Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1SAmBH7hRs-As59iTiWtSJZ4LiE.roa
File:                     1SAmBH7hRs-As59iTiWtSJZ4LiE.roa (raw, json)
Hash identifier:          IKKYZoNk/duPwku5gyGiZHdstwi3R+VdUMu8zMqWtTE=
Subject key identifier:   D5:20:26:04:7E:E1:46:CF:80:B3:9F:62:4E:25:AD:48:96:78:2E:21
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E144A0E56C84A4FFAE5CCF627DF0A9A0D
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1SAmBH7hRs-As59iTiWtSJZ4LiE.roa
Signing time:             Wed 06 Mar 2024 15:03:01 +0000
ROA not before:           Wed 06 Mar 2024 15:03:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49392
IP address blocks:        31.222.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:4a:0e:56:c8:4a:4f:fa:e5:cc:f6:27:df:0a:9a:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  6 15:03:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52026047ee146cf80b39f624e25ad4896782e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9a:3d:6d:2d:f2:1b:bf:49:7a:c4:80:0a:01:
                    7c:c2:bf:77:00:49:fb:1a:77:db:33:13:0b:88:9e:
                    72:0f:8a:d1:ce:0f:64:c2:7b:99:c3:d9:61:c5:58:
                    ba:97:d9:99:0f:b7:22:a4:34:21:c3:da:79:92:36:
                    c2:33:ed:1b:25:46:3a:d9:b2:43:2a:d9:7e:8a:f5:
                    79:5b:bd:7f:fd:33:e8:62:1d:01:76:34:c4:4c:40:
                    fe:96:95:f4:98:cc:b1:e4:41:43:1d:cf:c8:d2:ef:
                    25:f7:34:54:d3:85:11:d7:17:05:f0:c7:30:70:be:
                    36:b4:41:d4:5f:19:77:a9:4f:a2:a4:83:1c:10:9f:
                    ff:23:07:5b:20:36:13:c4:7d:fe:3a:51:83:26:7a:
                    f7:05:df:de:9d:cd:6b:fe:6e:b0:d9:17:03:59:4c:
                    a3:c3:42:89:34:d3:45:c1:61:2f:4e:f3:3d:06:3d:
                    93:98:2d:bf:be:af:fc:67:fb:97:fd:7c:28:ce:9f:
                    e0:fd:a4:f5:97:4f:d1:2b:ef:c1:27:29:3e:c1:aa:
                    cd:05:51:f9:a7:96:20:47:9a:c2:0c:1b:76:a4:0a:
                    c2:a5:23:0f:d7:fe:ee:e5:e9:51:82:2d:ed:fb:e7:
                    58:fa:53:68:b7:cc:67:ad:c0:41:59:a8:af:b6:88:
                    94:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:20:26:04:7E:E1:46:CF:80:B3:9F:62:4E:25:AD:48:96:78:2E:21
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1SAmBH7hRs-As59iTiWtSJZ4LiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:9c:dd:5b:20:86:3c:39:8d:46:17:82:f0:16:95:95:e8:c1:
         be:c6:f0:67:4c:c7:dc:3c:9e:ea:26:e5:60:a3:c2:08:89:eb:
         02:b4:12:e7:43:5f:ba:ec:a3:83:52:5e:88:e4:ed:07:ee:6b:
         e4:5a:60:ed:67:bf:41:54:1e:aa:0c:74:85:26:b3:81:bf:0a:
         f8:1c:35:75:42:bb:e2:bb:4b:6e:98:be:25:fb:46:56:a6:c7:
         5e:b6:7d:ba:b2:5a:27:15:57:b5:5e:ec:16:75:f6:d1:38:a7:
         68:f9:44:7a:43:1a:33:0e:f2:78:fc:2e:90:64:18:3e:53:1c:
         f1:69:2e:ab:ce:36:82:5f:c9:23:e4:77:80:a1:28:9d:18:d3:
         1c:8a:8a:c5:15:db:ac:40:a6:98:f4:71:31:bc:c9:f7:0c:88:
         8d:f7:d0:e2:f5:ed:0e:dc:9b:59:26:b6:3d:b5:f7:25:71:49:
         2a:b0:9d:37:57:3c:4d:57:49:7f:79:c3:ae:63:c2:b0:7e:f2:
         7a:f0:bd:3a:c7:86:a1:f2:f3:a0:12:92:da:d8:0a:5b:7a:25:
         30:6b:9c:64:a6:84:83:8b:7b:30:f0:07:41:fa:6c:4a:f1:e9:
         93:ef:29:04:0d:92:4a:bb:65:84:d3:45:79:3e:a1:2b:9c:65:
         4d:b0:b3:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4USg5WyEpP+uXM9iffCpoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA2MTUwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTIwMjYwNDdlZTE0NmNmODBiMzlmNjI0ZTI1YWQ0ODk2NzgyZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA85o9bS3yG79JesSACgF8wr93AEn7
GnfbMxMLiJ5yD4rRzg9kwnuZw9lhxVi6l9mZD7cipDQhw9p5kjbCM+0bJUY62bJD
Ktl+ivV5W71//TPoYh0BdjTETED+lpX0mMyx5EFDHc/I0u8l9zRU04UR1xcF8Mcw
cL42tEHUXxl3qU+ipIMcEJ//IwdbIDYTxH3+OlGDJnr3Bd/enc1r/m6w2RcDWUyj
w0KJNNNFwWEvTvM9Bj2TmC2/vq/8Z/uX/Xwozp/g/aT1l0/RK+/BJyk+warNBVH5
p5YgR5rCDBt2pArCpSMP1/7u5elRgi3t++dY+lNot8xnrcBBWaivtoiUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUgJgR+4UbPgLOfYk4lrUiWeC4hMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMVNBbUJIN2hScy1BczU5aVRpV3RTSlo0TGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97/MA0G
CSqGSIb3DQEBCwUAA4IBAQBPnN1bIIY8OY1GF4LwFpWV6MG+xvBnTMfcPJ7qJuVg
o8IIiesCtBLnQ1+67KODUl6I5O0H7mvkWmDtZ79BVB6qDHSFJrOBvwr4HDV1Qrvi
u0tumL4l+0ZWpsdetn26slonFVe1XuwWdfbROKdo+UR6QxozDvJ4/C6QZBg+Uxzx
aS6rzjaCX8kj5HeAoSidGNMciorFFdusQKaY9HExvMn3DIiN99Di9e0O3JtZJrY9
tfclcUkqsJ03VzxNV0l/ecOuY8KwfvJ68L06x4ah8vOgEpLa2ApbeiUwa5xkpoSD
i3sw8AdB+mxK8emT7ykEDZJKu2WE00V5PqErnGVNsLMy
-----END CERTIFICATE-----