Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/G-uYuczdWHudTeJs2PewqPi6jRI.roa
File:                     G-uYuczdWHudTeJs2PewqPi6jRI.roa (raw, json)
Hash identifier:          YhK/D7zbnTBYUtm8UUCTaF5MpIYBeELGNncLftRcH6A=
Subject key identifier:   1B:EB:98:B9:CC:DD:58:7B:9D:4D:E2:6C:D8:F7:B0:A8:F8:BA:8D:12
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       018CC5009F5642ADAF5FBC80CC17D0268297
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/G-uYuczdWHudTeJs2PewqPi6jRI.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57986
IP address blocks:        31.184.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9f:56:42:ad:af:5f:bc:80:cc:17:d0:26:82:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1beb98b9ccdd587b9d4de26cd8f7b0a8f8ba8d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ff:05:db:c2:a2:93:52:fe:fd:97:c8:cd:31:
                    06:f7:f8:42:11:cc:86:3e:3c:f1:5d:eb:03:5c:32:
                    09:dc:2d:b6:bd:eb:8e:db:e4:3e:25:4a:91:8d:f7:
                    f9:32:3c:08:a9:c9:3a:69:1b:a7:2b:04:8d:8d:d6:
                    8f:af:04:88:71:ff:69:0b:6c:79:52:9b:ac:4b:96:
                    83:be:5a:e1:58:a7:d9:d4:13:e0:df:20:12:d3:e4:
                    17:9f:ad:65:1f:71:fa:78:1d:7b:89:00:eb:70:b9:
                    11:59:d7:f6:72:d8:43:54:74:3e:5b:a7:49:5f:4e:
                    9d:d9:1c:7e:78:a0:19:33:59:2b:73:a4:f8:c7:98:
                    06:58:e7:b1:44:9b:57:b5:db:60:cf:db:34:e2:44:
                    df:c3:dd:61:d1:fb:5e:b2:7e:21:b7:5b:7e:d5:89:
                    76:00:02:53:8a:b5:f4:7b:e3:81:f8:1a:72:65:7a:
                    e2:26:fb:2a:a6:e6:5d:a4:95:cb:fd:39:c0:07:61:
                    43:a0:eb:e3:c4:5d:af:a5:37:f4:bf:fa:e6:8e:d0:
                    02:cc:c2:e6:7e:1c:24:0b:d8:33:b5:33:d1:9d:b2:
                    b2:d2:ed:ab:12:23:ab:a7:ee:14:98:45:8a:73:cf:
                    01:d9:1c:ad:b8:cc:9e:00:2a:63:ec:22:00:62:01:
                    f1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EB:98:B9:CC:DD:58:7B:9D:4D:E2:6C:D8:F7:B0:A8:F8:BA:8D:12
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/G-uYuczdWHudTeJs2PewqPi6jRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:bb:0b:c6:ef:ac:75:cb:f4:5c:fa:13:ad:a5:54:cb:d9:74:
         e4:8b:c0:e4:cc:8e:80:11:dd:f5:67:8e:43:e7:5a:b2:00:3b:
         ca:e4:f5:cf:f5:11:b8:5e:1f:93:4e:5c:54:4e:3d:b1:95:57:
         3d:ec:5d:14:14:ea:d9:c3:5e:67:9d:03:6e:3b:d8:d2:c3:43:
         5d:60:1b:66:92:a9:97:7f:55:27:fc:7b:0a:b4:12:0e:34:dc:
         ba:7f:53:64:3a:13:d7:80:b9:98:93:dc:47:89:7d:84:e9:f4:
         84:51:bb:56:2f:d7:33:5e:f0:96:91:bf:32:4e:d8:30:ee:a5:
         aa:26:5e:f9:c3:3e:64:57:de:15:77:2a:e6:88:59:5c:64:95:
         1a:a1:37:93:5f:69:de:e0:29:93:a6:f0:34:60:8b:d5:0d:98:
         9b:30:c9:33:d6:5d:9f:71:07:25:91:a8:c6:eb:7e:24:71:09:
         9e:68:87:59:f5:4d:e8:e0:0c:7e:04:43:03:8e:64:a2:a3:c5:
         66:90:46:37:08:a5:05:93:85:0a:a4:70:19:2a:ab:67:a8:0c:
         60:9e:49:73:39:84:45:2b:ab:62:7e:78:85:5a:52:a3:3d:33:
         8e:30:e7:96:ad:d1:2f:f5:72:5f:ad:9f:2f:2e:dd:47:8b:f2:
         57:14:64:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJ9WQq2vX7yAzBfQJoKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmViOThiOWNjZGQ1ODdiOWQ0ZGUyNmNkOGY3YjBhOGY4YmE4ZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/8F28Kik1L+/ZfIzTEG9/hCEcyG
PjzxXesDXDIJ3C22veuO2+Q+JUqRjff5MjwIqck6aRunKwSNjdaPrwSIcf9pC2x5
UpusS5aDvlrhWKfZ1BPg3yAS0+QXn61lH3H6eB17iQDrcLkRWdf2cthDVHQ+W6dJ
X06d2Rx+eKAZM1krc6T4x5gGWOexRJtXtdtgz9s04kTfw91h0ftesn4ht1t+1Yl2
AAJTirX0e+OB+BpyZXriJvsqpuZdpJXL/TnAB2FDoOvjxF2vpTf0v/rmjtACzMLm
fhwkC9gztTPRnbKy0u2rEiOrp+4UmEWKc88B2RytuMyeACpj7CIAYgHxEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvrmLnM3Vh7nU3ibNj3sKj4uo0SMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvRy11WXVjemRXSHVkVGVKczJQZXdxUGk2alJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7isMA0G
CSqGSIb3DQEBCwUAA4IBAQAduwvG76x1y/Rc+hOtpVTL2XTki8DkzI6AEd31Z45D
51qyADvK5PXP9RG4Xh+TTlxUTj2xlVc97F0UFOrZw15nnQNuO9jSw0NdYBtmkqmX
f1Un/HsKtBIONNy6f1NkOhPXgLmYk9xHiX2E6fSEUbtWL9czXvCWkb8yTtgw7qWq
Jl75wz5kV94VdyrmiFlcZJUaoTeTX2ne4CmTpvA0YIvVDZibMMkz1l2fcQclkajG
634kcQmeaIdZ9U3o4Ax+BEMDjmSio8VmkEY3CKUFk4UKpHAZKqtnqAxgnklzOYRF
K6tifniFWlKjPTOOMOeWrdEv9XJfrZ8vLt1Hi/JXFGSp
-----END CERTIFICATE-----