Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/S31Grh26DiPJ6MR25-RsACZAp1E.roa
File:                     S31Grh26DiPJ6MR25-RsACZAp1E.roa (raw, json)
Hash identifier:          WB02YtcNq/Gj2mnOSNAlx/TIzKxtTC6GU2oCZLbBjxk=
Subject key identifier:   4B:7D:46:AE:1D:BA:0E:23:C9:E8:C4:76:E7:E4:6C:00:26:40:A7:51
Certificate issuer:       /CN=6b60412823a0224a5d00e4963d6b23d22504997d
Certificate serial:       0191B7EA2B09A1387D171688996ECD983F25
Authority key identifier: 6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/S31Grh26DiPJ6MR25-RsACZAp1E.roa
Signing time:             Tue 03 Sep 2024 12:44:22 +0000
ROA not before:           Tue 03 Sep 2024 12:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212656
IP address blocks:        185.178.50.0/24 maxlen: 24
                          194.164.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b7:ea:2b:09:a1:38:7d:17:16:88:99:6e:cd:98:3f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b60412823a0224a5d00e4963d6b23d22504997d
        Validity
            Not Before: Sep  3 12:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7d46ae1dba0e23c9e8c476e7e46c002640a751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:36:09:3f:fc:26:16:de:5c:40:e4:51:04:1c:
                    35:8f:08:98:94:20:6b:59:19:12:c6:39:1a:4d:4f:
                    5a:92:2a:53:00:97:dd:df:cd:e6:4d:25:13:bb:44:
                    a1:5b:7b:c0:6f:46:a0:e7:5a:30:20:5c:51:ff:85:
                    00:9b:a6:db:66:29:e6:71:0a:69:9f:02:7d:83:e6:
                    55:a3:a7:dd:5b:7f:01:74:ff:91:ea:67:79:23:32:
                    53:6b:99:0f:ef:7b:9c:c4:1c:ac:fe:6e:29:a3:e5:
                    9d:e1:06:70:75:9a:ea:33:e5:18:93:41:f8:1b:ef:
                    d3:83:4d:a6:aa:ee:16:54:fe:a1:f6:e3:a0:20:f3:
                    6a:71:f2:f6:db:df:54:d6:36:f7:34:a9:9d:65:fb:
                    24:95:26:38:50:d4:b1:51:e1:e7:4e:64:11:f9:34:
                    d0:b6:d8:57:9c:8f:7c:63:54:b1:31:ee:2b:f4:0a:
                    13:e9:ca:17:a3:3c:5a:12:8f:58:c6:ec:01:c4:d2:
                    18:29:c4:49:29:a6:7e:a4:17:7b:52:dc:be:f6:1a:
                    af:9e:50:5d:f3:5d:fb:5a:c2:11:9e:0e:04:6e:1e:
                    63:12:6a:ad:d2:17:4d:6c:ba:75:67:41:a7:c2:a8:
                    b5:ba:b0:fb:29:f7:4f:a4:f2:ca:a7:01:d5:35:63:
                    9c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7D:46:AE:1D:BA:0E:23:C9:E8:C4:76:E7:E4:6C:00:26:40:A7:51
            X509v3 Authority Key Identifier:
                keyid:6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/S31Grh26DiPJ6MR25-RsACZAp1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.50.0/24
                  194.164.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:5e:8b:ff:35:c5:f6:2e:d9:59:2c:00:72:7f:c6:8d:44:51:
         a8:5b:2b:d5:d4:39:69:7c:7d:01:ce:02:26:af:bd:c8:36:f7:
         d9:45:37:2c:42:7d:5c:e4:a8:f3:1e:62:27:d6:8e:f8:3a:e5:
         62:03:9f:9b:0b:cf:54:e2:3a:64:f3:fe:57:53:a9:43:00:e6:
         76:6f:22:42:b9:d8:35:75:07:36:ea:12:f5:04:b6:5a:e8:28:
         d5:f3:b9:a5:fe:e3:7a:66:46:e0:b8:a4:fb:52:28:4a:56:7c:
         31:60:35:68:ce:50:e9:95:ab:1e:be:4b:9f:e7:37:20:84:e4:
         9f:cd:f2:5a:85:10:f4:ea:25:50:09:63:39:1f:2a:c9:76:1f:
         cc:98:24:24:fd:1b:4e:3c:9e:37:90:f7:91:45:34:57:f3:b6:
         57:8d:22:9c:53:4d:ad:20:b4:4f:1f:0e:cb:82:38:86:0d:2a:
         34:fe:23:b5:fd:66:6f:e8:a3:8b:bf:76:a6:95:38:cd:52:f7:
         34:a0:13:9f:4c:24:20:a4:3e:96:e6:82:10:05:86:f7:63:48:
         ff:fe:97:24:45:bc:a8:a1:be:2c:4b:61:66:fc:6c:6c:19:b6:
         80:e7:7a:1e:f9:f0:b0:c0:e3:df:55:19:42:d4:b0:ab:a9:7e:
         60:b8:95:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZG36isJoTh9FxaImW7NmD8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjA0MTI4MjNhMDIyNGE1ZDAwZTQ5NjNkNmIyM2QyMjUw
NDk5N2QwHhcNMjQwOTAzMTI0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdkNDZhZTFkYmEwZTIzYzllOGM0NzZlN2U0NmMwMDI2NDBhNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TYJP/wmFt5cQORRBBw1jwiYlCBr
WRkSxjkaTU9akipTAJfd383mTSUTu0ShW3vAb0ag51owIFxR/4UAm6bbZinmcQpp
nwJ9g+ZVo6fdW38BdP+R6md5IzJTa5kP73ucxBys/m4po+Wd4QZwdZrqM+UYk0H4
G+/Tg02mqu4WVP6h9uOgIPNqcfL2299U1jb3NKmdZfsklSY4UNSxUeHnTmQR+TTQ
tthXnI98Y1SxMe4r9AoT6coXozxaEo9YxuwBxNIYKcRJKaZ+pBd7Uty+9hqvnlBd
8137WsIRng4Ebh5jEmqt0hdNbLp1Z0Gnwqi1urD7KfdPpPLKpwHVNWOcxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEt9Rq4dug4jyejEdufkbAAmQKdRMB8GA1UdIwQY
MBaAFGtgQSgjoCJKXQDklj1rI9IlBJl9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAt
NmEzMzQyYjk1YWYxLzEvUzMxR3JoMjZEaVBKNk1SMjUtUnNBQ1pBcDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAtNmEzMzQyYjk1YWYx
LzEvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubIyAwQA
wqTtMA0GCSqGSIb3DQEBCwUAA4IBAQBRXov/NcX2LtlZLAByf8aNRFGoWyvV1Dlp
fH0BzgImr73INvfZRTcsQn1c5KjzHmIn1o74OuViA5+bC89U4jpk8/5XU6lDAOZ2
byJCudg1dQc26hL1BLZa6CjV87ml/uN6ZkbguKT7UihKVnwxYDVozlDplasevkuf
5zcghOSfzfJahRD06iVQCWM5HyrJdh/MmCQk/RtOPJ43kPeRRTRX87ZXjSKcU02t
ILRPHw7LgjiGDSo0/iO1/WZv6KOLv3amlTjNUvc0oBOfTCQgpD6W5oIQBYb3Y0j/
/pckRbyoob4sS2Fm/GxsGbaA53oe+fCwwOPfVRlC1LCrqX5guJX4
-----END CERTIFICATE-----