Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/oeE7D9jr5jGqNH0jcvAxGTVozbU.roa
File:                     oeE7D9jr5jGqNH0jcvAxGTVozbU.roa (raw, json)
Hash identifier:          nMEpBP1o02RSrG2LFj2KZGqJPggabkcs9O9j1jwOCmE=
Subject key identifier:   A1:E1:3B:0F:D8:EB:E6:31:AA:34:7D:23:72:F0:31:19:35:68:CD:B5
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       018CC6B8B033E6DBCA25DBB422281986C71B
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/oeE7D9jr5jGqNH0jcvAxGTVozbU.roa
Signing time:             Mon 01 Jan 2024 20:30:41 +0000
ROA not before:           Mon 01 Jan 2024 20:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42971
IP address blocks:        31.44.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b0:33:e6:db:ca:25:db:b4:22:28:19:86:c7:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 20:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e13b0fd8ebe631aa347d2372f031193568cdb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:31:6b:95:64:0a:6d:65:b8:d1:3d:60:a5:
                    78:0a:eb:8c:6b:bf:1a:32:c2:2f:a7:b5:a9:19:62:
                    d7:4d:66:92:3e:5f:df:3e:e5:50:21:86:ef:0b:fd:
                    77:43:19:dd:31:9e:34:7b:96:40:48:c0:23:74:eb:
                    e1:4c:e9:3a:d3:c6:92:11:2e:f9:db:c4:2c:7d:b0:
                    3f:bd:3a:7d:7f:65:47:6e:15:5f:61:7e:a9:ff:94:
                    24:84:e1:1e:d7:b9:03:7a:b1:7f:65:d7:b7:23:4b:
                    bb:e5:b6:23:fc:9b:96:85:c2:0b:fb:21:01:93:6f:
                    7e:94:ce:52:c9:f5:68:1d:a1:66:5c:e0:7e:42:10:
                    a9:81:c6:17:d3:c2:9b:4e:93:21:ae:1f:e8:26:1a:
                    1e:c0:a3:e3:59:43:6f:0b:8f:77:68:c8:73:02:b5:
                    a4:bd:90:4f:4e:6f:8b:08:a8:df:af:00:44:99:f0:
                    13:69:92:e1:c1:41:ed:7e:bc:da:04:c4:78:fd:5c:
                    5f:6f:3c:7c:9b:8d:b7:be:9a:92:dc:c0:0e:b2:ae:
                    f9:8e:5f:c6:cd:ed:6c:55:6a:6b:e3:e5:6b:81:13:
                    52:ba:09:a2:76:cb:5b:6f:37:1b:87:9a:44:76:ef:
                    2f:71:b0:d1:91:a7:5e:b4:1b:9d:3e:68:9c:1a:ab:
                    9f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E1:3B:0F:D8:EB:E6:31:AA:34:7D:23:72:F0:31:19:35:68:CD:B5
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/oeE7D9jr5jGqNH0jcvAxGTVozbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:39:9f:87:65:c6:8a:60:62:f7:ed:d1:4d:18:ae:2e:03:7b:
         46:ea:a8:ec:96:d9:75:66:aa:b4:fe:65:d0:20:a5:94:53:b4:
         f2:7b:d0:81:a0:49:52:a5:93:6b:32:27:95:3e:e4:0b:46:23:
         0b:03:0f:46:be:e7:50:2c:8a:65:19:9e:d5:8e:54:10:2a:f4:
         d2:97:1c:e0:58:2f:fb:db:41:65:b9:06:7b:87:e6:20:0c:fd:
         ee:ba:8e:58:2d:c3:2f:d3:0c:61:73:50:4b:db:d2:33:43:1f:
         04:00:ac:50:ba:a2:c0:13:da:99:f0:f4:f3:1a:d0:b0:2f:3f:
         58:50:d9:0d:5f:40:31:60:12:63:60:82:70:ff:2d:13:ad:09:
         36:a6:6f:4a:b3:02:76:2e:74:d6:87:67:67:00:d6:d3:bf:79:
         34:c4:d7:a0:1d:62:5f:eb:63:3e:52:93:84:27:6d:1c:fa:e8:
         bd:11:39:60:5d:50:85:eb:d7:79:4c:1b:5d:10:07:7d:d6:53:
         9b:ee:13:ea:6e:3f:da:ae:ea:39:1a:96:ed:d8:4f:d6:f4:87:
         4c:05:39:d5:7a:45:8d:6a:f6:db:51:c0:12:18:13:59:c1:ba:
         2c:ab:10:17:62:40:00:df:bb:8a:d8:41:f2:cd:76:00:2a:ca:
         31:55:b6:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLAz5tvKJdu0IigZhscbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjQwMTAxMjAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWUxM2IwZmQ4ZWJlNjMxYWEzNDdkMjM3MmYwMzExOTM1NjhjZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTAxa5VkCm1luNE9YKV4CuuMa78a
MsIvp7WpGWLXTWaSPl/fPuVQIYbvC/13QxndMZ40e5ZASMAjdOvhTOk608aSES75
28QsfbA/vTp9f2VHbhVfYX6p/5QkhOEe17kDerF/Zde3I0u75bYj/JuWhcIL+yEB
k29+lM5SyfVoHaFmXOB+QhCpgcYX08KbTpMhrh/oJhoewKPjWUNvC493aMhzArWk
vZBPTm+LCKjfrwBEmfATaZLhwUHtfrzaBMR4/Vxfbzx8m423vpqS3MAOsq75jl/G
ze1sVWpr4+VrgRNSugmidstbbzcbh5pEdu8vcbDRkadetBudPmicGqufXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHhOw/Y6+YxqjR9I3LwMRk1aM21MB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvb2VFN0Q5anI1akdxTkgwamN2QXhHVFZvemJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyz4MA0G
CSqGSIb3DQEBCwUAA4IBAQAhOZ+HZcaKYGL37dFNGK4uA3tG6qjsltl1Zqq0/mXQ
IKWUU7Tye9CBoElSpZNrMieVPuQLRiMLAw9GvudQLIplGZ7VjlQQKvTSlxzgWC/7
20FluQZ7h+YgDP3uuo5YLcMv0wxhc1BL29IzQx8EAKxQuqLAE9qZ8PTzGtCwLz9Y
UNkNX0AxYBJjYIJw/y0TrQk2pm9KswJ2LnTWh2dnANbTv3k0xNegHWJf62M+UpOE
J20c+ui9ETlgXVCF69d5TBtdEAd91lOb7hPqbj/aruo5Gpbt2E/W9IdMBTnVekWN
avbbUcASGBNZwbosqxAXYkAA37uK2EHyzXYAKsoxVbaY
-----END CERTIFICATE-----