Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/BaCxCA1cjJQUkxvjAqelTbGITOo.roa
File:                     BaCxCA1cjJQUkxvjAqelTbGITOo.roa (raw, json)
Hash identifier:          UabA5DouJuFojtZSW4s3CT6R5bUwZ2zWmHUn3GQgpaQ=
Subject key identifier:   05:A0:B1:08:0D:5C:8C:94:14:93:1B:E3:02:A7:A5:4D:B1:88:4C:EA
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       018CC6B8B21F6C786408EC762E1AF8F4EBA2
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/BaCxCA1cjJQUkxvjAqelTbGITOo.roa
Signing time:             Mon 01 Jan 2024 20:30:42 +0000
ROA not before:           Mon 01 Jan 2024 20:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199110
IP address blocks:        31.44.251.0/24 maxlen: 24
                          31.44.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b2:1f:6c:78:64:08:ec:76:2e:1a:f8:f4:eb:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 20:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a0b1080d5c8c9414931be302a7a54db1884cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:6c:77:b1:07:fc:8c:17:62:4a:b2:64:1c:
                    8f:90:f7:ab:2c:cb:7f:be:8c:e3:01:a5:dd:fc:7b:
                    36:d6:3d:0f:fa:96:3a:34:4b:c2:c2:52:12:97:4a:
                    b8:c2:e0:53:49:33:35:6a:80:ff:79:00:aa:d7:e5:
                    cd:44:a1:6f:b6:3e:7d:03:15:37:32:a9:97:7d:38:
                    9a:05:7c:41:a0:d0:12:e4:16:b9:ad:7d:85:e3:21:
                    bc:a8:e6:69:cd:3b:b4:07:f9:ac:8f:b6:19:b7:7a:
                    41:6b:98:a3:66:27:21:e2:17:8e:35:58:df:92:23:
                    c9:f2:88:92:1e:b5:f5:3d:da:ac:28:18:df:28:8e:
                    21:a2:20:12:81:91:56:a3:4e:70:df:52:81:22:9c:
                    c2:60:99:d0:0b:d8:f1:75:c9:3b:12:98:75:99:18:
                    8a:1b:3d:94:cb:b3:63:ea:f5:8c:e8:3a:20:8f:2d:
                    ed:d2:50:e3:d9:50:9b:56:89:61:a4:81:d1:cc:7f:
                    1b:86:64:47:59:b5:cb:f2:13:5d:fb:fc:05:d2:54:
                    d0:e8:20:70:03:74:df:c3:a7:46:60:c0:e9:02:a4:
                    f9:19:dc:8c:73:49:94:68:78:5f:80:0a:d6:4f:eb:
                    f2:8d:70:ac:dd:fb:70:ac:56:1b:92:74:d5:c9:88:
                    30:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A0:B1:08:0D:5C:8C:94:14:93:1B:E3:02:A7:A5:4D:B1:88:4C:EA
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/BaCxCA1cjJQUkxvjAqelTbGITOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:86:dd:a6:e9:82:13:4e:34:21:ca:a0:cb:8e:1b:78:d2:ec:
         fb:f1:60:6a:23:47:09:91:4b:b0:ab:0d:32:8f:dd:88:63:27:
         ae:2d:8b:a6:10:ec:0b:21:b5:90:3a:f0:9c:78:eb:3a:03:48:
         77:43:b8:c8:c9:b9:74:b1:bd:af:47:96:dd:c5:7e:31:c8:64:
         01:1b:0e:22:fa:37:dd:41:41:39:5c:d7:80:53:ae:dd:2b:5d:
         41:49:7f:8b:a8:89:a5:40:33:be:92:09:ee:6b:af:e9:15:76:
         46:9a:53:f6:44:26:22:e2:48:20:79:97:f3:c3:76:d0:fa:22:
         0a:61:36:8f:2e:df:bd:d4:d4:3f:a3:53:ea:5e:c9:38:07:98:
         1c:a7:8e:cc:88:1e:f5:eb:74:96:67:4b:e8:00:86:82:b9:af:
         0d:9f:18:5b:de:5a:f4:4b:3e:a1:6c:16:39:d4:ad:e8:34:43:
         63:4f:8b:54:55:50:bb:38:79:9a:20:61:02:d7:f1:41:0d:ea:
         e1:57:eb:6d:5e:2f:8b:4d:c6:a1:05:f7:2d:1f:10:ff:7c:10:
         4e:7e:bb:11:ca:3d:14:97:c4:83:30:77:87:f8:e9:71:70:b7:
         35:77:6c:04:76:14:51:68:7a:33:80:63:2f:36:f7:ff:42:b4:
         67:78:b4:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLIfbHhkCOx2Lhr49OuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWEwYjEwODBkNWM4Yzk0MTQ5MzFiZTMwMmE3YTU0ZGIxODg0Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRFsd7EH/IwXYkqyZByPkPerLMt/
vozjAaXd/Hs21j0P+pY6NEvCwlISl0q4wuBTSTM1aoD/eQCq1+XNRKFvtj59AxU3
MqmXfTiaBXxBoNAS5Ba5rX2F4yG8qOZpzTu0B/msj7YZt3pBa5ijZich4heONVjf
kiPJ8oiSHrX1PdqsKBjfKI4hoiASgZFWo05w31KBIpzCYJnQC9jxdck7Eph1mRiK
Gz2Uy7Nj6vWM6Dogjy3t0lDj2VCbVolhpIHRzH8bhmRHWbXL8hNd+/wF0lTQ6CBw
A3Tfw6dGYMDpAqT5GdyMc0mUaHhfgArWT+vyjXCs3ftwrFYbknTVyYgw9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWgsQgNXIyUFJMb4wKnpU2xiEzqMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvQmFDeENBMWNqSlFVa3h2akFxZWxUYkdJVE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyz6MA0G
CSqGSIb3DQEBCwUAA4IBAQBqht2m6YITTjQhyqDLjht40uz78WBqI0cJkUuwqw0y
j92IYyeuLYumEOwLIbWQOvCceOs6A0h3Q7jIybl0sb2vR5bdxX4xyGQBGw4i+jfd
QUE5XNeAU67dK11BSX+LqImlQDO+kgnua6/pFXZGmlP2RCYi4kggeZfzw3bQ+iIK
YTaPLt+91NQ/o1PqXsk4B5gcp47MiB7163SWZ0voAIaCua8Nnxhb3lr0Sz6hbBY5
1K3oNENjT4tUVVC7OHmaIGEC1/FBDerhV+ttXi+LTcahBfctHxD/fBBOfrsRyj0U
l8SDMHeH+OlxcLc1d2wEdhRRaHozgGMvNvf/QrRneLTs
-----END CERTIFICATE-----