Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mzjdQ8bGGKLxqAiJZOBzKWdojLc.roa
File:                     mzjdQ8bGGKLxqAiJZOBzKWdojLc.roa (raw, json)
Hash identifier:          zW+nE2ANkEWL6YnQDiArZSzjEOS29RXKUamj5wCg++I=
Subject key identifier:   9B:38:DD:43:C6:C6:18:A2:F1:A8:08:89:64:E0:73:29:67:68:8C:B7
Certificate issuer:       /CN=1942817a29882d433bf1bb8ebc59b2ff256e803f
Certificate serial:       018CC5DCC073A9D53D0EDEB58C8FCE7008EA
Authority key identifier: 19:42:81:7A:29:88:2D:43:3B:F1:BB:8E:BC:59:B2:FF:25:6E:80:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mzjdQ8bGGKLxqAiJZOBzKWdojLc.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15935
IP address blocks:        31.130.168.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c0:73:a9:d5:3d:0e:de:b5:8c:8f:ce:70:08:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1942817a29882d433bf1bb8ebc59b2ff256e803f
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b38dd43c6c618a2f1a8088964e0732967688cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:01:b5:3a:82:6c:90:b6:5c:06:0b:ee:e2:d4:
                    16:9e:4d:bf:b6:7a:4a:89:27:68:04:52:4b:ef:6f:
                    60:3f:1b:10:45:d5:26:0e:3b:9a:6b:58:9d:31:38:
                    35:c7:5b:a0:2b:59:93:a5:2c:f4:5b:e3:3f:ea:d6:
                    69:3a:14:6e:27:23:60:db:be:64:59:6c:a0:f4:8d:
                    83:f0:ea:78:44:ff:3a:73:43:09:73:4f:a0:ac:bd:
                    0f:11:d9:79:36:d4:2f:29:01:7e:32:25:10:d1:24:
                    7e:f8:1a:3a:32:68:8e:f3:5d:f1:bd:8b:b9:2f:46:
                    e5:87:e9:2a:de:61:58:d2:f1:c4:af:b6:2f:20:a8:
                    18:de:12:70:89:a0:77:86:97:eb:dc:67:31:fa:7e:
                    32:78:32:f6:2d:61:06:d2:97:f4:4a:8a:e7:ec:2f:
                    f2:da:39:f2:24:20:34:fe:e4:f6:17:43:cc:1b:9c:
                    db:85:e5:5d:2c:70:e8:6c:41:18:62:af:fe:56:bf:
                    29:43:e7:38:c8:da:b1:68:41:85:aa:1d:dd:9a:ad:
                    c5:06:23:3f:e5:3c:2a:dc:33:98:60:19:16:8e:b4:
                    30:9a:6d:c0:be:92:c9:c3:cb:01:0d:fa:ba:d0:92:
                    6a:e0:ce:3a:9e:bf:72:b3:eb:c5:2c:de:13:fc:26:
                    3c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:38:DD:43:C6:C6:18:A2:F1:A8:08:89:64:E0:73:29:67:68:8C:B7
            X509v3 Authority Key Identifier:
                keyid:19:42:81:7A:29:88:2D:43:3B:F1:BB:8E:BC:59:B2:FF:25:6E:80:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mzjdQ8bGGKLxqAiJZOBzKWdojLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:df:9c:49:19:f1:70:29:83:d4:9a:71:5a:a1:e8:cc:8a:ac:
