Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/UGPbah7Ip6qmGYI4eSxLSRz5Bz0.roa
File:                     UGPbah7Ip6qmGYI4eSxLSRz5Bz0.roa (raw, json)
Hash identifier:          gRYRd941eJkSZsjLA6+8Qb9UDtKsckujbrFdTUZIeg8=
Subject key identifier:   50:63:DB:6A:1E:C8:A7:AA:A6:19:82:38:79:2C:4B:49:1C:F9:07:3D
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794F1EAA88B1B7B5F1CCA58E6984629
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/UGPbah7Ip6qmGYI4eSxLSRz5Bz0.roa
Signing time:             Tue 02 Jan 2024 00:31:16 +0000
ROA not before:           Tue 02 Jan 2024 00:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394896
IP address blocks:        31.40.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f1:ea:a8:8b:1b:7b:5f:1c:ca:58:e6:98:46:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5063db6a1ec8a7aaa6198238792c4b491cf9073d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cc:a3:c1:a9:fd:54:31:53:2d:3b:f8:c5:91:
                    d8:8e:8e:d6:f0:ba:54:19:e2:25:a5:05:42:a2:62:
                    d4:5c:0a:57:c8:0b:17:18:2e:41:79:0d:52:50:8e:
                    47:59:09:4c:74:4c:6f:c4:4f:89:04:9a:b7:b9:38:
                    cb:31:2b:04:8d:b8:78:b6:ef:3b:75:fc:31:05:ab:
                    77:ec:34:a8:e0:f2:b5:3b:a6:2a:ee:23:a6:ca:a3:
                    56:1f:10:0d:70:ba:6e:cd:1d:aa:da:d4:90:41:84:
                    0b:01:77:b7:40:d1:b9:53:ca:77:3d:f1:ed:78:4c:
                    bc:d9:bb:d8:e5:9e:c7:ca:c9:86:8f:97:99:29:25:
                    1d:cc:03:ec:6d:f5:eb:93:dc:d8:c4:25:e2:19:75:
                    2c:9f:92:ca:a2:30:9a:7d:51:4a:4c:f3:14:69:50:
                    de:80:a4:74:da:4c:ea:95:55:1c:68:59:eb:43:b8:
                    91:e3:a6:c6:65:62:c9:12:76:26:8a:ce:44:3e:94:
                    3d:07:0d:09:ca:77:ad:e0:fd:57:1b:76:61:98:43:
                    a9:b8:db:40:b7:db:41:c3:a0:b5:b6:71:95:40:a2:
                    01:51:c2:4a:d9:3d:b5:ee:03:c3:6c:0b:72:85:e2:
                    2f:49:13:ba:b1:0f:49:38:e5:21:cb:be:95:d0:1d:
                    5e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:63:DB:6A:1E:C8:A7:AA:A6:19:82:38:79:2C:4B:49:1C:F9:07:3D
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/UGPbah7Ip6qmGYI4eSxLSRz5Bz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ae:d4:87:0d:74:71:c5:22:3b:b7:d0:58:95:aa:d8:60:8e:
         4f:3b:75:f6:da:c8:c6:42:f4:1e:77:ab:0d:31:04:4b:bb:0b:
         1d:00:12:ae:aa:de:18:2a:6f:5c:3a:7e:db:93:0d:00:69:48:
         da:b3:6a:1f:81:7c:03:79:21:1e:de:ba:04:c7:44:66:2b:f4:
         33:26:6a:01:39:d2:09:49:92:2d:ec:59:84:2f:b0:ac:57:ed:
         98:3d:11:15:42:bd:cf:75:fa:30:21:ec:dc:48:d3:bf:8a:9a:
         79:75:ca:ce:c0:88:9e:6f:4b:64:bf:22:22:37:04:5c:9f:56:
         2d:96:2f:f0:ce:45:a7:07:b1:43:5a:76:d5:35:7f:43:a4:7c:
         ba:d4:84:55:f1:e0:57:d1:a1:e8:fb:17:6e:8a:e6:25:55:99:
         1f:e6:67:ef:c4:98:83:2b:79:ca:33:52:b6:66:98:bf:86:e7:
         d0:b6:e7:e5:5f:08:fd:38:0e:6e:e5:93:ad:d7:b3:4f:95:32:
         b2:2e:15:e0:f0:e5:b6:52:13:aa:d5:68:90:14:08:45:66:d5:
         67:e3:75:0f:d1:78:81:b6:cc:7c:ce:29:ba:25:f4:ab:c3:5d:
         ca:d3:9e:ea:89:b0:5c:f4:62:4b:2f:a3:48:ce:58:bd:c0:47:
         20:00:c3:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPHqqIsbe18cyljmmEYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDYzZGI2YTFlYzhhN2FhYTYxOTgyMzg3OTJjNGI0OTFjZjkwNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8yjwan9VDFTLTv4xZHYjo7W8LpU
GeIlpQVComLUXApXyAsXGC5BeQ1SUI5HWQlMdExvxE+JBJq3uTjLMSsEjbh4tu87
dfwxBat37DSo4PK1O6Yq7iOmyqNWHxANcLpuzR2q2tSQQYQLAXe3QNG5U8p3PfHt
eEy82bvY5Z7HysmGj5eZKSUdzAPsbfXrk9zYxCXiGXUsn5LKojCafVFKTPMUaVDe
gKR02kzqlVUcaFnrQ7iR46bGZWLJEnYmis5EPpQ9Bw0Jynet4P1XG3ZhmEOpuNtA
t9tBw6C1tnGVQKIBUcJK2T217gPDbAtyheIvSRO6sQ9JOOUhy76V0B1eHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBj22oeyKeqphmCOHksS0kc+Qc9MB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvVUdQYmFoN0lwNnFtR1lJNGVTeExTUno1QnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjDMA0G
CSqGSIb3DQEBCwUAA4IBAQAartSHDXRxxSI7t9BYlarYYI5PO3X22sjGQvQed6sN
MQRLuwsdABKuqt4YKm9cOn7bkw0AaUjas2ofgXwDeSEe3roEx0RmK/QzJmoBOdIJ
SZIt7FmEL7CsV+2YPREVQr3PdfowIezcSNO/ipp5dcrOwIieb0tkvyIiNwRcn1Yt
li/wzkWnB7FDWnbVNX9DpHy61IRV8eBX0aHo+xduiuYlVZkf5mfvxJiDK3nKM1K2
Zpi/hufQtuflXwj9OA5u5ZOt17NPlTKyLhXg8OW2UhOq1WiQFAhFZtVn43UP0XiB
tsx8zim6JfSrw13K057qibBc9GJLL6NIzli9wEcgAMNJ
-----END CERTIFICATE-----