Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5vdrBdnvuW7dTqlFAivEWRdNYyI.roa
File:                     5vdrBdnvuW7dTqlFAivEWRdNYyI.roa (raw, json)
Hash identifier:          k4EGEtHmlotryw9ruzmzlPe49sG+fbRY5SRy0vNiUIY=
Subject key identifier:   E6:F7:6B:05:D9:EF:B9:6E:DD:4E:A9:45:02:2B:C4:59:17:4D:63:22
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A01013F868619EA41BB8B28E4A2EB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5vdrBdnvuW7dTqlFAivEWRdNYyI.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49038
IP address blocks:        31.148.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:01:01:3f:86:86:19:ea:41:bb:8b:28:e4:a2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6f76b05d9efb96edd4ea945022bc459174d6322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3a:5b:ad:0f:0b:aa:d9:da:0e:d0:5d:ad:f0:
                    d3:47:c2:dd:1f:9f:88:d7:fb:f1:a0:e1:c9:62:8a:
                    fc:3d:ad:9c:1f:31:9e:cf:1d:98:05:9c:74:14:56:
                    a8:f7:a0:47:e2:66:2c:77:94:05:11:65:ae:71:6e:
                    04:4c:9e:36:d9:e8:9b:b3:00:1b:36:fb:03:ab:33:
                    bc:11:4d:1c:ed:a4:26:77:14:91:b7:23:8e:ce:4e:
                    74:b9:c0:f0:f3:5c:ea:b9:0e:db:d8:2a:be:38:cd:
                    fa:88:73:00:c4:63:c2:d3:f5:ad:dd:d8:05:75:70:
                    74:1e:f3:97:20:a9:09:a8:2c:83:c5:2e:9f:c9:43:
                    f5:64:b9:b5:60:00:3c:fc:3c:4b:81:f5:11:c1:9e:
                    ff:16:77:d4:e8:1e:36:d1:cb:6f:bf:41:95:59:0b:
                    c4:2b:29:06:a0:1d:ba:cb:42:22:cf:e3:ae:0f:8e:
                    66:38:95:84:27:d2:56:89:dd:21:ed:fa:92:5d:04:
                    d2:e2:8a:8d:78:16:83:78:6e:17:6c:d0:12:de:b1:
                    09:04:9d:dc:3f:87:82:23:98:30:2d:71:ef:40:1f:
                    a5:c5:d3:29:ee:84:b8:c1:d8:cd:1e:19:7e:16:a8:
                    e6:50:b7:f7:aa:15:bd:51:ea:a6:68:cb:be:90:14:
                    9f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F7:6B:05:D9:EF:B9:6E:DD:4E:A9:45:02:2B:C4:59:17:4D:63:22
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5vdrBdnvuW7dTqlFAivEWRdNYyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:7b:b3:b5:0b:cc:2c:19:e3:5d:de:06:c6:bd:35:a6:23:69:
         2e:0e:91:81:cc:97:31:f0:ae:fd:0f:b4:41:cc:b2:cc:ee:d1:
         d9:d3:44:c8:14:aa:23:6e:46:61:37:10:44:78:02:da:78:d9:
         de:85:e0:cd:2d:da:5c:c4:22:55:91:f6:33:cb:81:4a:42:bf:
         b4:47:ea:c6:96:d1:5b:31:18:c9:2a:fc:87:35:38:dd:4f:54:
         07:fb:f0:5a:c1:62:33:77:4a:a4:21:cc:b1:17:34:7a:20:cf:
         fa:ee:57:08:95:34:27:57:85:54:a6:6f:d6:b8:a4:70:bf:1b:
         84:fd:ef:bb:40:24:be:de:6b:06:3a:67:06:5e:31:9f:46:22:
         30:a5:f6:6b:71:76:c4:f7:ee:9e:12:ae:90:7f:9f:f4:f2:b7:
         c7:38:69:e3:b9:e9:5c:45:90:2c:f7:5b:81:71:1c:50:5d:8e:
         96:43:5a:f5:7e:a1:67:4e:5a:be:27:d8:0b:d5:49:32:06:af:
         ff:0a:c7:fa:8a:84:8d:4e:5d:0a:17:85:e6:42:d9:8b:bc:16:
         e0:d7:22:f8:27:75:0c:4c:05:d7:61:1d:6f:a1:98:4b:fd:7a:
         b8:30:3e:3a:cc:0b:e4:64:ca:2e:50:c2:0b:ac:b9:6d:3b:ed:
         e4:c6:ff:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgEBP4aGGepBu4so5KLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmY3NmIwNWQ5ZWZiOTZlZGQ0ZWE5NDUwMjJiYzQ1OTE3NGQ2MzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDpbrQ8LqtnaDtBdrfDTR8LdH5+I
1/vxoOHJYor8Pa2cHzGezx2YBZx0FFao96BH4mYsd5QFEWWucW4ETJ422eibswAb
NvsDqzO8EU0c7aQmdxSRtyOOzk50ucDw81zquQ7b2Cq+OM36iHMAxGPC0/Wt3dgF
dXB0HvOXIKkJqCyDxS6fyUP1ZLm1YAA8/DxLgfURwZ7/FnfU6B420ctvv0GVWQvE
KykGoB26y0Iiz+OuD45mOJWEJ9JWid0h7fqSXQTS4oqNeBaDeG4XbNAS3rEJBJ3c
P4eCI5gwLXHvQB+lxdMp7oS4wdjNHhl+FqjmULf3qhW9UeqmaMu+kBSfAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb3awXZ77lu3U6pRQIrxFkXTWMiMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNXZkckJkbnZ1VzdkVHFsRkFpdkVXUmROWXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5QXMA0G
CSqGSIb3DQEBCwUAA4IBAQCie7O1C8wsGeNd3gbGvTWmI2kuDpGBzJcx8K79D7RB
zLLM7tHZ00TIFKojbkZhNxBEeALaeNneheDNLdpcxCJVkfYzy4FKQr+0R+rGltFb
MRjJKvyHNTjdT1QH+/BawWIzd0qkIcyxFzR6IM/67lcIlTQnV4VUpm/WuKRwvxuE
/e+7QCS+3msGOmcGXjGfRiIwpfZrcXbE9+6eEq6Qf5/08rfHOGnjuelcRZAs91uB
cRxQXY6WQ1r1fqFnTlq+J9gL1UkyBq//Csf6ioSNTl0KF4XmQtmLvBbg1yL4J3UM
TAXXYR1voZhL/Xq4MD46zAvkZMouUMILrLltO+3kxv8o
-----END CERTIFICATE-----