Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/jrX6E_L7dq9v5obPX91ogetAom4.roa
File:                     jrX6E_L7dq9v5obPX91ogetAom4.roa (raw, json)
Hash identifier:          B30QeUNR43mfeuXMoNCnBtUdLMKwDipZHf4mPFkitWY=
Subject key identifier:   8E:B5:FA:13:F2:FB:76:AF:6F:E6:86:CF:5F:DD:68:81:EB:40:A2:6E
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       018CC5009CB50DE907FBA8181C60BE688CCD
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/jrX6E_L7dq9v5obPX91ogetAom4.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21170
IP address blocks:        31.184.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9c:b5:0d:e9:07:fb:a8:18:1c:60:be:68:8c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eb5fa13f2fb76af6fe686cf5fdd6881eb40a26e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f4:3e:ed:5f:70:de:00:b0:73:3a:5c:5f:89:
                    17:d8:77:b0:7e:48:81:11:bc:17:55:a8:a1:8e:83:
                    5e:2e:68:8e:cd:66:8a:b7:e3:72:48:03:80:54:f3:
                    23:76:48:91:4c:12:1d:d3:9d:40:4a:ea:08:07:fb:
                    e3:42:ee:bd:ef:7d:0c:75:52:38:f9:c5:3a:f2:3c:
                    f5:a5:7a:cf:b5:7c:b3:45:c4:00:ff:5c:7c:66:a1:
                    67:3b:f2:36:46:28:ac:84:b2:3d:51:71:dd:9a:ab:
                    7e:c0:98:9a:ee:5a:92:9c:b9:b2:d7:94:50:79:a2:
                    8d:2e:15:72:c6:40:d0:d3:16:51:b1:72:7d:ab:0a:
                    e5:87:46:ff:c4:b8:54:7b:67:1b:6c:53:bb:24:13:
                    49:c4:f3:e4:f1:77:e7:9d:de:82:36:5b:6d:f0:b7:
                    60:7f:70:41:e7:2b:ff:a4:ca:7a:bd:b9:da:1c:a0:
                    8d:11:c2:e7:28:bc:1c:61:66:b5:dc:1a:ed:d2:72:
                    9c:db:1f:14:9e:9f:b2:09:e1:a5:11:27:c1:14:8d:
                    61:db:70:94:7e:fb:a6:ce:ad:ff:a7:43:1c:51:58:
                    97:f4:b5:60:42:92:52:0f:17:a9:de:8a:6e:67:2d:
                    a6:4f:76:14:0d:8b:30:ed:e0:8b:ef:80:07:83:70:
                    07:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B5:FA:13:F2:FB:76:AF:6F:E6:86:CF:5F:DD:68:81:EB:40:A2:6E
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/jrX6E_L7dq9v5obPX91ogetAom4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:89:70:ce:5d:64:cf:8e:e9:71:65:c8:86:ca:f5:b7:c5:6a:
         b7:b0:63:35:b1:3f:f3:e6:6b:ac:7a:bf:d5:64:df:11:3e:49:
         ed:e5:56:26:f5:e2:5e:59:f4:8c:5f:54:95:96:0e:2c:71:42:
         ca:fd:ae:ce:fd:20:a8:c6:79:a0:bc:50:12:89:6a:79:78:4a:
         46:f4:ef:3c:89:3d:29:ca:53:c0:48:32:c4:0d:72:32:30:97:
         53:75:18:9c:0e:f0:0d:89:16:e1:fe:f1:35:1b:c5:08:84:59:
         46:b8:4b:cf:7f:cc:ff:07:b1:9f:3d:48:75:6e:2b:57:81:66:
         76:ed:79:dc:de:44:2a:ec:23:c5:e3:ae:6f:f6:e3:33:29:e0:
         cf:4c:3f:17:c4:df:0d:f1:86:f2:64:f6:f1:4f:39:70:41:07:
         ca:e8:83:5a:a0:30:d7:04:6e:51:4b:c4:0e:6b:0b:c8:b9:79:
         42:4c:0b:b3:52:c1:6e:24:03:c3:d5:7d:32:68:82:c2:2e:7e:
         f0:8c:69:e7:89:9c:0b:b9:8a:40:0a:21:b7:b3:1b:aa:ca:10:
         33:e2:de:3a:a3:48:cd:37:b2:7c:14:54:78:54:92:28:e9:10:
         4b:4a:97:77:1f:cc:68:2d:3b:26:2f:1b:2a:2a:a5:66:5d:cc:
         b1:a9:3f:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJy1DekH+6gYHGC+aIzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWI1ZmExM2YyZmI3NmFmNmZlNjg2Y2Y1ZmRkNjg4MWViNDBhMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Q+7V9w3gCwczpcX4kX2HewfkiB
EbwXVaihjoNeLmiOzWaKt+NySAOAVPMjdkiRTBId051ASuoIB/vjQu69730MdVI4
+cU68jz1pXrPtXyzRcQA/1x8ZqFnO/I2RiishLI9UXHdmqt+wJia7lqSnLmy15RQ
eaKNLhVyxkDQ0xZRsXJ9qwrlh0b/xLhUe2cbbFO7JBNJxPPk8Xfnnd6CNltt8Ldg
f3BB5yv/pMp6vbnaHKCNEcLnKLwcYWa13Brt0nKc2x8Unp+yCeGlESfBFI1h23CU
fvumzq3/p0McUViX9LVgQpJSDxep3opuZy2mT3YUDYsw7eCL74AHg3AHgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI61+hPy+3avb+aGz1/daIHrQKJuMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvanJYNkVfTDdkcTl2NW9iUFg5MW9nZXRBb200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7ikMA0G
CSqGSIb3DQEBCwUAA4IBAQAeiXDOXWTPjulxZciGyvW3xWq3sGM1sT/z5muser/V
ZN8RPknt5VYm9eJeWfSMX1SVlg4scULK/a7O/SCoxnmgvFASiWp5eEpG9O88iT0p
ylPASDLEDXIyMJdTdRicDvANiRbh/vE1G8UIhFlGuEvPf8z/B7GfPUh1bitXgWZ2
7Xnc3kQq7CPF465v9uMzKeDPTD8XxN8N8YbyZPbxTzlwQQfK6INaoDDXBG5RS8QO
awvIuXlCTAuzUsFuJAPD1X0yaILCLn7wjGnniZwLuYpACiG3sxuqyhAz4t46o0jN
N7J8FFR4VJIo6RBLSpd3H8xoLTsmLxsqKqVmXcyxqT/v
-----END CERTIFICATE-----