Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/SOWQ9Nz8c50X7_nnJGZDot7Wn20.roa
File:                     SOWQ9Nz8c50X7_nnJGZDot7Wn20.roa (raw, json)
Hash identifier:          ipGQ3CqNA58AUodLqCVaAghZfbjAffR0i8QRi9vX86Y=
Subject key identifier:   48:E5:90:F4:DC:FC:73:9D:17:EF:F9:E7:24:66:43:A2:DE:D6:9F:6D
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC424844F44C05C81592BE62FEF2F2F81
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/SOWQ9Nz8c50X7_nnJGZDot7Wn20.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48641
IP address blocks:        31.133.96.0/23 maxlen: 23
                          2a04:d040::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:84:4f:44:c0:5c:81:59:2b:e6:2f:ef:2f:2f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48e590f4dcfc739d17eff9e7246643a2ded69f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f7:b2:e7:dc:e1:17:e6:ac:c1:c6:6f:58:d6:
                    dd:d2:28:55:85:ba:fe:11:1e:fa:20:51:fe:39:e4:
                    ef:ec:d5:44:3d:93:06:0b:ce:27:67:65:a5:0c:b2:
                    b9:a7:f2:db:75:c3:9f:f1:2e:1c:05:6f:72:ae:67:
                    cf:79:b6:b2:d0:c1:43:b3:27:de:b1:10:61:1b:27:
                    98:f0:42:f5:96:96:8e:67:22:6b:e8:bd:93:4e:ae:
                    b9:de:84:0c:45:f3:11:eb:81:ba:a0:6f:a3:7d:c2:
                    f7:8d:a1:cd:0f:1b:48:22:8f:69:b0:70:e9:11:57:
                    11:60:86:96:eb:ff:ed:b8:30:f3:6a:78:62:27:f7:
                    bc:ca:3c:a0:55:4e:f7:19:16:1a:81:be:b5:03:ff:
                    29:fb:7a:24:09:6e:f1:9b:2b:f0:4b:3d:72:c1:47:
                    8d:95:02:56:e1:91:7a:76:d5:25:e4:2f:58:88:15:
                    a6:02:5d:6d:67:7c:44:16:62:32:4b:a4:81:3f:7b:
                    64:3b:2c:ce:dd:88:5c:4e:6a:96:44:ba:84:0c:de:
                    45:a3:9c:96:9e:ea:0e:d0:e6:66:d7:c9:c8:d7:4f:
                    0d:28:a8:e8:8b:29:d9:a3:fd:4e:f9:47:7b:62:46:
                    aa:54:bb:6f:ed:f1:89:15:44:8c:ee:1f:92:ef:1b:
                    48:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:E5:90:F4:DC:FC:73:9D:17:EF:F9:E7:24:66:43:A2:DE:D6:9F:6D
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/SOWQ9Nz8c50X7_nnJGZDot7Wn20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.96.0/23
                IPv6:
                  2a04:d040::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:40:33:4b:99:d3:37:63:27:a5:d4:e9:2c:d1:8c:4c:c2:30:
         32:16:57:b1:af:d9:ee:f9:48:1a:d2:55:a9:7a:15:de:ea:be:
         ce:8d:01:d8:89:8c:d5:33:a0:f7:43:01:d5:5e:dd:60:e4:7a:
         f0:c5:e6:d2:f6:ba:fd:94:b7:25:c2:64:78:be:a5:d7:75:db:
         94:72:db:41:ff:57:8d:28:ef:e5:42:88:ec:5f:eb:32:6e:da:
         16:5f:19:eb:51:0f:db:4c:0f:b5:0c:b8:51:9e:61:40:2f:f8:
         d3:56:6c:a6:59:50:fa:0c:f1:95:5e:7c:9b:90:3a:2d:2d:76:
         70:12:3e:4b:b1:49:13:8e:d9:57:e6:26:76:78:27:7b:10:49:
         b1:a8:aa:bc:ab:69:00:1e:1f:9a:dd:9b:a0:e4:2d:07:bf:40:
         d3:c9:b2:13:c6:45:3e:59:7b:92:74:b6:f3:8f:4e:9a:c2:02:
         86:0b:d1:b5:35:05:3d:a3:66:53:f5:57:0a:7c:c6:9d:d0:08:
         a6:b3:48:5b:88:6f:87:cc:ed:f6:6d:ee:a6:a3:12:4b:7e:3c:
         db:4d:08:6c:7e:bd:66:d6:cb:6b:2a:93:d9:43:d6:9f:b5:a8:
         ad:7a:eb:96:22:05:a9:cd:eb:c6:ed:8f:7f:7b:6e:7d:05:b9:
         57:c3:a2:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJIRPRMBcgVkr5i/vLy+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGU1OTBmNGRjZmM3MzlkMTdlZmY5ZTcyNDY2NDNhMmRlZDY5ZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfey59zhF+aswcZvWNbd0ihVhbr+
ER76IFH+OeTv7NVEPZMGC84nZ2WlDLK5p/LbdcOf8S4cBW9yrmfPebay0MFDsyfe
sRBhGyeY8EL1lpaOZyJr6L2TTq653oQMRfMR64G6oG+jfcL3jaHNDxtIIo9psHDp
EVcRYIaW6//tuDDzanhiJ/e8yjygVU73GRYagb61A/8p+3okCW7xmyvwSz1ywUeN
lQJW4ZF6dtUl5C9YiBWmAl1tZ3xEFmIyS6SBP3tkOyzO3YhcTmqWRLqEDN5Fo5yW
nuoO0OZm18nI108NKKjoiynZo/1O+Ud7YkaqVLtv7fGJFUSM7h+S7xtISwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEjlkPTc/HOdF+/55yRmQ6Le1p9tMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvU09XUTlOejhjNTBYN19ubkpHWkRvdDdXbjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBH4VgMA0E
AgACMAcDBQMqBNBAMA0GCSqGSIb3DQEBCwUAA4IBAQBKQDNLmdM3Yyel1Oks0YxM
wjAyFlexr9nu+Uga0lWpehXe6r7OjQHYiYzVM6D3QwHVXt1g5HrwxebS9rr9lLcl
wmR4vqXXdduUcttB/1eNKO/lQojsX+sybtoWXxnrUQ/bTA+1DLhRnmFAL/jTVmym
WVD6DPGVXnybkDotLXZwEj5LsUkTjtlX5iZ2eCd7EEmxqKq8q2kAHh+a3Zug5C0H
v0DTybITxkU+WXuSdLbzj06awgKGC9G1NQU9o2ZT9VcKfMad0Aims0hbiG+HzO32
be6moxJLfjzbTQhsfr1m1strKpPZQ9aftaiteuuWIgWpzevG7Y9/e259BblXw6IJ
-----END CERTIFICATE-----