Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/1VRoI_Bkw-zO2UPcK6BJyk9nTTA.roa
File:                     1VRoI_Bkw-zO2UPcK6BJyk9nTTA.roa (raw, json)
Hash identifier:          v6HaGRljkE0emBioPYsHWZaaSePcCrts290l/M4V4Ps=
Subject key identifier:   D5:54:68:23:F0:64:C3:EC:CE:D9:43:DC:2B:A0:49:CA:4F:67:4D:30
Certificate issuer:       /CN=ce2c505f77dca8117ef0625710744cb359736b19
Certificate serial:       018CC8012032090B93D538F7C13A2D7FE1CB
Authority key identifier: CE:2C:50:5F:77:DC:A8:11:7E:F0:62:57:10:74:4C:B3:59:73:6B:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zixQX3fcqBF-8GJXEHRMs1lzaxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/1VRoI_Bkw-zO2UPcK6BJyk9nTTA.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197290
IP address blocks:        46.31.128.0/23 maxlen: 24
                          46.31.130.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/zixQX3fcqBF-8GJXEHRMs1lzaxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/zixQX3fcqBF-8GJXEHRMs1lzaxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zixQX3fcqBF-8GJXEHRMs1lzaxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:20:32:09:0b:93:d5:38:f7:c1:3a:2d:7f:e1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce2c505f77dca8117ef0625710744cb359736b19
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5546823f064c3ecced943dc2ba049ca4f674d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4b:51:da:75:ca:d8:7b:da:f5:bc:30:ef:2f:
                    28:83:7b:f2:15:62:c8:d8:54:6e:40:03:5e:5e:e1:
                    f9:32:d8:15:7e:27:d7:b2:65:14:65:32:98:cd:38:
                    4b:a0:ce:f0:e2:6e:78:0d:3d:04:77:ae:5a:7b:73:
                    9a:97:11:9c:ca:8e:48:29:d7:39:26:df:b1:1a:3f:
                    fd:4a:1f:24:10:4d:b6:7a:02:88:c3:eb:51:83:c8:
                    83:55:d0:02:f9:a8:76:bb:c4:4a:c0:b0:95:38:36:
                    ba:07:3c:33:75:24:3e:f5:b6:b2:78:b2:ac:06:88:
                    cd:7d:1d:11:d3:6e:de:09:5b:ec:66:d1:d6:7b:17:
                    e8:12:59:04:b1:d1:7b:03:5e:c3:c1:e1:f0:a9:c3:
                    ce:a7:4c:21:d7:4b:e3:5d:b7:be:98:15:4e:6c:25:
                    34:25:20:7a:f1:aa:64:97:10:73:5e:97:cc:d8:9b:
                    7e:09:c8:65:89:b9:62:0d:0b:0a:69:f8:ec:99:fe:
                    95:7f:02:2b:e5:93:48:77:ed:c5:31:e1:d5:c3:9b:
                    1c:b2:b4:70:c1:61:35:b3:f8:13:fe:1f:6e:77:ad:
                    84:5c:78:fc:5e:6e:69:b5:ac:14:a8:27:6e:a5:51:
                    8f:10:74:2f:a7:e0:46:84:99:41:9c:77:86:12:ef:
                    d6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:54:68:23:F0:64:C3:EC:CE:D9:43:DC:2B:A0:49:CA:4F:67:4D:30
            X509v3 Authority Key Identifier:
