Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/wuHCt2BHh06Bfff_BuCtG5z_hxY.roa
File:                     wuHCt2BHh06Bfff_BuCtG5z_hxY.roa (raw, json)
Hash identifier:          /M0WlOuHwpu23wrIhCr+n8JWrn1Ijygmq8J4TbPhLBs=
Subject key identifier:   C2:E1:C2:B7:60:47:87:4E:81:7D:F7:FF:06:E0:AD:1B:9C:FF:87:16
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1DA4359D9D32B2251A765F2452BD2
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/wuHCt2BHh06Bfff_BuCtG5z_hxY.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51120
IP address blocks:        31.46.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Feb 2025 17:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:da:43:59:d9:d3:2b:22:51:a7:65:f2:45:2b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2e1c2b76047874e817df7ff06e0ad1b9cff8716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5e:14:af:83:c6:76:fc:16:c5:b2:84:87:c7:
                    04:34:57:1c:6e:96:c6:e6:e2:c5:25:be:58:98:3e:
                    9f:f0:73:96:f2:46:50:15:36:f2:a5:8b:df:73:dc:
                    f3:b9:40:42:25:c0:52:9e:bc:a4:3f:da:52:56:8b:
                    0c:00:a2:5f:97:94:d3:f5:3f:8f:cd:9a:c0:d8:63:
                    23:84:86:55:68:9d:45:6b:05:b3:c4:e6:42:f3:d2:
                    24:15:f5:b1:2e:48:dd:61:c6:8c:7e:56:14:e0:5d:
                    68:e6:29:c7:7c:e9:e3:ca:7a:f9:7a:d7:cf:30:92:
                    29:2a:8e:68:16:cd:19:9c:0c:c9:3b:af:17:92:40:
                    df:02:45:4f:12:4a:4f:7a:ec:6e:26:6d:c7:17:2b:
                    32:d2:cc:54:42:eb:c3:35:18:89:43:da:45:73:e4:
                    24:3e:52:a3:4e:d2:66:6d:3c:4f:94:dc:4d:93:17:
                    56:28:00:76:05:5f:00:7a:26:37:9a:fe:ba:fb:4a:
                    1b:f5:03:cc:0a:52:a6:3a:29:09:2f:75:57:12:fb:
                    03:08:9e:ed:29:9d:40:90:a8:38:11:25:61:c2:ea:
                    15:f9:24:f8:9a:21:b4:af:59:52:ad:58:f0:2a:5d:
                    a5:a1:c8:2f:c9:be:49:69:db:25:1d:2a:3b:bc:d5:
                    a7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E1:C2:B7:60:47:87:4E:81:7D:F7:FF:06:E0:AD:1B:9C:FF:87:16
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/wuHCt2BHh06Bfff_BuCtG5z_hxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.46.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:33:b8:d0:29:89:d8:9f:8e:0c:18:18:4a:b6:4c:51:72:9b:
         3e:e4:b9:b1:41:e2:41:79:48:ab:63:05:96:c7:7a:9d:0e:fe:
         93:2a:ef:03:27:74:d4:65:90:d9:ae:6f:4d:8d:5b:f5:e9:9b:
         15:eb:33:72:47:cd:92:6b:ca:b9:33:0e:90:bf:d8:7a:15:e8:
         af:b4:98:c3:32:69:50:f5:66:6c:d8:c6:dd:b6:ac:e0:b6:97:
         d1:26:91:fa:f4:b5:bf:68:5c:45:b4:3d:9a:6f:43:b4:88:9e:
         e6:19:23:51:62:03:c4:a4:e8:ec:39:bf:14:8e:86:76:52:a0:
         70:6f:a4:43:c0:33:6a:0f:42:c0:37:e5:f4:8b:52:02:3b:d6:
         a7:3d:f4:ce:b3:eb:e4:dc:4e:be:16:a7:95:66:18:4d:44:00:
         6a:f9:a8:a9:52:11:f0:e5:a3:c3:37:ec:bd:d3:dc:56:ff:15:
         ee:c7:e3:a3:48:02:a7:a3:de:5d:25:a8:69:fc:fd:81:79:10:
         74:79:8b:c3:df:8f:54:7c:fa:ef:f3:b6:09:0c:7b:b7:f3:4f:
         38:9d:7b:86:df:30:73:e0:d2:05:72:b5:ec:42:3c:96:1c:4f:
         34:97:e2:82:61:96:75:a8:c1:40:75:96:e1:16:a9:7b:ae:32:
         dc:1b:9c:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdpDWdnTKyJRp2XyRSvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmUxYzJiNzYwNDc4NzRlODE3ZGY3ZmYwNmUwYWQxYjljZmY4NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql4Ur4PGdvwWxbKEh8cENFccbpbG
5uLFJb5YmD6f8HOW8kZQFTbypYvfc9zzuUBCJcBSnrykP9pSVosMAKJfl5TT9T+P
zZrA2GMjhIZVaJ1FawWzxOZC89IkFfWxLkjdYcaMflYU4F1o5inHfOnjynr5etfP
MJIpKo5oFs0ZnAzJO68XkkDfAkVPEkpPeuxuJm3HFysy0sxUQuvDNRiJQ9pFc+Qk
PlKjTtJmbTxPlNxNkxdWKAB2BV8AeiY3mv66+0ob9QPMClKmOikJL3VXEvsDCJ7t
KZ1AkKg4ESVhwuoV+ST4miG0r1lSrVjwKl2locgvyb5JadslHSo7vNWnhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLhwrdgR4dOgX33/wbgrRuc/4cWMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvd3VIQ3QyQkhoMDZCZmZmX0J1Q3RHNXpfaHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHy4XMA0G
CSqGSIb3DQEBCwUAA4IBAQA9M7jQKYnYn44MGBhKtkxRcps+5LmxQeJBeUirYwWW
x3qdDv6TKu8DJ3TUZZDZrm9NjVv16ZsV6zNyR82Sa8q5Mw6Qv9h6FeivtJjDMmlQ
9WZs2MbdtqzgtpfRJpH69LW/aFxFtD2ab0O0iJ7mGSNRYgPEpOjsOb8UjoZ2UqBw
b6RDwDNqD0LAN+X0i1ICO9anPfTOs+vk3E6+FqeVZhhNRABq+aipUhHw5aPDN+y9
09xW/xXux+OjSAKno95dJahp/P2BeRB0eYvD349UfPrv87YJDHu38084nXuG3zBz
4NIFcrXsQjyWHE80l+KCYZZ1qMFAdZbhFql7rjLcG5zf
-----END CERTIFICATE-----