Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/U1D_m81l2jgjA4juSSiHI1zbTlI.roa
File:                     U1D_m81l2jgjA4juSSiHI1zbTlI.roa (raw, json)
Hash identifier:          LDmDEyNEiY4UVFRoPUf/70s5SCJdcaPrc0vKgaKS86s=
Subject key identifier:   53:50:FF:9B:CD:65:DA:38:23:03:88:EE:49:28:87:23:5C:DB:4E:52
Certificate issuer:       /CN=b1706fcdb7ef0580f4ff2032ceeffd29b70ab639
Certificate serial:       0190EF44645438E828EA2CCFEFD9ADEC4BBC
Authority key identifier: B1:70:6F:CD:B7:EF:05:80:F4:FF:20:32:CE:EF:FD:29:B7:0A:B6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/U1D_m81l2jgjA4juSSiHI1zbTlI.roa
Signing time:             Fri 26 Jul 2024 13:39:15 +0000
ROA not before:           Fri 26 Jul 2024 13:39:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214748
IP address blocks:        31.210.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ef:44:64:54:38:e8:28:ea:2c:cf:ef:d9:ad:ec:4b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1706fcdb7ef0580f4ff2032ceeffd29b70ab639
        Validity
            Not Before: Jul 26 13:39:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5350ff9bcd65da38230388ee492887235cdb4e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:af:93:5a:e1:9c:41:37:02:92:a3:c1:44:e7:
                    db:e6:80:f9:ca:8c:e1:02:b8:30:d0:59:94:ea:61:
                    3d:94:90:25:92:49:1c:54:da:a2:f0:f2:16:30:2a:
                    a2:f0:cd:b3:24:8a:9e:3c:e1:36:23:1c:65:4b:0c:
                    26:88:17:0f:96:34:72:fa:ac:a8:94:64:16:70:24:
                    31:aa:67:10:40:2e:83:b3:43:a0:05:46:21:bd:4a:
                    9e:5e:1d:b8:9c:d8:9b:18:5b:4d:25:72:2b:b7:dc:
                    81:39:52:e9:0a:f9:c2:58:72:ab:fb:8b:38:19:da:
                    94:41:f8:f1:d1:86:7f:9c:d4:ba:a1:da:a0:27:71:
                    8a:84:0c:b3:ca:03:7a:68:88:a0:b0:2d:c8:4b:9a:
                    8f:ec:2d:7b:39:26:cb:7d:99:b4:82:f3:1f:d6:d5:
                    26:7a:49:aa:2a:97:31:c3:17:07:43:b2:6f:fd:bb:
                    7a:dd:5d:dd:f7:0a:30:59:5e:70:3e:8b:c6:96:19:
                    06:7f:44:f8:d9:73:86:27:5e:93:6b:0e:6d:df:7c:
                    7e:c5:e0:e4:3f:ec:08:39:1c:13:89:6a:eb:4a:6a:
                    79:8f:f8:85:e1:ca:41:c8:02:67:03:67:aa:a2:8e:
                    9c:ba:98:82:2f:17:cf:8b:66:9a:9f:d8:5b:7c:21:
                    38:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:50:FF:9B:CD:65:DA:38:23:03:88:EE:49:28:87:23:5C:DB:4E:52
            X509v3 Authority Key Identifier:
                keyid:B1:70:6F:CD:B7:EF:05:80:F4:FF:20:32:CE:EF:FD:29:B7:0A:B6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/U1D_m81l2jgjA4juSSiHI1zbTlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:be:bc:c3:da:f8:a7:07:fb:a9:27:f8:63:52:c1:92:e4:c3:
