8f:f4:31:63:45:7e:99:
                    8d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:30:05:2A:6F:A0:0E:6E:76:D3:86:28:9B:5F:4C:B4:A4:16:23:C2
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yDAFKm-gDm5204Yom19MtKQWI8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:28:5b:e6:8d:ca:c5:9c:2e:a5:5b:54:3a:cd:be:7b:e3:e6:
         83:02:79:52:dc:57:d2:34:7f:d9:ce:94:32:6f:07:c4:fc:65:
         56:d0:fb:e5:76:ef:3b:28:af:87:2a:28:d0:23:63:eb:a2:f6:
         8e:35:6f:c8:7f:9b:6d:0e:e7:e9:4e:53:f7:0d:05:08:27:90:
         19:3f:1e:16:2c:85:98:44:f2:64:f9:0f:5d:4d:65:c1:3c:52:
         91:52:88:36:d9:16:c0:ac:01:3a:05:07:9f:cc:19:47:0d:87:
         b8:0f:59:91:85:04:1c:c2:1a:b1:de:18:10:63:e9:67:d3:32:
         ba:1d:2f:5d:0a:bd:46:e6:7e:88:c3:65:ad:e1:3a:2a:bf:34:
         77:ae:7f:32:b2:dc:74:58:a9:a2:83:25:9a:72:ea:93:f8:cd:
         0d:27:09:74:e4:b6:af:b6:20:49:b9:70:f7:22:1c:8d:d3:da:
         6f:6a:8f:0e:4f:30:8b:87:46:aa:9a:62:77:b6:4c:96:b6:d4:
         50:0d:fe:92:6b:d8:9b:fe:22:4b:34:82:d8:b0:02:dd:83:bd:
         00:01:62:e0:e1:4c:21:5c:42:1f:3e:c4:f5:20:86:33:3e:ac:
         5c:da:62:5b:1c:a6:b9:be:1d:4c:13:08:30:e1:c0:d2:d0:2e:
         2f:f8:42:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNLM5Nu4PFJquEn+VeyjbmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQxMTIwMjAxMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODMwMDUyYTZmYTAwZTZlNzZkMzg2Mjg5YjVmNGNiNGE0MTYyM2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPAGLTEtCvKVyXOHPGPB1zTmRprS
g+UEanslOp36DEFX4FTE65bvloTY7deShBKKo7e9bLH5pwXO025FV5Rp1dJdfKnB
zsi6Ny7Mw6RskCGnuK7k55VnehI7ugDyHdGGQYxDFZQkH5JJ8MO/3NReVAhoXBYY
plMkv1hK+pUIOvDsIl2V90NbL1b6Srt98kvEQYrVpJhVK3JFJJkP5+JnDOufyl1L
Z932cnBpz5UxVJf/0ffBOYw9XBdptCK6537/XT9cRJdO2qKNQQz+1FD2hfTYrqLJ
tH6coql5dI+PxySeNJdlI9eCL59k+GONsdzvlmfshtA5do/0MWNFfpmNSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgwBSpvoA5udtOGKJtfTLSkFiPCMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEveURBRkttLWdEbTUyMDRZb20xOU10S1FXSThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+NMA0G
CSqGSIb3DQEBCwUAA4IBAQBfKFvmjcrFnC6lW1Q6zb574+aDAnlS3FfSNH/ZzpQy
bwfE/GVW0Pvldu87KK+HKijQI2ProvaONW/If5ttDufpTlP3DQUIJ5AZPx4WLIWY
RPJk+Q9dTWXBPFKRUog22RbArAE6BQefzBlHDYe4D1mRhQQcwhqx3hgQY+ln0zK6
HS9dCr1G5n6Iw2Wt4ToqvzR3rn8ystx0WKmigyWacuqT+M0NJwl05LavtiBJuXD3
IhyN09pvao8OTzCLh0aqmmJ3tkyWttRQDf6Sa9ib/iJLNILYsALdg70AAWLg4Uwh
XEIfPsT1IIYzPqxc2mJbHKa5vh1MEwgw4cDS0C4v+EIj
-----END CERTIFICATE-----