Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/hJKcp__yCN-OsB-zHqIOJLrUx3k.roa
File:                     hJKcp__yCN-OsB-zHqIOJLrUx3k.roa (raw, json)
Hash identifier:          Kx5gB9MvKpGyWkHYfQs0cUZ+tjs/ej5atiAGmwmAOGA=
Subject key identifier:   84:92:9C:A7:FF:F2:08:DF:8E:B0:1F:B3:1E:A2:0E:24:BA:D4:C7:79
Certificate issuer:       /CN=02930f8c688c04d17433a2b9c7249bc625bce316
Certificate serial:       018CC80171248529FB251DABC13C0465EF4D
Authority key identifier: 02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/hJKcp__yCN-OsB-zHqIOJLrUx3k.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57849
IP address blocks:        31.47.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:24:85:29:fb:25:1d:ab:c1:3c:04:65:ef:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02930f8c688c04d17433a2b9c7249bc625bce316
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84929ca7fff208df8eb01fb31ea20e24bad4c779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9b:a9:26:b7:28:96:7b:d9:c0:48:a6:3a:22:
                    8b:06:03:49:e6:4b:53:aa:fe:d1:7d:9b:41:4e:78:
                    6e:ed:25:99:63:57:c7:f6:f7:7c:03:ae:32:5d:d4:
                    3b:d3:8d:1c:b7:1c:51:81:1a:dd:66:c6:24:77:8c:
                    ba:f1:0d:be:dc:3e:57:4b:44:6b:50:ad:08:65:4e:
                    c6:c3:c9:9e:80:bd:f3:5c:f6:13:31:f4:2a:c5:7b:
                    8b:1d:6c:87:a6:18:b8:b6:0e:b1:e7:70:e3:01:a1:
                    ad:5e:59:7f:e1:eb:7a:9b:cc:c0:e1:2e:c7:d2:27:
                    e7:14:84:e5:41:64:e1:bb:a0:b6:1a:4a:31:31:24:
                    0a:f0:49:7d:34:00:32:0b:58:6c:4d:45:81:f2:b8:
                    82:8b:87:f5:ec:22:ae:80:ea:70:61:6d:b4:ab:4e:
                    2b:b0:ce:f0:bd:bf:4a:29:53:03:70:4b:46:ed:cf:
                    80:d5:51:55:4e:a4:0c:56:38:56:e3:7a:e0:f1:d7:
                    37:57:4f:11:6f:b1:e2:c4:6e:16:5a:41:9d:68:c0:
                    58:95:ae:84:17:5e:ac:59:3b:40:e2:8e:ca:b3:e4:
                    b8:ac:d2:ac:0f:6e:1c:71:db:54:15:17:b0:9b:62:
                    8f:e7:2a:23:b6:7f:6a:eb:a5:0e:cd:77:b8:94:92:
                    0b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:92:9C:A7:FF:F2:08:DF:8E:B0:1F:B3:1E:A2:0E:24:BA:D4:C7:79
            X509v3 Authority Key Identifier:
                keyid:02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/hJKcp__yCN-OsB-zHqIOJLrUx3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1b:0c:78:bc:a8:59:e5:72:c9:d1:f1:06:08:a5:e9:8d:11:
         27:77:43:78:5c:0c:80:69:f0:87:bc:cc:ef:74:28:a5:f0:81:
         e1:ad:9b:66:20:fc:c5:37:71:1b:e4:c2:3b:c9:36:38:50:48:
         91:a2:ac:9d:90:08:e4:de:f7:4f:1a:91:60:e9:fa:b7:6a:fa:
         cb:4d:52:46:95:63:da:a9:cb:3d:4a:51:6f:d7:dc:42:ef:d6:
         b3:07:5f:73:23:79:ce:fc:12:68:af:0b:40:a8:b8:57:01:09:
         c6:10:9a:af:7b:3b:80:29:5d:89:c1:a5:6a:59:c8:e9:98:ec:
         90:51:d9:25:bf:c2:39:64:f4:90:e9:5a:e7:11:01:e3:22:8b:
         8d:1e:b2:9f:ed:7d:b7:d4:6a:db:1b:89:c9:4d:60:58:38:71:
         50:b5:bc:d2:58:0d:77:eb:6b:e1:7e:41:ff:19:47:7d:04:c8:
         f8:7e:cf:18:69:99:70:68:e9:8e:58:47:81:de:cb:51:37:38:
         ea:dd:07:7b:a9:f7:33:3a:34:c3:9c:e2:83:8a:22:91:73:5e:
         70:17:6f:5e:ce:b2:9e:56:a6:c6:ab:1a:da:0a:d2:a2:75:3f:
         4a:6a:c0:02:bc:14:df:40:0a:ec:1a:d5:98:97:ce:09:f6:32:
         b2:fb:eb:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXEkhSn7JR2rwTwEZe9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTMwZjhjNjg4YzA0ZDE3NDMzYTJiOWM3MjQ5YmM2MjVi
Y2UzMTYwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDkyOWNhN2ZmZjIwOGRmOGViMDFmYjMxZWEyMGUyNGJhZDRjNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspupJrcolnvZwEimOiKLBgNJ5ktT
qv7RfZtBTnhu7SWZY1fH9vd8A64yXdQ7040ctxxRgRrdZsYkd4y68Q2+3D5XS0Rr
UK0IZU7Gw8megL3zXPYTMfQqxXuLHWyHphi4tg6x53DjAaGtXll/4et6m8zA4S7H
0ifnFITlQWThu6C2GkoxMSQK8El9NAAyC1hsTUWB8riCi4f17CKugOpwYW20q04r
sM7wvb9KKVMDcEtG7c+A1VFVTqQMVjhW43rg8dc3V08Rb7HixG4WWkGdaMBYla6E
F16sWTtA4o7Ks+S4rNKsD24ccdtUFRewm2KP5yojtn9q66UOzXe4lJILoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISSnKf/8gjfjrAfsx6iDiS61Md5MB8GA1UdIwQY
MBaAFAKTD4xojATRdDOiucckm8YlvOMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODct
YTRlOTkxYjBmMTQ0LzEvaEpLY3BfX3lDTi1Pc0ItekhxSU9KTHJVeDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODctYTRlOTkxYjBmMTQ0
LzEvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHy/FMA0G
CSqGSIb3DQEBCwUAA4IBAQBQGwx4vKhZ5XLJ0fEGCKXpjREnd0N4XAyAafCHvMzv
dCil8IHhrZtmIPzFN3Eb5MI7yTY4UEiRoqydkAjk3vdPGpFg6fq3avrLTVJGlWPa
qcs9SlFv19xC79azB19zI3nO/BJorwtAqLhXAQnGEJqvezuAKV2JwaVqWcjpmOyQ
Udklv8I5ZPSQ6VrnEQHjIouNHrKf7X231GrbG4nJTWBYOHFQtbzSWA1362vhfkH/
GUd9BMj4fs8YaZlwaOmOWEeB3stRNzjq3Qd7qfczOjTDnOKDiiKRc15wF29ezrKe
VqbGqxraCtKidT9KasACvBTfQArsGtWYl84J9jKy++tC
-----END CERTIFICATE-----