Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/vdxpz9a4s2iBaQufWBElAvEI2VA.roa
File:                     vdxpz9a4s2iBaQufWBElAvEI2VA.roa (raw, json)
Hash identifier:          kObLopjnnN65OWonitWDg9f7pzx7j+bzkK70rrCE7gU=
Subject key identifier:   BD:DC:69:CF:D6:B8:B3:68:81:69:0B:9F:58:11:25:02:F1:08:D9:50
Certificate issuer:       /CN=747cb366ff6e23df6c097f60adc7fa8075598191
Certificate serial:       018CC56ED70DA4AAF7AFE6EAD3A940152E60
Authority key identifier: 74:7C:B3:66:FF:6E:23:DF:6C:09:7F:60:AD:C7:FA:80:75:59:81:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHyzZv9uI99sCX9grcf6gHVZgZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/vdxpz9a4s2iBaQufWBElAvEI2VA.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200232
IP address blocks:        194.31.131.0/24 maxlen: 24
                          2a13:6ec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/dHyzZv9uI99sCX9grcf6gHVZgZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/dHyzZv9uI99sCX9grcf6gHVZgZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHyzZv9uI99sCX9grcf6gHVZgZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d7:0d:a4:aa:f7:af:e6:ea:d3:a9:40:15:2e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=747cb366ff6e23df6c097f60adc7fa8075598191
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bddc69cfd6b8b36881690b9f58112502f108d950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d6:21:1b:de:d0:97:5d:1b:89:e5:71:12:a6:
                    71:15:16:3d:8e:75:5c:47:3c:80:41:52:e8:db:3c:
                    1d:ee:2e:4a:b7:6e:d9:8b:67:ee:6c:31:1d:8f:90:
                    59:91:e3:59:a5:d5:af:c1:5a:f1:b2:ad:2a:fc:f3:
                    4b:95:75:dd:d3:aa:fb:4f:6a:43:ae:e1:12:2f:d3:
                    16:16:1a:e5:d7:b3:0e:e4:38:b5:eb:c1:a1:a5:bb:
                    dc:cb:16:f9:74:a4:2d:b5:d9:74:23:20:ba:bb:5b:
                    0a:f4:75:3c:16:db:e2:de:4f:70:b8:8a:59:13:fc:
                    f2:79:c3:d7:79:21:b6:b2:fe:aa:b3:83:9b:be:65:
                    18:3e:e7:f5:02:47:19:70:4b:34:4e:18:c6:e0:0b:
                    16:70:50:c8:86:99:39:60:7f:f6:d3:a2:23:0a:a9:
                    b5:84:31:5e:00:29:1b:ef:0a:70:6c:b7:8b:f8:47:
                    2a:fb:f4:c6:91:54:0c:87:73:ab:42:04:02:1d:ef:
                    fc:7a:3f:51:18:7a:3e:54:37:0b:72:bf:2d:55:19:
                    2c:e6:88:36:48:7a:72:0c:6e:e9:82:4d:3d:4c:58:
                    68:53:d3:d8:22:7b:d7:ea:70:0c:b7:a3:85:71:7a:
                    bd:ac:f1:40:b0:6d:64:bc:b2:aa:b3:b8:ee:c4:ae:
                    47:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DC:69:CF:D6:B8:B3:68:81:69:0B:9F:58:11:25:02:F1:08:D9:50
            X509v3 Authority Key Identifier:
