Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/ksYPo20jp-TNaGsOoWJARKn-wBg.roa
File:                     ksYPo20jp-TNaGsOoWJARKn-wBg.roa (raw, json)
Hash identifier:          D7ULwqFGJ6pvubWRhikWE/w9HxybHbLVTml2/x1k3A8=
Subject key identifier:   92:C6:0F:A3:6D:23:A7:E4:CD:68:6B:0E:A1:62:40:44:A9:FE:C0:18
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC72744F92C14AD250C50AC6EDC75EFB8
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/ksYPo20jp-TNaGsOoWJARKn-wBg.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33438
IP address blocks:        94.31.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:44:f9:2c:14:ad:25:0c:50:ac:6e:dc:75:ef:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92c60fa36d23a7e4cd686b0ea1624044a9fec018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:95:05:c9:33:10:8d:a9:98:c0:0f:5f:1b:58:
                    51:88:79:a2:8a:cb:a3:c7:c1:e1:67:ef:76:2c:3f:
                    93:71:22:df:96:af:4e:f2:d4:de:be:89:06:cc:02:
                    64:50:1c:c4:76:6d:16:4b:6c:15:01:ed:6e:b2:ca:
                    39:43:2e:3f:b2:e1:e4:26:ac:5a:d1:57:37:97:fa:
                    39:07:36:29:bd:7d:ea:47:a0:4a:21:4e:c2:09:ba:
                    4a:ab:51:44:f5:61:b3:15:c6:cc:f6:6a:77:ac:86:
                    3f:56:2e:9e:3f:e4:da:7f:7b:b9:90:a4:5b:08:63:
                    d6:a6:84:4e:51:a2:c9:51:32:33:89:9f:de:58:4a:
                    f5:c5:fa:10:34:a7:2a:da:86:5f:fa:69:7f:9d:01:
                    5d:f3:03:69:1a:85:00:96:d1:76:55:d5:0f:2d:40:
                    8b:f6:7a:53:6d:cf:8e:51:a2:ef:b5:b0:3c:a7:dd:
                    6e:b6:07:a6:19:05:ba:71:e1:8a:ea:a3:a8:18:6e:
                    39:f6:5e:15:8c:56:07:c4:92:b2:de:b9:78:d9:e6:
                    e4:60:3a:1b:b5:a8:e9:b3:06:be:61:c0:88:74:f0:
                    62:d3:dc:b0:ad:b6:e7:f3:00:1d:a0:e9:83:b5:e0:
                    d1:e4:6f:53:57:92:4d:c7:9b:10:37:7b:83:b6:c6:
                    aa:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C6:0F:A3:6D:23:A7:E4:CD:68:6B:0E:A1:62:40:44:A9:FE:C0:18
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/ksYPo20jp-TNaGsOoWJARKn-wBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.31.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:70:ed:ff:1a:1d:ea:86:ad:2d:a3:bf:6d:d2:d6:ff:61:59:
         dc:df:3b:0e:7e:ba:fa:52:d4:fd:89:5e:41:9f:f4:10:1a:3b:
         d0:d2:2d:4f:45:aa:ea:6b:8c:df:00:d6:08:3f:f2:cb:bf:3d:
         d2:2f:f4:3a:42:21:bd:bd:8c:c0:c8:02:e3:bc:05:ec:a5:2d:
         c7:03:f3:46:7f:56:31:36:2a:86:36:d3:26:df:a2:b0:aa:c3:
         f1:5c:02:cf:73:0d:9c:85:b2:b1:a8:b7:54:19:20:e6:f1:fb:
         e0:9d:6a:55:20:a8:d5:1c:f1:b0:ef:4f:39:4c:29:c4:58:39:
         15:41:33:84:b2:17:5a:3b:99:86:18:7f:ab:88:45:6c:a8:9e:
         6f:6f:af:6b:3f:10:19:fb:53:19:7e:0f:f8:31:a5:25:71:26:
         0f:21:91:64:18:be:68:56:ed:19:c4:0b:15:6f:a8:10:a2:86:
         1b:cf:05:f2:f3:84:1e:b2:99:4e:14:14:f2:54:32:6c:17:c3:
         91:c5:09:16:50:1d:4d:19:3f:7a:9b:40:d7:65:6e:17:70:95:
         86:57:85:ca:30:88:36:0d:7d:4f:c5:90:54:cc:35:cd:02:79:
         bf:a3:40:45:94:ce:92:03:f0:5b:d5:be:22:2c:82:a7:61:84:
         80:98:45:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0T5LBStJQxQrG7cde+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM2MGZhMzZkMjNhN2U0Y2Q2ODZiMGVhMTYyNDA0NGE5ZmVjMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJUFyTMQjamYwA9fG1hRiHmiisuj
x8HhZ+92LD+TcSLflq9O8tTevokGzAJkUBzEdm0WS2wVAe1usso5Qy4/suHkJqxa
0Vc3l/o5BzYpvX3qR6BKIU7CCbpKq1FE9WGzFcbM9mp3rIY/Vi6eP+Taf3u5kKRb
CGPWpoROUaLJUTIziZ/eWEr1xfoQNKcq2oZf+ml/nQFd8wNpGoUAltF2VdUPLUCL
9npTbc+OUaLvtbA8p91utgemGQW6ceGK6qOoGG459l4VjFYHxJKy3rl42ebkYDob
tajpswa+YcCIdPBi09ywrbbn8wAdoOmDteDR5G9TV5JNx5sQN3uDtsaqyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLGD6NtI6fkzWhrDqFiQESp/sAYMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEva3NZUG8yMGpwLVROYUdzT29XSkFSS24td0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXh8dMA0G
CSqGSIb3DQEBCwUAA4IBAQAecO3/Gh3qhq0to79t0tb/YVnc3zsOfrr6UtT9iV5B
n/QQGjvQ0i1PRarqa4zfANYIP/LLvz3SL/Q6QiG9vYzAyALjvAXspS3HA/NGf1Yx
NiqGNtMm36KwqsPxXALPcw2chbKxqLdUGSDm8fvgnWpVIKjVHPGw7085TCnEWDkV
QTOEshdaO5mGGH+riEVsqJ5vb69rPxAZ+1MZfg/4MaUlcSYPIZFkGL5oVu0ZxAsV
b6gQooYbzwXy84QesplOFBTyVDJsF8ORxQkWUB1NGT96m0DXZW4XcJWGV4XKMIg2
DX1PxZBUzDXNAnm/o0BFlM6SA/Bb1b4iLIKnYYSAmEWn
-----END CERTIFICATE-----