Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/fHNs8lmIt5g5uHoZMe_yduy5-o8.roa
File:                     fHNs8lmIt5g5uHoZMe_yduy5-o8.roa (raw, json)
Hash identifier:          3gwx7Lt+OWg6enMlpEid1nctGy2oFajbThWgb9blDjE=
Subject key identifier:   7C:73:6C:F2:59:88:B7:98:39:B8:7A:19:31:EF:F2:76:EC:B9:FA:8F
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018E76942933A03B695B2C7FE2787CE7F3C8
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/fHNs8lmIt5g5uHoZMe_yduy5-o8.roa
Signing time:             Mon 25 Mar 2024 17:06:45 +0000
ROA not before:           Mon 25 Mar 2024 17:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204415
IP address blocks:        31.192.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:94:29:33:a0:3b:69:5b:2c:7f:e2:78:7c:e7:f3:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar 25 17:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c736cf25988b79839b87a1931eff276ecb9fa8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b9:d2:1b:1a:a8:f0:53:4e:95:e9:c6:b8:8d:
                    3a:f9:87:2d:08:6a:be:2e:e6:c8:42:fb:e2:d4:99:
                    7d:1c:4d:e9:43:c4:bf:3c:dd:4f:c5:62:06:0b:25:
                    5a:d1:bc:d0:09:ad:96:b1:86:2d:d2:22:7b:d2:0d:
                    96:8c:7d:aa:c4:31:cd:d9:79:96:f7:f9:b2:6b:de:
                    02:38:9f:14:e0:a4:c4:de:30:4f:ff:59:d9:82:37:
                    8c:de:8e:5a:b8:46:42:34:bc:5b:d8:c4:29:fd:68:
                    2a:8a:4f:7b:a1:c0:03:da:a8:c8:71:09:39:b5:89:
                    a9:45:5c:3b:00:21:8f:bf:37:7c:e3:6c:ad:d5:f3:
                    30:a2:26:ef:19:d0:ec:a1:0c:2b:3f:62:d8:90:ce:
                    e3:92:8b:a1:8e:14:c1:25:91:ea:a3:f4:5c:04:99:
                    be:e6:de:5b:18:75:c7:ec:46:57:da:fb:3b:95:6d:
                    e8:53:46:48:27:fe:d7:6c:cb:30:f1:67:23:25:49:
                    56:ad:ea:d6:a7:ab:db:26:43:fb:a7:81:9b:43:43:
                    37:29:46:34:18:9c:17:96:8c:3f:8f:93:6c:11:3d:
                    69:8c:14:13:43:03:e6:e1:1b:63:5d:56:12:90:f0:
                    01:b1:83:b2:02:60:fe:c8:da:fa:e9:c3:f4:d5:a4:
                    5a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:73:6C:F2:59:88:B7:98:39:B8:7A:19:31:EF:F2:76:EC:B9:FA:8F
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/fHNs8lmIt5g5uHoZMe_yduy5-o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:00:ea:77:be:bc:e7:f7:34:82:c2:57:a7:71:f4:7c:c2:a6:
         94:d5:01:ac:4d:b3:9a:4c:42:a1:dc:8d:da:df:ce:a6:fa:62:
         1d:cd:49:17:74:44:9b:84:7d:b7:eb:f3:5b:ea:2e:c8:3b:4e:
         7e:3a:2d:23:6d:9f:f6:d0:7b:cd:53:ac:ca:e5:bf:8b:04:1c:
         60:d6:6e:60:9f:82:7e:ce:5d:1a:8e:3f:bd:95:a2:85:99:7d:
         2e:4c:8d:8e:33:df:fc:20:e6:55:f4:56:b3:30:7b:a3:39:cc:
         83:c7:a3:9c:c8:55:a4:74:a2:f5:83:72:cd:41:8f:85:f8:7f:
         f5:eb:af:0e:65:cb:b7:7f:84:6b:ab:24:3e:da:7e:2d:03:f2:
         2b:9d:0b:da:de:24:fa:18:44:2a:54:aa:2f:6a:a3:ee:eb:8a:
         6b:d9:3f:df:6b:82:0e:92:d5:33:e9:77:29:50:81:54:28:0e:
         d1:a1:e6:57:37:3b:0d:1d:bc:95:69:2e:70:e9:4f:a0:99:89:
         de:72:a3:76:f9:ad:3b:02:cd:61:45:d1:cb:df:6c:a4:30:74:
         a5:9d:c3:bc:34:ed:f6:df:1c:31:55:81:55:ca:be:04:e1:77:
         8d:93:73:70:c3:d4:e3:04:36:40:89:0f:c2:f8:4a:32:85:96:
         87:98:6f:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52lCkzoDtpWyx/4nh85/PIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMzI1MTcwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzczNmNmMjU5ODhiNzk4MzliODdhMTkzMWVmZjI3NmVjYjlmYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7nSGxqo8FNOlenGuI06+YctCGq+
LubIQvvi1Jl9HE3pQ8S/PN1PxWIGCyVa0bzQCa2WsYYt0iJ70g2WjH2qxDHN2XmW
9/mya94COJ8U4KTE3jBP/1nZgjeM3o5auEZCNLxb2MQp/Wgqik97ocAD2qjIcQk5
tYmpRVw7ACGPvzd842yt1fMwoibvGdDsoQwrP2LYkM7jkouhjhTBJZHqo/RcBJm+
5t5bGHXH7EZX2vs7lW3oU0ZIJ/7XbMsw8WcjJUlWrerWp6vbJkP7p4GbQ0M3KUY0
GJwXlow/j5NsET1pjBQTQwPm4RtjXVYSkPABsYOyAmD+yNr66cP01aRauwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxzbPJZiLeYObh6GTHv8nbsufqPMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvZkhOczhsbUl0NWc1dUhvWk1lX3lkdXk1LW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8D3MA0G
CSqGSIb3DQEBCwUAA4IBAQAiAOp3vrzn9zSCwlencfR8wqaU1QGsTbOaTEKh3I3a
386m+mIdzUkXdESbhH236/Nb6i7IO05+Oi0jbZ/20HvNU6zK5b+LBBxg1m5gn4J+
zl0ajj+9laKFmX0uTI2OM9/8IOZV9FazMHujOcyDx6OcyFWkdKL1g3LNQY+F+H/1
668OZcu3f4RrqyQ+2n4tA/IrnQva3iT6GEQqVKovaqPu64pr2T/fa4IOktUz6Xcp
UIFUKA7RoeZXNzsNHbyVaS5w6U+gmYnecqN2+a07As1hRdHL32ykMHSlncO8NO32
3xwxVYFVyr4E4XeNk3Nww9TjBDZAiQ/C+EoyhZaHmG9B
-----END CERTIFICATE-----