Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vkPeyuGVsLuVjCJLtnjirWE9r98.roa
File:                     vkPeyuGVsLuVjCJLtnjirWE9r98.roa (raw, json)
Hash identifier:          XSsytOfyrU1lWo6vSgGfnCy0p7eVtPC+6UFeMmWY1kE=
Subject key identifier:   BE:43:DE:CA:E1:95:B0:BB:95:8C:22:4B:B6:78:E2:AD:61:3D:AF:DF
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5AD3CCAB163C540213189A670E624
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vkPeyuGVsLuVjCJLtnjirWE9r98.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197868
IP address blocks:        31.44.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ad:3c:ca:b1:63:c5:40:21:31:89:a6:70:e6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be43decae195b0bb958c224bb678e2ad613dafdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fd:73:1a:53:0e:dd:28:88:18:92:36:47:7e:
                    e9:99:ff:c2:a3:04:39:2a:c8:c4:e8:02:a4:06:ca:
                    ed:42:66:fe:a4:da:89:07:e3:c1:dc:68:b3:3f:57:
                    3c:86:f6:8b:6b:24:d1:10:f2:b3:ab:1f:17:9c:5d:
                    5a:12:97:b9:bb:a1:c3:ed:19:9a:63:aa:51:0b:27:
                    b4:4b:d1:37:e2:ec:ee:b0:d9:cd:7c:c3:5d:55:5a:
                    5d:fb:aa:c4:4d:6b:ee:5e:eb:a0:a4:9c:65:82:c7:
                    62:67:b8:08:be:f0:43:1b:be:f5:97:68:ba:d0:d3:
                    2e:05:a1:22:bf:fb:92:29:3f:45:c3:21:f2:9e:77:
                    12:85:3e:05:38:e8:ba:ae:03:05:f3:9a:7f:30:68:
                    30:a6:28:8e:9c:5b:fc:ef:d5:7c:02:74:d4:34:02:
                    ee:3c:7f:47:41:87:97:89:be:64:8c:f4:36:d4:c7:
                    07:50:0e:41:6b:d2:d4:ed:e1:77:5e:fd:c3:4f:26:
                    94:7b:79:77:e4:c1:8b:73:a2:f9:32:de:38:8f:21:
                    3b:fc:b5:be:ca:74:07:a1:15:52:2c:cb:b4:87:35:
                    d6:b8:22:d8:ef:71:7a:e5:cc:07:73:35:48:de:2d:
                    7a:d2:a9:24:d5:4e:a7:0f:89:74:37:59:d7:de:61:
                    66:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:43:DE:CA:E1:95:B0:BB:95:8C:22:4B:B6:78:E2:AD:61:3D:AF:DF
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vkPeyuGVsLuVjCJLtnjirWE9r98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:03:25:76:e9:75:f8:d1:b5:15:5f:a7:5c:cc:7a:72:29:4b:
         99:78:bf:3e:1f:20:e1:6c:b4:3b:1d:81:f7:b6:72:9a:d4:18:
         3f:1d:dd:39:4d:fc:25:1b:7a:7d:51:5b:dc:be:f2:20:c7:ea:
         3b:54:6f:a3:2d:82:08:92:d8:94:cd:3b:46:99:37:e9:a5:3c:
         47:3a:36:14:8d:ed:ca:fd:e7:36:0e:28:7d:d8:61:40:cb:b8:
         78:a5:de:f5:f3:83:d3:bd:c4:c2:b2:55:c6:23:97:81:bf:6b:
         a8:ea:76:bc:8c:29:1f:66:f1:b2:37:77:ff:b9:76:15:00:5e:
         d6:63:4f:db:c0:c1:17:d5:80:4d:da:f0:98:37:03:57:85:a2:
         29:e5:b0:4d:09:6d:ca:ea:8b:03:b2:1d:8a:e1:82:af:50:2a:
         a2:ed:b8:6a:72:f8:c6:ee:26:c0:d2:25:9b:e8:90:fd:32:1c:
         5d:b9:d0:8f:55:4b:38:fe:6c:81:98:2c:ff:ab:62:eb:53:81:
         72:88:2f:4d:7d:df:b9:49:82:f0:a1:19:9f:aa:de:90:1a:d5:
         49:8a:ab:78:16:db:c5:cf:18:41:2b:70:8a:c3:9b:f5:8e:ad:
         c3:d6:11:a5:96:b4:f2:41:26:f5:fc:81:07:11:a1:ef:1c:af:
         df:49:bd:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnta08yrFjxUAhMYmmcOYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQzZGVjYWUxOTViMGJiOTU4YzIyNGJiNjc4ZTJhZDYxM2RhZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf1zGlMO3SiIGJI2R37pmf/CowQ5
KsjE6AKkBsrtQmb+pNqJB+PB3GizP1c8hvaLayTREPKzqx8XnF1aEpe5u6HD7Rma
Y6pRCye0S9E34uzusNnNfMNdVVpd+6rETWvuXuugpJxlgsdiZ7gIvvBDG771l2i6
0NMuBaEiv/uSKT9FwyHynncShT4FOOi6rgMF85p/MGgwpiiOnFv879V8AnTUNALu
PH9HQYeXib5kjPQ21McHUA5Ba9LU7eF3Xv3DTyaUe3l35MGLc6L5Mt44jyE7/LW+
ynQHoRVSLMu0hzXWuCLY73F65cwHczVI3i160qkk1U6nD4l0N1nX3mFm4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5D3srhlbC7lYwiS7Z44q1hPa/fMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdmtQZXl1R1ZzTHVWakNKTHRuamlyV0U5cjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyy4MA0G
CSqGSIb3DQEBCwUAA4IBAQAgAyV26XX40bUVX6dczHpyKUuZeL8+HyDhbLQ7HYH3
tnKa1Bg/Hd05TfwlG3p9UVvcvvIgx+o7VG+jLYIIktiUzTtGmTfppTxHOjYUje3K
/ec2Dih92GFAy7h4pd7184PTvcTCslXGI5eBv2uo6na8jCkfZvGyN3f/uXYVAF7W
Y0/bwMEX1YBN2vCYNwNXhaIp5bBNCW3K6osDsh2K4YKvUCqi7bhqcvjG7ibA0iWb
6JD9MhxdudCPVUs4/myBmCz/q2LrU4FyiC9Nfd+5SYLwoRmfqt6QGtVJiqt4FtvF
zxhBK3CKw5v1jq3D1hGllrTyQSb1/IEHEaHvHK/fSb07
-----END CERTIFICATE-----