Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/tw1Uy5ll6ecznL-73Fi_jZ534Uo.roa
File:                     tw1Uy5ll6ecznL-73Fi_jZ534Uo.roa (raw, json)
Hash identifier:          8HUZIW3ZZP4aO2N3HmxLsM+NcN+9j87yHdt0TMSVq04=
Subject key identifier:   B7:0D:54:CB:99:65:E9:E7:33:9C:BF:BB:DC:58:BF:8D:9E:77:E1:4A
Certificate issuer:       /CN=e618eff923e35bf83792353c4633ca2300f75b6c
Certificate serial:       019424459830170376FA4F05E64225E32830
Authority key identifier: E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/tw1Uy5ll6ecznL-73Fi_jZ534Uo.roa
Signing time:             Wed 01 Jan 2025 23:48:48 +0000
ROA not before:           Wed 01 Jan 2025 23:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        31.193.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:98:30:17:03:76:fa:4f:05:e6:42:25:e3:28:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e618eff923e35bf83792353c4633ca2300f75b6c
        Validity
            Not Before: Jan  1 23:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b70d54cb9965e9e7339cbfbbdc58bf8d9e77e14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4b:b5:a4:85:30:07:5e:39:69:05:86:26:74:
                    94:08:8b:bf:30:ec:89:c4:03:49:db:90:d2:31:7e:
                    d9:66:45:4b:d4:d3:11:da:42:5f:47:a0:5c:c0:0f:
                    86:38:07:c0:82:9c:f6:27:12:55:fa:6a:7b:50:41:
                    2b:25:89:08:88:c8:19:98:1e:09:10:44:9e:0b:9d:
                    cd:b7:80:4d:37:8d:4d:e3:8b:f5:6a:62:d4:ab:22:
                    1d:9e:37:c3:e7:57:a0:66:db:a1:ad:89:2d:f6:75:
                    2f:5b:d2:5c:9a:98:e4:14:9f:c8:64:cb:2d:94:48:
                    2f:e5:15:d6:4f:49:f2:9e:11:b4:9a:11:b9:02:43:
                    90:e4:6a:1e:83:a8:24:58:3e:29:05:73:6b:87:3f:
                    13:23:60:8a:89:1f:c0:f1:39:99:03:e8:d1:4d:88:
                    5e:d9:4a:b8:0f:a5:86:cf:a5:e2:c7:76:00:27:63:
                    0d:72:9d:35:6b:25:4e:fc:a3:a0:f0:64:69:0c:57:
                    a8:a7:d3:9e:d1:ff:bf:15:e6:d4:03:f7:34:80:e7:
                    43:8c:97:0a:e2:e2:26:bb:ea:e2:fe:34:c5:97:93:
                    a3:f7:12:32:3a:90:cb:c8:8d:92:5c:56:89:70:c3:
                    97:e4:3e:22:8f:b8:c7:b2:15:ba:44:30:e9:19:2d:
                    83:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:0D:54:CB:99:65:E9:E7:33:9C:BF:BB:DC:58:BF:8D:9E:77:E1:4A
            X509v3 Authority Key Identifier:
                keyid:E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/tw1Uy5ll6ecznL-73Fi_jZ534Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:c8:c8:aa:3c:58:34:71:79:71:00:eb:26:fd:16:77:77:2c:
         61:d1:e5:89:a1:1c:d4:81:50:d4:3b:28:af:a9:c7:fe:c7:ff:
         60:50:af:5f:0f:c0:4d:62:f6:d2:01:ea:57:05:ec:e2:ce:5e:
         9a:b6:72:94:47:f3:b1:ad:2a:0c:cd:97:de:ef:51:a3:3f:ca:
         81:5f:46:46:c4:15:ef:74:23:60:3f:5c:23:1f:ec:2c:00:b8:
         fe:01:64:bc:ab:90:78:c7:73:f0:cb:d7:23:6d:3c:53:f8:41:
         a6:6c:5b:3b:35:41:76:a0:9a:3a:1b:5c:90:f9:22:9c:5e:03:
         da:6c:9c:bc:82:bc:f4:24:ef:f9:73:59:6d:17:ec:60:e8:6b:
         89:dd:e0:f5:bc:e9:b1:6b:84:24:a6:45:d8:0e:b4:87:da:1b:
         55:5b:94:6e:f5:e8:e3:fd:02:33:f9:c4:8d:c8:5e:41:ce:74:
         bb:a7:e1:ef:d4:ba:9a:68:b8:e5:f1:ac:86:80:7e:61:cc:8f:
         27:18:7a:4d:10:1c:cc:f5:dd:a6:6d:34:76:e2:9a:ee:64:14:
         3d:0a:93:ec:c7:80:24:69:f6:02:da:9e:81:10:c1:a9:71:15:
         e0:6e:b1:87:1b:8f:65:6d:6f:3a:79:96:e3:32:a9:88:c4:cb:
         b8:72:59:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRZgwFwN2+k8F5kIl4ygwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MThlZmY5MjNlMzViZjgzNzkyMzUzYzQ2MzNjYTIzMDBm
NzViNmMwHhcNMjUwMTAxMjM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBkNTRjYjk5NjVlOWU3MzM5Y2JmYmJkYzU4YmY4ZDllNzdlMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30u1pIUwB145aQWGJnSUCIu/MOyJ
xANJ25DSMX7ZZkVL1NMR2kJfR6BcwA+GOAfAgpz2JxJV+mp7UEErJYkIiMgZmB4J
EESeC53Nt4BNN41N44v1amLUqyIdnjfD51egZtuhrYkt9nUvW9JcmpjkFJ/IZMst
lEgv5RXWT0nynhG0mhG5AkOQ5Goeg6gkWD4pBXNrhz8TI2CKiR/A8TmZA+jRTYhe
2Uq4D6WGz6Xix3YAJ2MNcp01ayVO/KOg8GRpDFeop9Oe0f+/FebUA/c0gOdDjJcK
4uImu+ri/jTFl5Oj9xIyOpDLyI2SXFaJcMOX5D4ij7jHshW6RDDpGS2DJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcNVMuZZennM5y/u9xYv42ed+FKMB8GA1UdIwQY
MBaAFOYY7/kj41v4N5I1PEYzyiMA91tsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUt
ZGVkYzVhNjk2NGZjLzEvdHcxVXk1bGw2ZWN6bkwtNzNGaV9qWjUzNFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUtZGVkYzVhNjk2NGZj
LzEvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G/MA0G
CSqGSIb3DQEBCwUAA4IBAQAmyMiqPFg0cXlxAOsm/RZ3dyxh0eWJoRzUgVDUOyiv
qcf+x/9gUK9fD8BNYvbSAepXBezizl6atnKUR/OxrSoMzZfe71GjP8qBX0ZGxBXv
dCNgP1wjH+wsALj+AWS8q5B4x3Pwy9cjbTxT+EGmbFs7NUF2oJo6G1yQ+SKcXgPa
bJy8grz0JO/5c1ltF+xg6GuJ3eD1vOmxa4QkpkXYDrSH2htVW5Ru9ejj/QIz+cSN
yF5BznS7p+Hv1LqaaLjl8ayGgH5hzI8nGHpNEBzM9d2mbTR24pruZBQ9CpPsx4Ak
afYC2p6BEMGpcRXgbrGHG49lbW86eZbjMqmIxMu4clkl
-----END CERTIFICATE-----