Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/g-uSC9smVQa0LyJT_M70P1mhzQw.roa
File:                     g-uSC9smVQa0LyJT_M70P1mhzQw.roa (raw, json)
Hash identifier:          7bxDYCBmX8bwpPdeWkXmL4ok9oEas4ndoSeRyaUoZ80=
Subject key identifier:   83:EB:92:0B:DB:26:55:06:B4:2F:22:53:FC:CE:F4:3F:59:A1:CD:0C
Certificate issuer:       /CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
Certificate serial:       018CC26D7AE9D9E43AAAC2D68E92ED6E7F4D
Authority key identifier: 32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/g-uSC9smVQa0LyJT_M70P1mhzQw.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56583
IP address blocks:        31.171.208.0/24 maxlen: 24
                          2a0b:71c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7a:e9:d9:e4:3a:aa:c2:d6:8e:92:ed:6e:7f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83eb920bdb265506b42f2253fccef43f59a1cd0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7c:aa:17:57:fa:7d:ea:c9:3b:70:73:a6:4b:
                    60:f6:a0:c5:2d:45:b5:58:1f:b0:4c:43:03:e9:f0:
                    c0:82:32:3d:4b:9d:24:95:f4:5c:d6:de:01:ab:25:
                    93:7f:17:c4:53:3f:21:60:34:07:0d:1f:e3:24:a4:
                    9a:a8:6e:ff:5a:0b:6a:b5:8d:1a:02:f1:7b:91:f6:
                    1e:d1:a9:57:3e:c1:e2:0c:19:62:8b:c4:09:75:18:
                    63:36:ce:3f:e5:d3:fb:6f:f8:df:71:08:b1:cd:21:
                    c6:92:29:41:8b:d5:f8:66:ad:d3:14:16:21:4e:23:
                    dd:7a:84:7c:d2:dd:80:c1:8a:6d:61:1b:1d:19:cf:
                    ad:01:f3:30:22:24:42:ba:96:d7:02:7a:18:8e:3e:
                    57:4c:3b:a1:94:49:5e:c9:d2:da:67:3e:c8:d4:f5:
                    45:37:b2:7d:0d:7b:d2:ce:f0:8c:14:71:56:d3:e2:
                    2c:a0:c7:e8:f0:38:f9:51:fb:11:b6:a7:c1:4f:b3:
                    af:08:c4:24:a2:5a:ae:40:27:19:c6:6d:84:4f:8a:
                    6f:0a:72:51:c2:13:9b:dd:65:aa:50:02:a1:a2:18:
                    f9:40:9a:4a:aa:6a:e0:76:e4:87:63:eb:15:89:0a:
                    38:ce:45:a8:df:21:91:f5:fc:2f:82:15:85:2a:85:
                    bb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EB:92:0B:DB:26:55:06:B4:2F:22:53:FC:CE:F4:3F:59:A1:CD:0C
            X509v3 Authority Key Identifier:
                keyid:32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/g-uSC9smVQa0LyJT_M70P1mhzQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.208.0/24
                IPv6:
                  2a0b:71c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:29:4a:a2:43:f2:4a:b8:c2:60:83:fa:20:33:d7:ef:38:66:
         05:05:2d:3c:ed:11:87:68:37:8f:94:68:d6:38:0d:f2:9d:72:
         20:bd:f8:eb:65:97:c8:23:a2:ed:c9:2d:39:c1:f4:6e:15:08:
         a4:12:03:05:8b:cf:b3:94:de:30:1c:a5:0b:9c:96:e0:af:1d:
         1a:81:18:90:59:29:f1:de:5a:c1:ff:1a:28:06:72:2d:a7:a1:
         df:07:b6:fb:fe:fb:c3:e5:35:67:f2:10:46:dc:de:04:7a:fb:
         e2:8e:0f:6f:5d:0d:e1:76:5f:66:5c:f0:8c:98:cb:4d:4b:b0:
         8d:71:30:37:ec:01:ef:b2:bd:c5:25:58:59:8b:3a:00:80:2c:
         ee:61:cb:3a:11:ef:f5:dd:ad:57:8d:7e:88:63:3a:1a:c7:04:
         70:12:3e:8c:c8:38:b7:e2:af:0f:d8:fa:1b:c4:f3:0f:9a:26:
         4a:3b:bf:bf:cb:28:74:12:82:00:ca:2e:b4:33:c9:23:31:59:
         af:41:d0:14:95:70:6f:51:75:1e:1b:ff:14:ba:1a:a6:01:74:
         71:a7:cb:b7:37:87:84:cd:47:86:c9:7b:33:e1:ad:40:5d:74:
         2e:6e:9d:df:fe:2e:80:b0:6b:7a:ed:ef:82:72:fa:bc:1e:b0:
         93:c9:76:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbXrp2eQ6qsLWjpLtbn9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWUxYmNkOGNlMzkzZDk4YTc1ODNhYzEzZjE0MjVkNGZh
ZjI3YzkwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ViOTIwYmRiMjY1NTA2YjQyZjIyNTNmY2NlZjQzZjU5YTFjZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnyqF1f6ferJO3Bzpktg9qDFLUW1
WB+wTEMD6fDAgjI9S50klfRc1t4BqyWTfxfEUz8hYDQHDR/jJKSaqG7/WgtqtY0a
AvF7kfYe0alXPsHiDBlii8QJdRhjNs4/5dP7b/jfcQixzSHGkilBi9X4Zq3TFBYh
TiPdeoR80t2AwYptYRsdGc+tAfMwIiRCupbXAnoYjj5XTDuhlEleydLaZz7I1PVF
N7J9DXvSzvCMFHFW0+IsoMfo8Dj5UfsRtqfBT7OvCMQkolquQCcZxm2ET4pvCnJR
whOb3WWqUAKhohj5QJpKqmrgduSHY+sViQo4zkWo3yGR9fwvghWFKoW7fQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIPrkgvbJlUGtC8iU/zO9D9Zoc0MMB8GA1UdIwQY
MBaAFDLuG82M45PZinWDrBPxQl1PryfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEt
NDAwMTJjODI5NzliLzEvZy11U0M5c21WUWEwTHlKVF9NNzBQMW1oelF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEtNDAwMTJjODI5Nzli
LzEvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH6vQMA8E
AgACMAkDBwAqC3HAAAEwDQYJKoZIhvcNAQELBQADggEBAFwpSqJD8kq4wmCD+iAz
1+84ZgUFLTztEYdoN4+UaNY4DfKdciC9+Otll8gjou3JLTnB9G4VCKQSAwWLz7OU
3jAcpQucluCvHRqBGJBZKfHeWsH/GigGci2nod8Htvv++8PlNWfyEEbc3gR6++KO
D29dDeF2X2Zc8IyYy01LsI1xMDfsAe+yvcUlWFmLOgCALO5hyzoR7/XdrVeNfohj
OhrHBHASPozIOLfirw/Y+hvE8w+aJko7v7/LKHQSggDKLrQzySMxWa9B0BSVcG9R
dR4b/xS6GqYBdHGny7c3h4TNR4bJezPhrUBddC5und/+LoCwa3rt74Jy+rwesJPJ
duA=
-----END CERTIFICATE-----