         d1:d1:c0:86:1f:b8:e0:15:8c:d1:e7:7d:cd:75:ae:d9:2e:38:
         a1:80:8c:82:37:79:49:00:f2:d0:b9:42:fe:72:85:0f:a6:67:
         c2:11:4a:a8:97:57:68:f6:9f:d6:f1:42:fd:2d:65:4a:a3:1f:
         f3:4e:29:1f:12:2b:dc:d7:0c:bb:82:39:28:67:e5:94:54:3f:
         f5:0a:7e:02:14:6d:e8:84:3f:bf:b4:94:0d:d8:4e:2e:33:53:
         bc:23:12:44:0d:64:f4:f4:7f:b2:53:ca:c1:f3:3a:c5:99:51:
         4e:10:11:51:b1:03:9e:7e:c9:91:f4:89:c3:e5:ba:4f:8c:0a:
         d1:b1:e7:7c:3d:00:28:5f:e5:2e:e7:5e:36:47:62:2a:7b:1e:
         dd:9a:f6:db:2d:44:4c:16:a5:09:a8:17:2a:f0:7f:ae:e0:78:
         6e:fb:85:16:c6:1e:4f:66:52:8d:f8:e8:12:62:3a:45:4a:03:
         36:a2:cf:03:e0:66:b0:39:7e:d4:ac:fa:45:31:a3:10:a8:9e:
         d0:a6:fd:a7:a8:5f:e7:a5:a8:a2:63:ef:38:4d:27:a7:eb:9c:
         d3:13:72:42:e4:99:32:04:10:08:04:f7:cf:ec:5f:ca:8f:3b:
         93:d8:b4:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MBzqdU9Dt61jI/OcAjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI4MTdhMjk4ODJkNDMzYmYxYmI4ZWJjNTliMmZmMjU2
ZTgwM2YwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM4ZGQ0M2M2YzYxOGEyZjFhODA4ODk2NGUwNzMyOTY3Njg4Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwG1OoJskLZcBgvu4tQWnk2/tnpK
iSdoBFJL729gPxsQRdUmDjuaa1idMTg1x1ugK1mTpSz0W+M/6tZpOhRuJyNg275k
WWyg9I2D8Op4RP86c0MJc0+grL0PEdl5NtQvKQF+MiUQ0SR++Bo6MmiO813xvYu5
L0blh+kq3mFY0vHEr7YvIKgY3hJwiaB3hpfr3Gcx+n4yeDL2LWEG0pf0Sorn7C/y
2jnyJCA0/uT2F0PMG5zbheVdLHDobEEYYq/+Vr8pQ+c4yNqxaEGFqh3dmq3FBiM/
5Twq3DOYYBkWjrQwmm3AvpLJw8sBDfq60JJq4M46nr9ys+vFLN4T/CY8iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs43UPGxhii8agIiWTgcylnaIy3MB8GA1UdIwQY
MBaAFBlCgXopiC1DO/G7jrxZsv8lboA/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VLQmVpbUlMVU03OGJ1T3ZGbXlfeVZ1Z0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS81MzAwNjQtMjQ4Mi00NWJlLWJmZmUt
ZmRkZTU4YWIyOWY5LzEvbXpqZFE4YkdHS0x4cUFpSlpPQnpLV2RvakxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS81MzAwNjQtMjQ4Mi00NWJlLWJmZmUtZmRkZTU4YWIyOWY5
LzEvR1VLQmVpbUlMVU03OGJ1T3ZGbXlfeVZ1Z0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4KoMA0G
CSqGSIb3DQEBCwUAA4IBAQA935xJGfFwKYPUmnFaoejMiqzR0cCGH7jgFYzR533N
da7ZLjihgIyCN3lJAPLQuUL+coUPpmfCEUqol1do9p/W8UL9LWVKox/zTikfEivc
1wy7gjkoZ+WUVD/1Cn4CFG3ohD+/tJQN2E4uM1O8IxJEDWT09H+yU8rB8zrFmVFO
EBFRsQOefsmR9InD5bpPjArRsed8PQAoX+Uu5142R2Iqex7dmvbbLURMFqUJqBcq
8H+u4Hhu+4UWxh5PZlKN+OgSYjpFSgM2os8D4GawOX7UrPpFMaMQqJ7Qpv2nqF/n
paiiY+84TSen65zTE3JC5JkyBBAIBPfP7F/KjzuT2LRt
-----END CERTIFICATE-----