         44:4d:9e:ea:3f:bc:cd:9b:00:02:f4:b4:d0:a4:4d:44:e7:ab:
         7f:5c:4e:e4:44:a7:eb:1e:2e:9a:a4:9f:46:4f:ac:c2:76:94:
         6c:c5:f7:0a:73:43:97:bb:61:e1:b4:5f:8f:21:16:d9:45:b7:
         b0:52:2b:da:9f:6c:34:db:fb:62:a0:01:e2:72:aa:5a:da:ea:
         39:a5:47:90:2e:d5:2f:61:bc:92:7a:b7:ef:ae:ca:af:19:96:
         6d:12:2c:45:c9:fe:ba:b8:62:2d:4f:21:b4:37:9c:35:24:32:
         33:48:0f:d8:12:cd:8b:50:f4:ce:2c:e3:a6:ec:1d:4d:cd:49:
         46:1e:c4:83:83:66:24:53:1f:6d:f7:71:27:98:25:ea:01:23:
         30:31:d5:89:0a:2e:1f:46:fd:b9:a7:bc:fd:61:85:0a:23:d3:
         a7:a1:2d:5b:76:3a:e5:48:3f:94:ad:3f:06:17:fa:e1:4e:45:
         8b:39:b9:eb:11:b5:d8:5c:be:e3:8b:12:1d:96:b2:c6:03:32:
         15:cc:0e:02:36:40:e3:59:28:3b:3f:8c:6b:e6:6c:40:ae:9c:
         13:dd:07:90:db:01:a1:33:5f:62:f0:b4:00:47:04:d6:14:7e:
         79:9a:3f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDvRGRUOOgo6izP79mt7Eu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzA2ZmNkYjdlZjA1ODBmNGZmMjAzMmNlZWZmZDI5Yjcw
YWI2MzkwHhcNMjQwNzI2MTMzOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzUwZmY5YmNkNjVkYTM4MjMwMzg4ZWU0OTI4ODcyMzVjZGI0ZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAka+TWuGcQTcCkqPBROfb5oD5yozh
Argw0FmU6mE9lJAlkkkcVNqi8PIWMCqi8M2zJIqePOE2IxxlSwwmiBcPljRy+qyo
lGQWcCQxqmcQQC6Ds0OgBUYhvUqeXh24nNibGFtNJXIrt9yBOVLpCvnCWHKr+4s4
GdqUQfjx0YZ/nNS6odqgJ3GKhAyzygN6aIigsC3IS5qP7C17OSbLfZm0gvMf1tUm
ekmqKpcxwxcHQ7Jv/bt63V3d9wowWV5wPovGlhkGf0T42XOGJ16Taw5t33x+xeDk
P+wIORwTiWrrSmp5j/iF4cpByAJnA2eqoo6cupiCLxfPi2aan9hbfCE4JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNQ/5vNZdo4IwOI7kkohyNc205SMB8GA1UdIwQY
MBaAFLFwb8237wWA9P8gMs7v/Sm3CrY5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hCdnpiZnZCWUQwX3lBeXp1XzlLYmNLdGprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZDI5OTAtZDI4Yy00ZjFhLWI2YmQt
ZTgxY2Q3MDIyNTUzLzEvVTFEX204MWwyamdqQTRqdVNTaUhJMXpiVGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZDI5OTAtZDI4Yy00ZjFhLWI2YmQtZTgxY2Q3MDIyNTUz
LzEvc1hCdnpiZnZCWUQwX3lBeXp1XzlLYmNLdGprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9KJMA0G
CSqGSIb3DQEBCwUAA4IBAQBJvrzD2vinB/upJ/hjUsGS5MNETZ7qP7zNmwAC9LTQ
pE1E56t/XE7kRKfrHi6apJ9GT6zCdpRsxfcKc0OXu2HhtF+PIRbZRbewUivan2w0
2/tioAHicqpa2uo5pUeQLtUvYbySerfvrsqvGZZtEixFyf66uGItTyG0N5w1JDIz
SA/YEs2LUPTOLOOm7B1NzUlGHsSDg2YkUx9t93EnmCXqASMwMdWJCi4fRv25p7z9
YYUKI9OnoS1bdjrlSD+UrT8GF/rhTkWLObnrEbXYXL7jixIdlrLGAzIVzA4CNkDj
WSg7P4xr5mxArpwT3QeQ2wGhM19i8LQARwTWFH55mj9f
-----END CERTIFICATE-----