Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/KOr2bUDL-MnbpFl1b9vdM7YpTL0.roa
File:                     KOr2bUDL-MnbpFl1b9vdM7YpTL0.roa (raw, json)
Hash identifier:          +16lARCy1sAwzfEV87bHcV/gWfDu5dRytQDUs2c1Rno=
Subject key identifier:   28:EA:F6:6D:40:CB:F8:C9:DB:A4:59:75:6F:DB:DD:33:B6:29:4C:BD
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       018EFB6BC89AAB3DD9B3930DE7B1EDE85DA0
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/KOr2bUDL-MnbpFl1b9vdM7YpTL0.roa
Signing time:             Sat 20 Apr 2024 12:12:08 +0000
ROA not before:           Sat 20 Apr 2024 12:12:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39318
IP address blocks:        31.210.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fb:6b:c8:9a:ab:3d:d9:b3:93:0d:e7:b1:ed:e8:5d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Apr 20 12:12:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28eaf66d40cbf8c9dba459756fdbdd33b6294cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4c:30:fe:13:a0:32:58:ae:e4:19:1f:9d:49:
                    4a:9b:64:ba:cc:e4:bc:bc:01:d1:7e:29:52:2d:e2:
                    d2:6b:6e:56:b9:c5:7e:91:44:c0:63:54:1e:4b:f4:
                    95:55:33:43:14:58:b5:58:c8:77:9b:73:b7:07:3e:
                    6b:20:2c:59:0d:b3:23:3c:ed:bd:d8:8e:7b:e8:77:
                    7e:03:cd:1b:cd:ac:c1:cb:58:e2:49:e3:fe:d3:b2:
                    07:93:c1:1e:07:44:78:28:ad:b0:a7:f8:70:cd:0b:
                    e0:7b:bf:bf:20:a9:f0:24:6c:cb:38:e2:e1:ee:cd:
                    78:97:f8:f1:46:70:b0:98:3b:f7:cb:b2:f6:2c:29:
                    a9:41:fc:60:45:fb:b7:75:f0:8c:ca:65:bf:71:f3:
                    82:c9:41:4b:fb:fd:44:cc:0a:66:49:c6:d3:92:d4:
                    5a:ba:32:2e:f1:99:4d:4a:68:de:f5:ce:0d:04:62:
                    f9:b9:8d:05:28:b7:99:bd:37:e3:91:dd:86:b4:7d:
                    c6:29:6e:3a:5c:5e:0d:b9:3e:cd:79:54:1e:f6:f4:
                    65:4b:05:9b:73:90:01:ed:7f:c9:80:39:b7:50:92:
                    52:c5:41:62:15:0e:8c:e4:e9:e3:e1:b5:d8:96:48:
                    51:b1:ff:1d:a0:97:8c:9d:27:6e:f8:da:f5:22:51:
                    1e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EA:F6:6D:40:CB:F8:C9:DB:A4:59:75:6F:DB:DD:33:B6:29:4C:BD
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/KOr2bUDL-MnbpFl1b9vdM7YpTL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:35:8f:7e:25:be:fa:96:e3:59:05:af:86:4d:8c:88:46:f1:
         a2:87:cf:7c:25:1b:d1:83:e3:33:53:95:e2:50:28:87:a3:1e:
         ef:bc:de:34:95:42:be:a5:74:c0:be:5b:ed:1d:16:0e:40:b8:
         18:e6:14:e7:a9:aa:98:aa:45:9d:e8:ae:f7:be:96:6a:9c:5f:
         4c:ca:eb:ff:e4:c5:a9:f6:1c:4d:8e:73:2c:1d:a9:c1:e9:e2:
         f6:8c:50:7c:5c:81:93:3f:b0:a6:25:92:db:f3:35:ca:8a:ee:
         3c:e5:31:0d:d1:8f:4e:93:ad:d4:7c:a5:1e:4f:ad:c9:54:69:
         c1:ba:11:dd:fd:cb:cb:82:0a:3b:32:ea:9e:3c:e5:59:4f:90:
         dd:43:9c:9a:4b:2a:be:b0:01:0f:1c:16:f2:a0:a4:6f:0b:af:
         72:b2:ca:6f:73:e4:42:44:38:a6:b7:4e:29:f4:d2:1b:c1:7c:
         ec:6b:c5:d5:81:58:26:08:33:b6:04:e4:fb:56:73:06:81:85:
         ca:3c:87:4f:41:70:7f:e4:fe:db:3f:d4:43:16:04:e5:5b:f4:
         46:bc:07:6a:37:79:b9:60:f7:78:81:10:04:03:aa:07:b8:a5:
         f2:eb:58:e6:61:44:0f:b6:75:56:64:a0:e0:67:bc:15:35:12:
         19:8c:aa:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY77a8iaqz3Zs5MN57Ht6F2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjQwNDIwMTIxMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVhZjY2ZDQwY2JmOGM5ZGJhNDU5NzU2ZmRiZGQzM2I2Mjk0Y2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUww/hOgMliu5BkfnUlKm2S6zOS8
vAHRfilSLeLSa25WucV+kUTAY1QeS/SVVTNDFFi1WMh3m3O3Bz5rICxZDbMjPO29
2I576Hd+A80bzazBy1jiSeP+07IHk8EeB0R4KK2wp/hwzQvge7+/IKnwJGzLOOLh
7s14l/jxRnCwmDv3y7L2LCmpQfxgRfu3dfCMymW/cfOCyUFL+/1EzApmScbTktRa
ujIu8ZlNSmje9c4NBGL5uY0FKLeZvTfjkd2GtH3GKW46XF4NuT7NeVQe9vRlSwWb
c5AB7X/JgDm3UJJSxUFiFQ6M5Onj4bXYlkhRsf8doJeMnSdu+Nr1IlEeewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjq9m1Ay/jJ26RZdW/b3TO2KUy9MB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvS09yMmJVREwtTW5icEZsMWI5dmRNN1lwVEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH9KuMA0G
CSqGSIb3DQEBCwUAA4IBAQCCNY9+Jb76luNZBa+GTYyIRvGih898JRvRg+MzU5Xi
UCiHox7vvN40lUK+pXTAvlvtHRYOQLgY5hTnqaqYqkWd6K73vpZqnF9Myuv/5MWp
9hxNjnMsHanB6eL2jFB8XIGTP7CmJZLb8zXKiu485TEN0Y9Ok63UfKUeT63JVGnB
uhHd/cvLggo7MuqePOVZT5DdQ5yaSyq+sAEPHBbyoKRvC69ysspvc+RCRDimt04p
9NIbwXzsa8XVgVgmCDO2BOT7VnMGgYXKPIdPQXB/5P7bP9RDFgTlW/RGvAdqN3m5
YPd4gRAEA6oHuKXy61jmYUQPtnVWZKDgZ7wVNRIZjKrq
-----END CERTIFICATE-----