Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/mPRYdtyLk-KOdptUX2-fkEzxkJM.roa
File:                     mPRYdtyLk-KOdptUX2-fkEzxkJM.roa (raw, json)
Hash identifier:          01HgMc41TW81cnQ3pXQwm3+r0lhZpx/6lUoJpmR7ud0=
Subject key identifier:   98:F4:58:76:DC:8B:93:E2:8E:76:9B:54:5F:6F:9F:90:4C:F1:90:93
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B55E01B95261E9E5ECC7FD66720EB
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/mPRYdtyLk-KOdptUX2-fkEzxkJM.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57694
IP address blocks:        31.172.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:55:e0:1b:95:26:1e:9e:5e:cc:7f:d6:67:20:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98f45876dc8b93e28e769b545f6f9f904cf19093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:71:cb:12:6d:7c:74:a9:63:a6:19:4c:86:1a:
                    95:0a:6e:48:07:9a:11:62:72:04:a7:c0:df:86:d8:
                    6c:19:49:f6:f7:24:d5:3e:37:d6:01:83:61:df:a6:
                    b0:1a:e5:df:27:4a:d2:26:49:1b:01:e4:47:a1:3b:
                    c4:15:0e:6b:ce:69:af:71:46:5c:1f:de:d8:c0:90:
                    62:89:4e:0e:1e:06:52:d1:ae:b0:db:05:d7:90:e9:
                    ba:18:8f:a5:41:f1:94:af:8c:a1:ce:13:f1:e2:80:
                    da:be:53:ae:41:5f:72:22:6e:7c:7e:35:55:fa:f0:
                    70:15:cf:0b:0a:a9:81:b0:c3:f0:c2:4a:f8:9f:bc:
                    a1:84:19:1a:0f:f8:74:c9:d9:4c:12:7f:5c:50:bf:
                    38:6c:92:97:55:54:5a:1d:37:da:e8:9a:77:7f:88:
                    e8:e7:fe:fc:cb:05:e6:fd:2d:1d:a6:11:fa:23:8a:
                    a0:40:fa:2f:b0:a0:4b:69:21:24:5d:00:5f:43:0b:
                    5c:8e:40:0e:85:8c:57:9b:0d:fd:8d:b9:86:5a:cc:
                    b6:01:ff:c4:bd:66:69:d9:58:8c:4c:6b:4b:36:bd:
                    eb:67:e3:9e:df:98:7b:af:e3:f0:0a:cc:5b:2b:14:
                    8d:ea:9e:7f:a4:83:77:af:a2:a4:f8:ae:bb:4b:23:
                    3f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F4:58:76:DC:8B:93:E2:8E:76:9B:54:5F:6F:9F:90:4C:F1:90:93
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/mPRYdtyLk-KOdptUX2-fkEzxkJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:02:ea:b7:e0:25:0c:d9:6f:e9:fe:ba:2a:2a:b0:60:14:96:
         38:74:0e:3b:43:8d:28:72:7c:d0:45:01:fd:9d:88:b7:9e:41:
         90:31:83:77:fd:6a:3e:82:45:20:e6:cd:a3:c8:8e:08:ae:b9:
         4e:a4:da:3b:37:c2:24:86:7e:fd:d6:08:8e:bd:61:fa:85:35:
         b4:77:16:a1:5a:48:df:84:b5:ef:b2:ac:b4:7e:2f:c3:d7:1c:
         9f:c6:3c:d2:54:57:18:39:6c:6b:64:5f:79:22:4c:4d:a1:28:
         8f:8f:ca:6e:9b:ec:23:4d:c0:87:7a:f6:84:a1:37:56:e3:1f:
         2c:3e:d1:db:f3:03:99:43:7e:81:cb:3b:75:b2:13:79:3f:71:
         c5:6d:1e:f7:1b:37:4b:d6:f4:a6:e7:3d:c6:dd:42:0e:5e:de:
         65:ae:80:af:52:fb:48:4d:81:0a:e1:f2:93:6f:30:cd:ee:db:
         6f:f8:9b:43:53:06:14:f5:cf:b1:77:da:44:43:52:97:7c:52:
         9a:4a:6a:c7:03:a7:9b:52:e2:91:cc:f6:fb:d2:3f:fd:4d:5a:
         52:3c:74:35:27:3f:13:1e:b9:54:10:90:43:0b:78:9b:17:7a:
         2e:20:0f:f4:da:62:7a:a9:7c:6d:d6:97:69:60:29:b3:e6:d7:
         84:a8:56:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1XgG5UmHp5ezH/WZyDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGY0NTg3NmRjOGI5M2UyOGU3NjliNTQ1ZjZmOWY5MDRjZjE5MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnHLEm18dKljphlMhhqVCm5IB5oR
YnIEp8DfhthsGUn29yTVPjfWAYNh36awGuXfJ0rSJkkbAeRHoTvEFQ5rzmmvcUZc
H97YwJBiiU4OHgZS0a6w2wXXkOm6GI+lQfGUr4yhzhPx4oDavlOuQV9yIm58fjVV
+vBwFc8LCqmBsMPwwkr4n7yhhBkaD/h0ydlMEn9cUL84bJKXVVRaHTfa6Jp3f4jo
5/78ywXm/S0dphH6I4qgQPovsKBLaSEkXQBfQwtcjkAOhYxXmw39jbmGWsy2Af/E
vWZp2ViMTGtLNr3rZ+Oe35h7r+PwCsxbKxSN6p5/pIN3r6Kk+K67SyM/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJj0WHbci5PijnabVF9vn5BM8ZCTMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvbVBSWWR0eUxrLUtPZHB0VVgyLWZrRXp4a0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6zvMA0G
CSqGSIb3DQEBCwUAA4IBAQBiAuq34CUM2W/p/roqKrBgFJY4dA47Q40ocnzQRQH9
nYi3nkGQMYN3/Wo+gkUg5s2jyI4IrrlOpNo7N8Ikhn791giOvWH6hTW0dxahWkjf
hLXvsqy0fi/D1xyfxjzSVFcYOWxrZF95IkxNoSiPj8pum+wjTcCHevaEoTdW4x8s
PtHb8wOZQ36Byzt1shN5P3HFbR73GzdL1vSm5z3G3UIOXt5lroCvUvtITYEK4fKT
bzDN7ttv+JtDUwYU9c+xd9pEQ1KXfFKaSmrHA6ebUuKRzPb70j/9TVpSPHQ1Jz8T
HrlUEJBDC3ibF3ouIA/02mJ6qXxt1pdpYCmz5teEqFbX
-----END CERTIFICATE-----