Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/5HWRva5iyxcfuLMntGPqSdoHh5Y.roa
File:                     5HWRva5iyxcfuLMntGPqSdoHh5Y.roa (raw, json)
Hash identifier:          SnZWswcta6QtsV9aXgVm14IVLWYZPNK0FxJf7I2YmdQ=
Subject key identifier:   E4:75:91:BD:AE:62:CB:17:1F:B8:B3:27:B4:63:EA:49:DA:07:87:96
Certificate issuer:       /CN=08418e9690d0fb711abf3874e1c500a627693c0a
Certificate serial:       018CC726E3277F039D9FEC0ABB1333B7DD0B
Authority key identifier: 08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/5HWRva5iyxcfuLMntGPqSdoHh5Y.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33171
IP address blocks:        31.217.254.0/24 maxlen: 24
                          2a11:7346::/32 maxlen: 32
                          2a11:7347::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e3:27:7f:03:9d:9f:ec:0a:bb:13:33:b7:dd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08418e9690d0fb711abf3874e1c500a627693c0a
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e47591bdae62cb171fb8b327b463ea49da078796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2c:86:d7:7f:b7:0b:0a:50:b5:11:d2:97:15:
                    f4:53:fc:10:3d:36:d0:92:01:b5:3e:3c:0f:42:ba:
                    71:29:50:84:f3:74:6b:75:9b:be:d5:21:c1:40:78:
                    11:b6:ff:0b:84:1a:6c:1f:4d:fa:08:e3:8f:9c:c6:
                    5c:65:f1:9e:eb:7e:6b:0e:14:fa:9d:95:f4:dd:6d:
                    91:ac:c3:a1:12:f0:11:64:42:bc:5a:ed:2a:e6:81:
                    cd:5c:94:ba:f5:e8:ae:15:64:de:23:0c:c3:6b:3a:
                    be:52:a3:d2:d2:13:8c:12:56:08:cc:c3:58:2b:17:
                    6c:5b:cb:ad:56:39:7a:59:77:78:58:e6:92:a9:47:
                    b7:d0:81:08:94:83:be:9a:6b:47:cf:84:8a:55:44:
                    7d:13:2b:e4:26:f6:69:a0:7d:ec:73:91:a4:fc:ac:
                    8c:a7:e0:3d:1e:54:a1:1d:3f:98:90:1e:eb:66:1c:
                    6d:f2:2b:96:7f:9c:49:18:55:7e:81:53:f8:2a:a3:
                    6b:ee:86:9e:d0:93:7b:11:83:23:d7:25:39:3d:c2:
                    b6:5f:7d:f0:31:d6:bd:a8:73:a0:c3:f3:21:80:a7:
                    67:a1:d5:f7:1f:9f:44:1b:86:db:1d:e9:0e:e5:c4:
                    53:87:9f:9f:ff:a7:ec:5d:94:5f:ef:d5:b8:c4:c4:
                    a7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:75:91:BD:AE:62:CB:17:1F:B8:B3:27:B4:63:EA:49:DA:07:87:96
            X509v3 Authority Key Identifier:
                keyid:08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/5HWRva5iyxcfuLMntGPqSdoHh5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.254.0/24
                IPv6:
                  2a11:7346::/31

    Signature Algorithm: sha256WithRSAEncryption
         5b:6e:32:4e:00:67:35:e8:31:ae:3a:eb:8f:dd:86:87:30:35:
         a3:3b:4b:c5:f1:e8:4b:80:2d:e5:c5:8a:7a:22:e2:9a:48:e5:
         da:aa:0d:00:4e:9b:43:84:75:03:fb:f9:fe:82:64:3c:7b:0c:
         56:ec:de:fb:e6:41:6e:e6:d3:f2:f4:b3:87:39:90:80:3a:76:
         d7:ea:44:0e:8e:0c:af:ab:87:05:b1:09:84:e8:a9:7d:01:f9:
         37:2c:75:fe:93:70:29:a7:24:9d:36:97:b9:2c:70:98:5e:2c:
         55:53:e3:e9:1f:79:d7:bd:9b:16:7a:1b:9c:97:eb:e7:35:63:
         68:46:da:a0:36:18:83:08:41:95:b6:c5:2b:02:e8:78:75:40:
         d7:df:9e:3e:74:29:4c:50:48:e5:a0:d0:3f:bc:1a:39:69:ac:
         86:3c:97:dd:4f:45:b3:96:6a:1c:05:b4:13:a4:f9:20:27:1a:
         9f:c9:92:91:17:77:83:e2:19:41:18:1f:67:0b:e5:87:c0:5f:
         b3:03:45:0b:c4:05:ae:fe:53:c5:da:bb:ec:f7:aa:98:0f:d3:
         0b:49:c7:cc:8a:57:31:a9:49:49:5c:d2:5a:08:51:97:fd:66:
         d7:d3:e4:fd:96:c7:17:06:3c:c7:de:90:d7:82:d3:17:7c:34:
         5d:8b:ed:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJuMnfwOdn+wKuxMzt90LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDE4ZTk2OTBkMGZiNzExYWJmMzg3NGUxYzUwMGE2Mjc2
OTNjMGEwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDc1OTFiZGFlNjJjYjE3MWZiOGIzMjdiNDYzZWE0OWRhMDc4Nzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSyG13+3CwpQtRHSlxX0U/wQPTbQ
kgG1PjwPQrpxKVCE83RrdZu+1SHBQHgRtv8LhBpsH036COOPnMZcZfGe635rDhT6
nZX03W2RrMOhEvARZEK8Wu0q5oHNXJS69eiuFWTeIwzDazq+UqPS0hOMElYIzMNY
KxdsW8utVjl6WXd4WOaSqUe30IEIlIO+mmtHz4SKVUR9EyvkJvZpoH3sc5Gk/KyM
p+A9HlShHT+YkB7rZhxt8iuWf5xJGFV+gVP4KqNr7oae0JN7EYMj1yU5PcK2X33w
Mda9qHOgw/MhgKdnodX3H59EG4bbHekO5cRTh5+f/6fsXZRf79W4xMSn/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOR1kb2uYssXH7izJ7Rj6knaB4eWMB8GA1UdIwQY
MBaAFAhBjpaQ0PtxGr84dOHFAKYnaTwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYt
MjJjMGNhMjEzMzgwLzEvNUhXUnZhNWl5eGNmdUxNbnRHUHFTZG9IaDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYtMjJjMGNhMjEzMzgw
LzEvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAH9n+MA0E
AgACMAcDBQEqEXNGMA0GCSqGSIb3DQEBCwUAA4IBAQBbbjJOAGc16DGuOuuP3YaH
MDWjO0vF8ehLgC3lxYp6IuKaSOXaqg0ATptDhHUD+/n+gmQ8ewxW7N775kFu5tPy
9LOHOZCAOnbX6kQOjgyvq4cFsQmE6Kl9Afk3LHX+k3AppySdNpe5LHCYXixVU+Pp
H3nXvZsWehucl+vnNWNoRtqgNhiDCEGVtsUrAuh4dUDX354+dClMUEjloNA/vBo5
aayGPJfdT0WzlmocBbQTpPkgJxqfyZKRF3eD4hlBGB9nC+WHwF+zA0ULxAWu/lPF
2rvs96qYD9MLScfMilcxqUlJXNJaCFGX/WbX0+T9lscXBjzH3pDXgtMXfDRdi+2M
-----END CERTIFICATE-----