                keyid:CE:2C:50:5F:77:DC:A8:11:7E:F0:62:57:10:74:4C:B3:59:73:6B:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zixQX3fcqBF-8GJXEHRMs1lzaxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/1VRoI_Bkw-zO2UPcK6BJyk9nTTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/zixQX3fcqBF-8GJXEHRMs1lzaxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:71:81:12:78:b2:8f:8d:ee:33:a7:c3:45:4f:8b:eb:70:3c:
         4f:15:2d:4f:62:f8:6e:dd:e5:81:52:a8:35:32:5b:d3:2c:a4:
         a6:aa:1b:14:7a:32:3f:ba:15:98:cf:5a:c8:96:c6:a9:40:63:
         6e:16:7a:03:da:1f:22:b7:59:ed:d8:e0:89:d9:ad:26:c8:f1:
         15:5b:f1:5a:27:5e:34:46:cd:d8:49:0a:9f:59:e6:33:bf:22:
         9d:70:8a:ad:be:09:b8:ff:ca:52:eb:69:91:b0:be:5e:f1:78:
         be:a2:48:28:54:9c:81:ef:b2:9d:da:1c:9f:d3:71:c5:59:ea:
         af:e4:ea:dc:6d:fd:dc:0e:f8:41:85:bd:7c:10:bb:0f:3b:bc:
         29:9e:7d:2c:23:1e:a5:72:f1:36:5a:07:1d:8b:8b:11:f8:d8:
         0f:89:e3:cb:bc:9a:a1:75:ad:4e:98:69:7a:c4:62:18:df:5e:
         d4:5e:bc:00:c6:48:ea:5c:07:8e:38:26:0c:b4:ef:61:2c:9d:
         db:fe:a7:7f:04:96:a1:a9:3c:11:98:8d:a0:f6:39:84:cd:47:
         c5:a4:4a:03:4b:cf:5a:58:07:93:18:92:cc:7d:3b:fa:b7:e4:
         e4:9c:74:cd:01:d8:c3:bd:9b:e5:43:17:30:4c:67:a8:bd:18:
         e5:6a:77:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASAyCQuT1Tj3wTotf+HLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMmM1MDVmNzdkY2E4MTE3ZWYwNjI1NzEwNzQ0Y2IzNTk3
MzZiMTkwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTU0NjgyM2YwNjRjM2VjY2VkOTQzZGMyYmEwNDljYTRmNjc0ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUtR2nXK2Hva9bww7y8og3vyFWLI
2FRuQANeXuH5MtgVfifXsmUUZTKYzThLoM7w4m54DT0Ed65ae3OalxGcyo5IKdc5
Jt+xGj/9Sh8kEE22egKIw+tRg8iDVdAC+ah2u8RKwLCVODa6BzwzdSQ+9bayeLKs
BojNfR0R027eCVvsZtHWexfoElkEsdF7A17DweHwqcPOp0wh10vjXbe+mBVObCU0
JSB68apklxBzXpfM2Jt+CchlibliDQsKafjsmf6VfwIr5ZNId+3FMeHVw5scsrRw
wWE1s/gT/h9ud62EXHj8Xm5ptawUqCdupVGPEHQvp+BGhJlBnHeGEu/WbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVUaCPwZMPsztlD3CugScpPZ00wMB8GA1UdIwQY
MBaAFM4sUF933KgRfvBiVxB0TLNZc2sZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveml4UVgzZmNxQkYtOEdKWEVIUk1zMWx6YXhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wOWY5MTgtYWNlZC00MmE4LThhM2Et
MzNlMjcwNWI0YzNlLzEvMVZSb0lfQmt3LXpPMlVQY0s2Qkp5azluVFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wOWY5MTgtYWNlZC00MmE4LThhM2EtMzNlMjcwNWI0YzNl
LzEveml4UVgzZmNxQkYtOEdKWEVIUk1zMWx6YXhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLh+AMA0G
CSqGSIb3DQEBCwUAA4IBAQBScYESeLKPje4zp8NFT4vrcDxPFS1PYvhu3eWBUqg1
MlvTLKSmqhsUejI/uhWYz1rIlsapQGNuFnoD2h8it1nt2OCJ2a0myPEVW/FaJ140
Rs3YSQqfWeYzvyKdcIqtvgm4/8pS62mRsL5e8Xi+okgoVJyB77Kd2hyf03HFWeqv
5Orcbf3cDvhBhb18ELsPO7wpnn0sIx6lcvE2Wgcdi4sR+NgPiePLvJqhda1OmGl6
xGIY317UXrwAxkjqXAeOOCYMtO9hLJ3b/qd/BJahqTwRmI2g9jmEzUfFpEoDS89a
WAeTGJLMfTv6t+TknHTNAdjDvZvlQxcwTGeovRjlane0
-----END CERTIFICATE-----