Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/HsoHvy4vaHG-GoulbRb3ifQ_PuU.roa
File:                     HsoHvy4vaHG-GoulbRb3ifQ_PuU.roa (raw, json)
Hash identifier:          69uYqrq0xGq1JO0hUhdXdKRopq7RJQhoaRro9AjlRJc=
Subject key identifier:   1E:CA:07:BF:2E:2F:68:71:BE:1A:8B:A5:6D:16:F7:89:F4:3F:3E:E5
Certificate issuer:       /CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
Certificate serial:       019421441B9DE64304DA97D9E64E04D14711
Authority key identifier: 32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/HsoHvy4vaHG-GoulbRb3ifQ_PuU.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56583
IP address blocks:        31.171.208.0/24 maxlen: 24
                          2a0b:71c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1b:9d:e6:43:04:da:97:d9:e6:4e:04:d1:47:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eca07bf2e2f6871be1a8ba56d16f789f43f3ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4f:8b:7a:57:63:d1:77:80:28:7f:a1:7a:53:
                    8f:35:a6:a6:d8:37:aa:d2:4e:31:53:7c:1b:dd:5c:
                    9c:3f:c7:46:8a:f8:cb:1e:40:05:85:11:e6:83:69:
                    4a:27:3a:a0:7a:be:bb:8c:d9:c8:d9:25:14:5d:b7:
                    74:7b:05:dc:3f:54:69:87:92:a2:72:b4:1f:c7:d7:
                    c6:3b:4f:09:b8:07:8c:0f:b6:19:23:bb:21:18:0e:
                    44:dc:43:58:9f:1a:13:f4:10:32:d5:17:82:49:98:
                    74:e2:66:20:71:ed:4a:7e:2a:75:27:e7:82:6a:d2:
                    2b:1e:22:a2:ed:da:dc:20:0d:ec:fa:ae:78:25:fe:
                    77:02:49:e8:fe:01:cf:b6:a1:cb:cb:75:96:da:47:
                    f3:64:91:35:0d:2f:8e:5b:7c:bf:f0:1c:4e:9a:29:
                    da:d1:e0:52:b0:ec:75:c7:8d:8d:f8:08:fc:87:5b:
                    77:2c:e8:a7:8c:fe:82:cb:6e:0b:97:41:31:1a:e4:
                    a4:45:64:64:41:13:27:17:bd:2a:d8:ee:87:1e:ac:
                    61:1e:bd:2c:53:08:2c:00:36:ca:6b:27:2d:8c:23:
                    cc:d1:ef:68:d0:c8:d7:27:ad:8f:6e:63:40:89:ad:
                    90:8b:4c:fc:ca:df:52:12:7f:04:32:f3:f6:17:09:
                    5d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CA:07:BF:2E:2F:68:71:BE:1A:8B:A5:6D:16:F7:89:F4:3F:3E:E5
            X509v3 Authority Key Identifier:
                keyid:32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/HsoHvy4vaHG-GoulbRb3ifQ_PuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.208.0/24
                IPv6:
                  2a0b:71c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:d3:32:38:4c:69:5f:c9:7b:c5:15:24:d2:ee:ba:73:6a:ce:
         26:65:2d:f8:1a:17:01:48:0f:a7:51:6e:1e:cf:4e:38:2a:c8:
         42:24:38:50:0c:69:13:42:84:f1:92:f4:71:30:3d:59:89:2c:
         82:a3:7b:9a:f7:b2:ad:7b:85:e2:ae:c3:6c:3b:30:96:10:a9:
         68:90:78:48:50:ac:0c:36:dc:95:a4:63:55:f8:5f:45:23:cf:
         f5:71:a3:49:5e:4a:56:08:11:0f:9b:01:1b:b1:35:a5:98:53:
         aa:1a:49:97:a8:e4:f4:11:6d:cc:fc:6a:b5:b0:77:36:7e:6e:
         86:1c:c2:43:93:d1:f3:f6:89:79:78:71:01:d1:2f:21:75:c8:
         c3:c8:07:6c:16:3c:82:fc:a6:67:c1:19:73:55:51:7c:00:4a:
         c7:83:62:ae:a3:83:4f:db:d8:b7:a2:4a:fc:dd:48:3e:62:a2:
         e9:ae:2d:32:89:d6:3c:fe:fb:2c:42:8b:b1:8f:e6:2a:57:85:
         5e:03:c0:7d:ff:d3:6f:d0:ae:40:55:5f:88:0b:d3:bc:0f:ee:
         73:7e:3d:2a:f0:ad:af:bb:dd:9e:00:39:ee:b0:93:59:7a:f8:
         9a:5f:38:a6:f8:fb:78:11:8a:96:8b:3c:90:3c:be:33:5c:d7:
         02:ae:bc:70
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRBud5kME2pfZ5k4E0UcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWUxYmNkOGNlMzkzZDk4YTc1ODNhYzEzZjE0MjVkNGZh
ZjI3YzkwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNhMDdiZjJlMmY2ODcxYmUxYThiYTU2ZDE2Zjc4OWY0M2YzZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk+Leldj0XeAKH+helOPNaam2Deq
0k4xU3wb3VycP8dGivjLHkAFhRHmg2lKJzqger67jNnI2SUUXbd0ewXcP1Rph5Ki
crQfx9fGO08JuAeMD7YZI7shGA5E3ENYnxoT9BAy1ReCSZh04mYgce1Kfip1J+eC
atIrHiKi7drcIA3s+q54Jf53Akno/gHPtqHLy3WW2kfzZJE1DS+OW3y/8BxOmina
0eBSsOx1x42N+Aj8h1t3LOinjP6Cy24Ll0ExGuSkRWRkQRMnF70q2O6HHqxhHr0s
UwgsADbKayctjCPM0e9o0MjXJ62PbmNAia2Qi0z8yt9SEn8EMvP2FwldDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB7KB78uL2hxvhqLpW0W94n0Pz7lMB8GA1UdIwQY
MBaAFDLuG82M45PZinWDrBPxQl1PryfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEt
NDAwMTJjODI5NzliLzEvSHNvSHZ5NHZhSEctR291bGJSYjNpZlFfUHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEtNDAwMTJjODI5Nzli
LzEvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH6vQMA8E
AgACMAkDBwAqC3HAAAEwDQYJKoZIhvcNAQELBQADggEBAJrTMjhMaV/Je8UVJNLu
unNqziZlLfgaFwFID6dRbh7PTjgqyEIkOFAMaRNChPGS9HEwPVmJLIKje5r3sq17
heKuw2w7MJYQqWiQeEhQrAw23JWkY1X4X0Ujz/Vxo0leSlYIEQ+bARuxNaWYU6oa
SZeo5PQRbcz8arWwdzZ+boYcwkOT0fP2iXl4cQHRLyF1yMPIB2wWPIL8pmfBGXNV
UXwASseDYq6jg0/b2LeiSvzdSD5ioumuLTKJ1jz++yxCi7GP5ipXhV4DwH3/02/Q
rkBVX4gL07wP7nN+PSrwra+73Z4AOe6wk1l6+JpfOKb4+3gRipaLPJA8vjNc1wKu
vHA=
-----END CERTIFICATE-----