Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vaTHAgfzvcbz98uWgtckuz29Tkk.roa
File:                     vaTHAgfzvcbz98uWgtckuz29Tkk.roa (raw, json)
Hash identifier:          7V7BH72CdbIJaAroIzdpkeLr06h1vTqenrBXqZjeZDI=
Subject key identifier:   BD:A4:C7:02:07:F3:BD:C6:F3:F7:CB:96:82:D7:24:BB:3D:BD:4E:49
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5AE775D12DF36DC78BC16B34BD346
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vaTHAgfzvcbz98uWgtckuz29Tkk.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198620
IP address blocks:        31.184.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ae:77:5d:12:df:36:dc:78:bc:16:b3:4b:d3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bda4c70207f3bdc6f3f7cb9682d724bb3dbd4e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:20:03:0f:91:e0:f6:bb:8a:69:c4:12:0c:48:
                    d8:05:3e:a2:86:e7:0a:43:77:03:11:d0:3e:36:ee:
                    64:00:db:b0:ff:19:71:48:1b:43:9a:10:d0:36:e2:
                    b3:4b:85:ca:f3:ee:32:49:c4:b8:f8:44:27:57:63:
                    9d:5d:8e:eb:bb:d6:ed:ce:32:8b:0d:da:74:d3:22:
                    82:da:05:55:d2:3c:be:f3:6b:64:71:c4:b6:7e:0d:
                    f1:a6:c5:d7:e1:d9:2d:45:e6:e8:f8:14:0a:1f:72:
                    07:01:f7:fc:b9:10:b1:f0:58:78:f2:53:d3:b7:4d:
                    bf:af:a8:e2:ba:af:64:25:12:67:4a:c2:89:dc:3c:
                    8a:2b:5f:49:9e:5b:30:71:40:4a:cb:be:1a:cd:87:
                    b1:36:d6:51:6c:e5:22:9a:8f:0e:98:c6:42:6a:ab:
                    fc:3e:66:cb:09:0e:8b:73:29:be:17:0b:b6:c6:01:
                    74:1c:93:75:c4:c2:a5:76:a6:c4:cc:75:97:bd:3c:
                    c1:4a:e0:6f:60:90:3f:15:c0:72:07:ab:b1:cf:75:
                    f7:00:b2:06:db:7f:dc:b4:d1:de:cf:f1:da:b1:12:
                    93:43:8c:a6:91:1e:d4:df:cd:1d:a5:da:25:7c:25:
                    73:a9:b5:27:cb:da:95:cb:68:ed:56:72:9b:23:b2:
                    79:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A4:C7:02:07:F3:BD:C6:F3:F7:CB:96:82:D7:24:BB:3D:BD:4E:49
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vaTHAgfzvcbz98uWgtckuz29Tkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:ee:58:75:11:0f:c8:2d:44:34:b4:3c:16:74:4d:12:43:ca:
         b8:16:97:74:74:39:9d:92:81:43:b1:34:b0:ab:f8:84:6f:03:
         5d:e0:ee:ba:a7:40:67:59:8b:fc:dd:7e:7d:56:c3:39:70:14:
         52:fa:24:b7:31:48:79:9f:90:43:86:4f:55:d1:df:e8:be:18:
         2b:b9:9c:ec:61:c5:16:95:f7:72:34:75:61:96:79:02:c7:25:
         5e:ff:7f:6d:42:ea:71:bb:5d:3d:67:bf:33:13:a1:e3:5e:a8:
         7f:97:5b:4e:67:71:72:e8:7c:09:2d:61:f4:10:b8:24:43:5c:
         fc:69:bf:47:98:37:51:67:b3:12:2a:cf:e3:26:6a:29:83:09:
         bf:cd:85:3d:59:a1:d2:c3:ef:fc:b3:e8:da:1c:60:5b:cf:87:
         fd:22:65:ec:16:54:3b:a2:04:4c:c0:98:9e:4c:01:e8:49:49:
         1d:42:0e:d1:7d:51:d8:d0:df:b9:12:b9:e6:1a:98:80:c9:20:
         ab:41:d1:65:ba:02:dc:72:a5:a5:76:ee:1c:d8:b1:57:8f:78:
         94:80:1b:4c:2a:b0:57:41:73:a9:e0:db:ad:e8:09:fe:89:ca:
         ff:f2:dd:fe:9a:ca:7e:eb:73:21:15:84:5a:9a:e5:27:ce:4c:
         8d:6f:ff:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnta53XRLfNtx4vBazS9NGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGE0YzcwMjA3ZjNiZGM2ZjNmN2NiOTY4MmQ3MjRiYjNkYmQ0ZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSADD5Hg9ruKacQSDEjYBT6ihucK
Q3cDEdA+Nu5kANuw/xlxSBtDmhDQNuKzS4XK8+4yScS4+EQnV2OdXY7ru9btzjKL
Ddp00yKC2gVV0jy+82tkccS2fg3xpsXX4dktRebo+BQKH3IHAff8uRCx8Fh48lPT
t02/r6jiuq9kJRJnSsKJ3DyKK19JnlswcUBKy74azYexNtZRbOUimo8OmMZCaqv8
PmbLCQ6Lcym+Fwu2xgF0HJN1xMKldqbEzHWXvTzBSuBvYJA/FcByB6uxz3X3ALIG
23/ctNHez/HasRKTQ4ymkR7U380dpdolfCVzqbUny9qVy2jtVnKbI7J5RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2kxwIH873G8/fLloLXJLs9vU5JMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdmFUSEFnZnp2Y2J6OTh1V2d0Y2t1ejI5VGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7jsMA0G
CSqGSIb3DQEBCwUAA4IBAQDI7lh1EQ/ILUQ0tDwWdE0SQ8q4Fpd0dDmdkoFDsTSw
q/iEbwNd4O66p0BnWYv83X59VsM5cBRS+iS3MUh5n5BDhk9V0d/ovhgruZzsYcUW
lfdyNHVhlnkCxyVe/39tQupxu109Z78zE6HjXqh/l1tOZ3Fy6HwJLWH0ELgkQ1z8
ab9HmDdRZ7MSKs/jJmopgwm/zYU9WaHSw+/8s+jaHGBbz4f9ImXsFlQ7ogRMwJie
TAHoSUkdQg7RfVHY0N+5ErnmGpiAySCrQdFlugLccqWldu4c2LFXj3iUgBtMKrBX
QXOp4Nut6An+icr/8t3+msp+63MhFYRamuUnzkyNb//r
-----END CERTIFICATE-----