                keyid:74:7C:B3:66:FF:6E:23:DF:6C:09:7F:60:AD:C7:FA:80:75:59:81:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHyzZv9uI99sCX9grcf6gHVZgZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/vdxpz9a4s2iBaQufWBElAvEI2VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/3ab55d-852f-495b-b2b3-e02d730fe84e/1/dHyzZv9uI99sCX9grcf6gHVZgZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.131.0/24
                IPv6:
                  2a13:6ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:c3:28:08:93:70:fd:47:ac:6f:4b:d6:3c:27:1b:30:ed:cf:
         80:30:1e:0b:ed:e8:35:6b:0a:83:7d:d6:4b:92:b4:69:8a:a4:
         ec:2d:f1:09:bf:ab:31:8a:03:8a:a7:4d:f1:9c:d5:2c:f6:15:
         61:f1:a4:f4:3c:74:f4:cf:c0:95:2f:8b:35:b5:23:af:b6:09:
         3c:bb:19:11:0c:7e:c1:24:2c:84:6f:da:28:94:92:01:97:d6:
         72:3b:5f:96:6a:4d:f7:a2:33:2d:f0:fc:36:51:1f:b7:01:3b:
         0c:8f:19:e5:41:ed:41:b2:90:e0:16:a3:8f:78:a5:73:18:59:
         e5:bc:18:94:80:fa:74:59:0f:ae:cd:3d:f7:f0:9b:f7:2f:23:
         8f:56:08:72:ff:71:af:d1:a6:86:5c:84:86:5c:4b:60:b8:be:
         34:f2:33:b7:6b:f4:66:c7:fb:ef:52:37:ea:e9:65:a3:ec:ee:
         66:4f:91:45:d9:f9:c0:8a:81:79:a7:8f:12:93:a9:56:a6:a4:
         8a:cb:90:9f:8d:b5:68:52:4b:32:68:8f:24:ec:41:0b:27:8e:
         37:fa:ed:f1:ac:69:c7:7e:1f:1f:9d:8d:52:68:20:63:92:93:
         bd:4f:db:ee:bb:b2:ff:30:ab:68:b2:1c:8e:32:7a:0a:12:18:
         f2:29:83:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtcNpKr3r+bq06lAFS5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0N2NiMzY2ZmY2ZTIzZGY2YzA5N2Y2MGFkYzdmYTgwNzU1
OTgxOTEwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRjNjljZmQ2YjhiMzY4ODE2OTBiOWY1ODExMjUwMmYxMDhkOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9YhG97Ql10bieVxEqZxFRY9jnVc
RzyAQVLo2zwd7i5Kt27Zi2fubDEdj5BZkeNZpdWvwVrxsq0q/PNLlXXd06r7T2pD
ruESL9MWFhrl17MO5Di168Ghpbvcyxb5dKQttdl0IyC6u1sK9HU8Ftvi3k9wuIpZ
E/zyecPXeSG2sv6qs4ObvmUYPuf1AkcZcEs0ThjG4AsWcFDIhpk5YH/206IjCqm1
hDFeACkb7wpwbLeL+Ecq+/TGkVQMh3OrQgQCHe/8ej9RGHo+VDcLcr8tVRks5og2
SHpyDG7pgk09TFhoU9PYInvX6nAMt6OFcXq9rPFAsG1kvLKqs7juxK5HJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL3cac/WuLNogWkLn1gRJQLxCNlQMB8GA1UdIwQY
MBaAFHR8s2b/biPfbAl/YK3H+oB1WYGRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEh5elp2OXVJOTlzQ1g5Z3JjZjZnSFZaZ1pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zYWI1NWQtODUyZi00OTViLWIyYjMt
ZTAyZDczMGZlODRlLzEvdmR4cHo5YTRzMmlCYVF1ZldCRWxBdkVJMlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zYWI1NWQtODUyZi00OTViLWIyYjMtZTAyZDczMGZlODRl
LzEvZEh5elp2OXVJOTlzQ1g5Z3JjZjZnSFZaZ1pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwh+DMA0E
AgACMAcDBQAqE27AMA0GCSqGSIb3DQEBCwUAA4IBAQCZwygIk3D9R6xvS9Y8Jxsw
7c+AMB4L7eg1awqDfdZLkrRpiqTsLfEJv6sxigOKp03xnNUs9hVh8aT0PHT0z8CV
L4s1tSOvtgk8uxkRDH7BJCyEb9oolJIBl9ZyO1+Wak33ojMt8Pw2UR+3ATsMjxnl
Qe1BspDgFqOPeKVzGFnlvBiUgPp0WQ+uzT338Jv3LyOPVghy/3Gv0aaGXISGXEtg
uL408jO3a/Rmx/vvUjfq6WWj7O5mT5FF2fnAioF5p48Sk6lWpqSKy5CfjbVoUksy
aI8k7EELJ443+u3xrGnHfh8fnY1SaCBjkpO9T9vuu7L/MKtoshyOMnoKEhjyKYNo
-----END CERTIFICATE-----