Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/hDGxH1i_UvckxbfB7yigAmeooa4.roa
File:                     hDGxH1i_UvckxbfB7yigAmeooa4.roa (raw, json)
Hash identifier:          hcnKjGzFrPPqtY+FcGgfPCtE1/k0OEZ0xElodBdizqs=
Subject key identifier:   84:31:B1:1F:58:BF:52:F7:24:C5:B7:C1:EF:28:A0:02:67:A8:A1:AE
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       018CC50118FE06976A880C5D1F1E2347F500
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/hDGxH1i_UvckxbfB7yigAmeooa4.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        31.171.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:18:fe:06:97:6a:88:0c:5d:1f:1e:23:47:f5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8431b11f58bf52f724c5b7c1ef28a00267a8a1ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3a:23:76:5b:e5:c9:91:a8:35:88:ca:24:95:
                    00:b9:f4:19:db:30:19:a6:22:e0:85:7f:fe:6b:a7:
                    cf:d0:6e:02:91:83:c6:48:29:e9:02:42:01:a1:4d:
                    9f:41:cf:bf:73:87:45:f2:0b:31:42:bd:c2:77:06:
                    34:4e:7d:70:a2:42:09:b3:e2:2b:7d:a5:3b:9a:cd:
                    af:ee:26:29:f5:ce:46:e0:62:fc:c5:aa:95:d8:3b:
                    29:a7:d0:22:bd:8b:c4:0b:0e:58:eb:15:50:50:33:
                    f8:67:c2:4e:bb:28:77:29:b4:f0:1d:72:93:70:25:
                    3a:94:e5:c8:ff:30:68:8f:02:c2:d7:e3:53:25:74:
                    92:9b:4f:06:62:65:57:1a:a1:f7:02:d1:a6:44:74:
                    80:2e:32:fc:f5:87:c2:f8:f3:02:1c:41:27:b4:96:
                    39:a9:d4:1a:72:70:c9:c1:a9:be:e6:3e:f0:a4:e3:
                    c1:21:c7:9d:7a:7f:4c:02:76:7f:0d:cd:77:1b:23:
                    01:b2:ea:37:7c:df:9a:24:5f:57:22:36:a1:09:ea:
                    e6:d7:10:6c:60:11:b8:79:f1:f6:20:25:db:08:79:
                    8b:db:96:ea:b1:bd:cc:eb:37:1a:79:ae:0d:98:03:
                    71:4c:28:e5:84:25:8b:71:db:cb:26:d3:33:36:c9:
                    2b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:31:B1:1F:58:BF:52:F7:24:C5:B7:C1:EF:28:A0:02:67:A8:A1:AE
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/hDGxH1i_UvckxbfB7yigAmeooa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:4b:c9:55:be:90:85:d4:99:67:37:f5:40:5b:e6:03:94:87:
         c7:70:4b:c0:ed:48:5d:41:e4:c8:91:8b:a7:1b:cd:3a:bf:ae:
         78:2d:fd:83:e9:49:ba:1e:ac:d5:2b:57:ea:56:b5:d9:ae:e0:
         cb:23:cf:62:b2:e8:e9:f5:3a:07:7e:32:e8:95:8c:e4:03:a9:
         32:3c:50:de:14:0c:93:1b:70:cb:da:79:d1:af:36:31:f7:46:
         0c:c8:95:18:79:33:d1:c6:38:ef:7b:c3:a6:46:fc:08:47:a6:
         81:cb:7a:d3:b5:44:d0:36:f7:a5:76:49:26:5b:0c:de:72:79:
         bb:08:76:88:fc:cb:30:ca:89:ae:1f:d2:7e:1f:fc:1d:49:9f:
         e4:77:5f:41:2a:68:21:c4:9e:0c:a6:bb:d5:38:0b:40:28:6b:
         bd:bb:41:7a:c8:47:ef:e2:bb:98:1c:01:ac:66:27:26:fe:77:
         1e:03:c0:1a:f0:8f:10:2b:3b:a7:53:06:ff:cd:97:73:6e:9e:
         a1:94:59:99:35:89:c8:28:4f:99:e5:9e:fb:c9:f8:95:5c:1a:
         a2:09:a9:7d:4a:89:f6:17:92:41:fc:c0:9e:2b:c2:58:35:6c:
         96:43:c0:dc:7c:7c:23:42:39:f0:31:91:a1:a7:31:31:bf:6e:
         95:21:b9:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARj+BpdqiAxdHx4jR/UAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDMxYjExZjU4YmY1MmY3MjRjNWI3YzFlZjI4YTAwMjY3YThhMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDojdlvlyZGoNYjKJJUAufQZ2zAZ
piLghX/+a6fP0G4CkYPGSCnpAkIBoU2fQc+/c4dF8gsxQr3CdwY0Tn1wokIJs+Ir
faU7ms2v7iYp9c5G4GL8xaqV2Dspp9AivYvECw5Y6xVQUDP4Z8JOuyh3KbTwHXKT
cCU6lOXI/zBojwLC1+NTJXSSm08GYmVXGqH3AtGmRHSALjL89YfC+PMCHEEntJY5
qdQacnDJwam+5j7wpOPBIceden9MAnZ/Dc13GyMBsuo3fN+aJF9XIjahCerm1xBs
YBG4efH2ICXbCHmL25bqsb3M6zcaea4NmANxTCjlhCWLcdvLJtMzNskrvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQxsR9Yv1L3JMW3we8ooAJnqKGuMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvaERHeEgxaV9VdmNreGJmQjd5aWdBbWVvb2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6uAMA0G
CSqGSIb3DQEBCwUAA4IBAQCiS8lVvpCF1JlnN/VAW+YDlIfHcEvA7UhdQeTIkYun
G806v654Lf2D6Um6HqzVK1fqVrXZruDLI89isujp9ToHfjLolYzkA6kyPFDeFAyT
G3DL2nnRrzYx90YMyJUYeTPRxjjve8OmRvwIR6aBy3rTtUTQNveldkkmWwzecnm7
CHaI/MswyomuH9J+H/wdSZ/kd19BKmghxJ4MprvVOAtAKGu9u0F6yEfv4ruYHAGs
Zicm/nceA8Aa8I8QKzunUwb/zZdzbp6hlFmZNYnIKE+Z5Z77yfiVXBqiCal9Son2
F5JB/MCeK8JYNWyWQ8DcfHwjQjnwMZGhpzExv26VIbn0
-----END CERTIFICATE-----