Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/W0MUE_4vcKrmPdfYL6vlOJrswV8.roa
File:                     W0MUE_4vcKrmPdfYL6vlOJrswV8.roa (raw, json)
Hash identifier:          Pw00FQeCBV1m+d4UDryG+GyWJCdqZKByUK0fYtyEnJ4=
Subject key identifier:   5B:43:14:13:FE:2F:70:AA:E6:3D:D7:D8:2F:AB:E5:38:9A:EC:C1:5F
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01927CF2FE85813F789F172646D31FCA49E9
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/W0MUE_4vcKrmPdfYL6vlOJrswV8.roa
Signing time:             Fri 11 Oct 2024 18:59:12 +0000
ROA not before:           Fri 11 Oct 2024 18:59:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208745
IP address blocks:        31.210.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7c:f2:fe:85:81:3f:78:9f:17:26:46:d3:1f:ca:49:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Oct 11 18:59:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b431413fe2f70aae63dd7d82fabe5389aecc15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ef:48:9c:c7:e0:6a:f8:c8:08:d2:5a:4d:9f:
                    86:a9:7d:e1:e0:10:2a:49:f0:b7:7b:26:3c:67:ad:
                    9a:e5:83:e6:17:26:d3:5e:c0:e1:a4:6f:15:91:2f:
                    7d:47:64:da:d8:c1:12:42:27:a4:97:34:ff:32:41:
                    a7:55:6d:e2:d3:ef:b6:87:51:be:f5:fc:54:aa:0d:
                    e5:e7:34:c8:4a:11:a7:37:cf:33:a1:56:80:59:dd:
                    aa:49:b8:bd:69:f2:aa:1e:2f:bc:38:99:18:e4:27:
                    3f:8d:c1:11:71:ce:a8:a3:f1:99:d4:da:a1:45:66:
                    7f:46:f7:a4:29:e0:c1:38:9a:de:af:88:b9:f3:d3:
                    62:ba:d2:d5:34:7e:3f:a1:e6:13:57:1f:ca:20:83:
                    07:72:df:80:ea:99:50:4f:94:d8:b1:26:03:49:f9:
                    79:b5:8a:1d:56:50:75:0b:00:60:bf:0c:1f:c6:49:
                    4e:63:e7:cb:91:16:df:12:e4:30:5e:30:19:03:b5:
                    2a:94:02:95:e6:1f:d3:22:0e:6d:87:e3:5a:c2:6d:
                    c5:fe:81:02:34:3e:d2:4a:14:4c:a3:bd:8b:da:99:
                    e4:62:b5:4b:ae:84:e7:6c:d4:4b:f6:12:37:a7:fb:
                    52:01:d8:ae:e3:34:d7:9b:4e:7f:9e:35:dd:7a:68:
                    be:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:43:14:13:FE:2F:70:AA:E6:3D:D7:D8:2F:AB:E5:38:9A:EC:C1:5F
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/W0MUE_4vcKrmPdfYL6vlOJrswV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:57:f5:72:38:9c:a1:75:7c:f6:e5:04:05:f0:fc:2a:53:55:
         a5:93:8d:9a:74:bb:29:b1:0d:b6:74:2e:fb:ea:50:e1:64:d3:
         2d:cd:69:55:1d:b4:96:b3:d6:08:7b:be:7d:a0:7f:3a:ba:fb:
         c8:0b:41:cb:0f:d1:12:be:1d:1e:08:15:64:e2:9c:c2:71:db:
         97:97:dd:fc:d2:aa:dd:75:a7:9b:77:66:c1:fb:0d:9b:69:12:
         d0:2b:25:71:35:5e:82:44:b2:21:45:e0:74:14:14:40:54:23:
         4f:2c:46:c8:61:a6:e1:e4:3e:3c:b1:c6:3f:25:e5:d9:33:27:
         5e:74:c0:41:cd:f0:06:07:1f:c6:30:3b:6c:11:0e:6e:de:0d:
         0b:d8:0c:70:53:8f:33:52:b0:15:4b:b9:55:a4:c8:e3:1b:6f:
         f2:44:6e:fb:f7:7f:4d:c5:21:37:6f:44:65:d4:ee:b3:27:aa:
         f3:c6:3a:ea:de:82:6b:56:0c:f3:dc:85:77:84:43:ae:27:16:
         b2:7a:99:88:c7:3e:88:d8:e0:85:ae:53:70:3b:d5:a7:72:43:
         94:ce:b6:35:83:f5:5f:3f:ce:d4:ce:f7:8b:8c:dc:4a:63:a3:
         78:d1:b7:e0:b8:30:be:90:ec:93:24:d9:b5:83:ce:7f:29:13:
         4d:d2:6b:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ88v6FgT94nxcmRtMfyknpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQxMDExMTg1OTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQzMTQxM2ZlMmY3MGFhZTYzZGQ3ZDgyZmFiZTUzODlhZWNjMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu9InMfgavjICNJaTZ+GqX3h4BAq
SfC3eyY8Z62a5YPmFybTXsDhpG8VkS99R2Ta2MESQieklzT/MkGnVW3i0++2h1G+
9fxUqg3l5zTIShGnN88zoVaAWd2qSbi9afKqHi+8OJkY5Cc/jcERcc6oo/GZ1Nqh
RWZ/RvekKeDBOJrer4i589NiutLVNH4/oeYTVx/KIIMHct+A6plQT5TYsSYDSfl5
tYodVlB1CwBgvwwfxklOY+fLkRbfEuQwXjAZA7UqlAKV5h/TIg5th+Nawm3F/oEC
ND7SShRMo72L2pnkYrVLroTnbNRL9hI3p/tSAdiu4zTXm05/njXdemi+fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtDFBP+L3Cq5j3X2C+r5Tia7MFfMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVzBNVUVfNHZjS3JtUGRmWUw2dmxPSnJzd1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9ImMA0G
CSqGSIb3DQEBCwUAA4IBAQBFV/VyOJyhdXz25QQF8PwqU1Wlk42adLspsQ22dC77
6lDhZNMtzWlVHbSWs9YIe759oH86uvvIC0HLD9ESvh0eCBVk4pzCcduXl9380qrd
daebd2bB+w2baRLQKyVxNV6CRLIhReB0FBRAVCNPLEbIYabh5D48scY/JeXZMyde
dMBBzfAGBx/GMDtsEQ5u3g0L2AxwU48zUrAVS7lVpMjjG2/yRG77939NxSE3b0Rl
1O6zJ6rzxjrq3oJrVgzz3IV3hEOuJxayepmIxz6I2OCFrlNwO9WnckOUzrY1g/Vf
P87UzveLjNxKY6N40bfguDC+kOyTJNm1g85/KRNN0muX
-----END CERTIFICATE-----