Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/bytX36Phh3m7PyfepGoXLjkm5JI.roa
File:                     bytX36Phh3m7PyfepGoXLjkm5JI.roa (raw, json)
Hash identifier:          /5nigtiYf7gKRUlzb2krZDHBfhCk/5EkrpM9pvMbE7M=
Subject key identifier:   6F:2B:57:DF:A3:E1:87:79:BB:3F:27:DE:A4:6A:17:2E:39:26:E4:92
Certificate issuer:       /CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
Certificate serial:       018CC26D7A7CFA21F036919E6C6F1A50FD52
Authority key identifier: 32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/bytX36Phh3m7PyfepGoXLjkm5JI.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        31.171.211.0/24 maxlen: 24
                          31.171.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7a:7c:fa:21:f0:36:91:9e:6c:6f:1a:50:fd:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f2b57dfa3e18779bb3f27dea46a172e3926e492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fe:d9:51:7b:0f:86:7b:e0:95:b1:84:95:9a:
                    45:a1:a0:3f:e7:4d:8f:f4:e6:a3:76:1c:bc:4f:73:
                    70:86:60:1a:9c:59:72:01:c1:86:7f:90:e6:2f:79:
                    6f:1d:8c:1e:e1:5a:96:50:7d:e6:d6:03:a8:d7:11:
                    cd:63:77:be:38:61:d2:7c:f3:ef:68:47:c3:c0:d4:
                    8e:3e:0e:f6:71:f2:50:74:c2:cb:c4:e2:28:3c:cf:
                    3f:b1:ae:9f:c9:2b:0a:bf:c4:97:1c:ac:b0:7c:56:
                    1d:f1:7c:9a:ef:cd:96:a0:f8:1a:46:a5:22:df:7f:
                    7c:0e:c2:ab:37:3a:80:d2:10:44:13:14:25:31:0c:
                    3b:ef:e8:4b:4e:64:d3:d6:d7:c7:1a:72:60:42:f4:
                    e1:b2:10:34:68:f9:4d:20:40:6f:f0:93:33:5e:3b:
                    e4:6d:c9:35:58:a6:5f:8a:08:d3:a4:26:2d:e5:d9:
                    1f:c6:18:dd:05:94:1a:46:68:bd:96:d2:c5:68:66:
                    9b:ea:41:62:f5:f0:1e:b7:bf:e3:c2:f8:34:0d:1d:
                    db:96:2c:6c:99:68:20:f8:ca:00:cf:a1:82:e9:26:
                    80:01:e1:55:09:45:10:e3:1f:96:f8:07:5c:26:55:
                    cd:8e:4a:fe:a8:06:7e:f4:27:5b:5c:19:fd:dc:b2:
                    92:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2B:57:DF:A3:E1:87:79:BB:3F:27:DE:A4:6A:17:2E:39:26:E4:92
            X509v3 Authority Key Identifier:
                keyid:32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/bytX36Phh3m7PyfepGoXLjkm5JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.211.0-31.171.212.255

    Signature Algorithm: sha256WithRSAEncryption
         18:91:b0:94:1a:4a:9c:08:8e:41:f4:0f:34:36:c2:8d:59:8a:
         3e:e0:ee:94:d1:36:7d:03:75:1d:4c:8b:9c:e3:77:ad:ec:80:
         6d:3a:e7:2f:f1:87:b1:14:87:fa:51:31:1b:ee:53:2d:6c:0e:
         0d:1f:7f:a1:08:92:4f:d4:31:6d:e0:1d:5e:3d:42:96:7d:3c:
         ac:b5:ac:b7:8a:56:25:39:43:42:fa:3a:45:1f:6c:49:93:a8:
         4d:e3:74:44:1a:ff:ee:9a:a8:4b:8a:1e:cc:dc:1e:df:0b:58:
         1f:6a:e1:fd:19:3e:dc:c8:33:6e:f9:50:ac:ac:d3:11:57:8f:
         b2:d5:d5:2e:93:f6:db:24:9d:7c:68:eb:84:0c:8d:33:00:0e:
         18:32:c3:7a:29:49:9e:21:ae:77:4e:46:bd:f5:6a:99:90:56:
         0a:ba:81:68:3d:79:4b:cd:db:f9:81:86:5f:28:60:bb:7a:39:
         b7:42:cf:70:38:49:a6:6e:e0:90:a1:21:79:48:53:8c:71:e7:
         12:e6:e8:dc:9d:6b:fd:73:6c:20:e3:5a:81:44:4c:f1:98:d3:
         10:97:b8:43:04:e6:92:fb:09:dc:b1:3d:e3:df:6d:94:a2:f5:
         c9:ad:0e:62:88:97:8a:eb:ec:7e:dd:af:1b:f3:c6:b8:b0:9f:
         65:43:75:23
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbXp8+iHwNpGebG8aUP1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWUxYmNkOGNlMzkzZDk4YTc1ODNhYzEzZjE0MjVkNGZh
ZjI3YzkwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJiNTdkZmEzZTE4Nzc5YmIzZjI3ZGVhNDZhMTcyZTM5MjZlNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/7ZUXsPhnvglbGElZpFoaA/502P
9Oajdhy8T3NwhmAanFlyAcGGf5DmL3lvHYwe4VqWUH3m1gOo1xHNY3e+OGHSfPPv
aEfDwNSOPg72cfJQdMLLxOIoPM8/sa6fySsKv8SXHKywfFYd8Xya782WoPgaRqUi
3398DsKrNzqA0hBEExQlMQw77+hLTmTT1tfHGnJgQvThshA0aPlNIEBv8JMzXjvk
bck1WKZfigjTpCYt5dkfxhjdBZQaRmi9ltLFaGab6kFi9fAet7/jwvg0DR3blixs
mWgg+MoAz6GC6SaAAeFVCUUQ4x+W+AdcJlXNjkr+qAZ+9CdbXBn93LKSfwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFG8rV9+j4Yd5uz8n3qRqFy45JuSSMB8GA1UdIwQY
MBaAFDLuG82M45PZinWDrBPxQl1PryfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEt
NDAwMTJjODI5NzliLzEvYnl0WDM2UGhoM203UHlmZXBHb1hMamttNUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEtNDAwMTJjODI5Nzli
LzEvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfq9MD
BAAfq9QwDQYJKoZIhvcNAQELBQADggEBABiRsJQaSpwIjkH0DzQ2wo1Zij7g7pTR
Nn0DdR1Mi5zjd63sgG065y/xh7EUh/pRMRvuUy1sDg0ff6EIkk/UMW3gHV49QpZ9
PKy1rLeKViU5Q0L6OkUfbEmTqE3jdEQa/+6aqEuKHszcHt8LWB9q4f0ZPtzIM275
UKys0xFXj7LV1S6T9tsknXxo64QMjTMADhgyw3opSZ4hrndORr31apmQVgq6gWg9
eUvN2/mBhl8oYLt6ObdCz3A4SaZu4JChIXlIU4xx5xLm6Nyda/1zbCDjWoFETPGY
0xCXuEME5pL7CdyxPePfbZSi9cmtDmKIl4rr7H7drxvzxriwn2VDdSM=
-----END CERTIFICATE-----