Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IYbI2EPq8p6QLyRgIg24QikXhFk.roa
File:                     IYbI2EPq8p6QLyRgIg24QikXhFk.roa (raw, json)
Hash identifier:          7Q8c4IgpSNOXL+8qNPdcz/3KykQJiRwVrL+nAc+ruB8=
Subject key identifier:   21:86:C8:D8:43:EA:F2:9E:90:2F:24:60:22:0D:B8:42:29:17:84:59
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01918398EDC2D468FA9C4F0E88C7FBC1D267
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IYbI2EPq8p6QLyRgIg24QikXhFk.roa
Signing time:             Sat 24 Aug 2024 08:55:23 +0000
ROA not before:           Sat 24 Aug 2024 08:55:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        31.184.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:83:98:ed:c2:d4:68:fa:9c:4f:0e:88:c7:fb:c1:d2:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Aug 24 08:55:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2186c8d843eaf29e902f2460220db84229178459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b9:88:4a:37:59:6a:57:14:b6:85:4a:a6:0d:
                    e9:03:10:86:a6:4a:2a:77:dd:73:40:5e:61:cc:6b:
                    b1:cc:d1:b1:14:b5:b4:69:8a:07:05:d4:e8:fe:c7:
                    be:a0:fc:f8:3e:16:6c:57:2d:7e:00:ac:f4:11:b8:
                    1e:37:c9:5a:58:41:ec:bb:3d:4c:9c:59:96:38:72:
                    19:f5:29:7d:4c:d1:cf:34:ea:ee:69:df:83:63:9b:
                    05:a7:0d:d9:9f:cb:ab:ab:2f:4b:dc:42:cf:5b:6c:
                    b8:48:3c:f8:ff:00:14:db:b5:66:04:39:b0:1f:8e:
                    8b:d4:88:83:c6:07:c3:6d:dd:74:dc:c8:2e:57:00:
                    19:16:06:e9:ca:c2:f9:a6:df:5d:59:1c:9b:88:4d:
                    e8:25:2b:60:7f:4e:59:85:07:0b:72:f8:2a:e4:d5:
                    86:46:b4:85:41:a0:4d:f0:0c:c8:25:62:b3:2d:16:
                    93:ed:f8:82:95:92:13:c9:54:d3:2f:94:a1:9b:e3:
                    96:29:53:83:b4:c4:60:be:11:60:6e:6b:ad:ce:a7:
                    94:4e:2a:5d:e9:47:f8:2e:fa:55:69:84:35:b7:80:
                    d7:f4:6d:81:c6:6b:70:80:f6:9e:cd:30:39:a0:f7:
                    64:0a:18:c5:0d:88:9f:08:fd:81:7c:58:a5:df:8a:
                    44:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:86:C8:D8:43:EA:F2:9E:90:2F:24:60:22:0D:B8:42:29:17:84:59
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IYbI2EPq8p6QLyRgIg24QikXhFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:2d:e2:96:40:7c:7c:44:87:49:69:19:39:32:4d:64:ff:1a:
         f1:9e:3d:0f:6b:53:95:42:f1:80:37:c7:f3:ce:c4:1f:7a:aa:
         c4:19:b6:a2:7d:6a:bf:ef:cb:98:9a:35:04:d9:25:7a:cd:29:
         18:99:8a:c0:5e:e0:13:84:35:45:88:31:81:f6:4e:d7:df:0b:
         34:45:f2:ae:65:19:16:44:ee:03:5e:54:46:27:db:ed:45:32:
         fc:d1:e1:8a:85:8c:67:1a:18:82:07:ad:22:76:c3:45:21:88:
         50:8c:27:01:8f:a4:12:b7:16:4c:3c:3b:e0:14:b5:c2:ba:57:
         e1:4b:61:fa:ba:08:76:ff:e7:a6:ab:9d:57:87:d6:ef:14:e2:
         44:de:6b:1e:87:32:a8:77:cd:cc:9c:97:c7:61:e4:44:c5:44:
         56:e2:67:2b:4a:3c:c9:69:d0:8e:cc:e2:dd:82:35:cd:a9:f5:
         fa:9f:4d:83:fa:59:89:53:b9:e2:bd:3b:f3:51:fe:ae:7c:df:
         ca:36:1d:81:4d:d9:bb:9f:0b:6e:ab:77:6e:10:ae:69:90:0e:
         72:d8:c1:0d:20:3d:83:4f:c3:f2:d8:a3:fe:d4:99:1e:10:31:
         f5:27:5a:d0:f9:28:f6:79:94:3c:dc:31:2d:e6:8e:02:6b:b2:
         77:17:fd:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGDmO3C1Gj6nE8OiMf7wdJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwODI0MDg1NTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg2YzhkODQzZWFmMjllOTAyZjI0NjAyMjBkYjg0MjI5MTc4NDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLmISjdZalcUtoVKpg3pAxCGpkoq
d91zQF5hzGuxzNGxFLW0aYoHBdTo/se+oPz4PhZsVy1+AKz0EbgeN8laWEHsuz1M
nFmWOHIZ9Sl9TNHPNOruad+DY5sFpw3Zn8urqy9L3ELPW2y4SDz4/wAU27VmBDmw
H46L1IiDxgfDbd103MguVwAZFgbpysL5pt9dWRybiE3oJStgf05ZhQcLcvgq5NWG
RrSFQaBN8AzIJWKzLRaT7fiClZITyVTTL5Shm+OWKVODtMRgvhFgbmutzqeUTipd
6Uf4LvpVaYQ1t4DX9G2BxmtwgPaezTA5oPdkChjFDYifCP2BfFil34pE7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGGyNhD6vKekC8kYCINuEIpF4RZMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSVliSTJFUHE4cDZRTHlSZ0lnMjRRaWtYaEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7jyMA0G
CSqGSIb3DQEBCwUAA4IBAQDGLeKWQHx8RIdJaRk5Mk1k/xrxnj0Pa1OVQvGAN8fz
zsQfeqrEGbaifWq/78uYmjUE2SV6zSkYmYrAXuAThDVFiDGB9k7X3ws0RfKuZRkW
RO4DXlRGJ9vtRTL80eGKhYxnGhiCB60idsNFIYhQjCcBj6QStxZMPDvgFLXCulfh
S2H6ugh2/+emq51Xh9bvFOJE3msehzKod83MnJfHYeRExURW4mcrSjzJadCOzOLd
gjXNqfX6n02D+lmJU7nivTvzUf6ufN/KNh2BTdm7nwtuq3duEK5pkA5y2MENID2D
T8Py2KP+1JkeEDH1J1rQ+Sj2eZQ83DEt5o4Ca7J3F/10
-----END CERTIFICATE-----