Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/31-UyeR4pAkuuR-biZyGU0GXB48.roa
File:                     31-UyeR4pAkuuR-biZyGU0GXB48.roa (raw, json)
Hash identifier:          f1bYEAGtOnOD7D6kVH4ijNg398OtjxBZ8X4PzJaJ68w=
Subject key identifier:   DF:5F:94:C9:E4:78:A4:09:2E:B9:1F:9B:89:9C:86:53:41:97:07:8F
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       018CC4923C7D5B19F66F3BB787377610AEC9
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/31-UyeR4pAkuuR-biZyGU0GXB48.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34235
IP address blocks:        5.179.192.0/21 maxlen: 21
                          91.223.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3c:7d:5b:19:f6:6f:3b:b7:87:37:76:10:ae:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df5f94c9e478a4092eb91f9b899c86534197078f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fb:89:24:e8:41:f3:36:87:14:d3:06:fe:f1:
                    4d:08:7c:59:d3:16:d2:5c:48:94:21:1c:5e:73:d0:
                    e3:10:f5:bd:da:f0:cb:f8:dd:db:03:c3:82:23:04:
                    0d:7b:c4:d8:e5:18:05:67:f1:8e:9e:0f:c7:01:af:
                    99:20:a1:0b:f7:f4:c5:d8:c2:e7:fb:53:46:d6:df:
                    06:e2:42:9f:14:8b:db:27:df:c5:3b:a2:c1:f4:1f:
                    d3:19:2a:aa:ca:14:1c:f3:46:68:67:81:ef:d5:be:
                    f2:ac:e8:7f:ca:5c:5f:f2:85:92:3f:c5:c8:47:89:
                    0b:57:1f:42:d9:29:6c:ac:69:a5:1b:80:7d:a0:67:
                    54:32:b4:fb:55:c9:c4:13:06:80:18:97:cc:75:e7:
                    91:e4:c7:4f:fa:bc:46:bd:44:44:15:8b:94:35:a1:
                    0d:90:75:81:07:f3:95:91:4e:61:75:ab:fc:36:2a:
                    73:32:45:fe:df:e4:31:d5:b3:57:cc:ee:e6:d6:e0:
                    d0:44:d0:59:36:1a:c2:f1:7b:e8:07:dc:9b:eb:5b:
                    3b:66:b6:41:8d:5d:e8:5f:d1:bc:b0:f3:2e:a3:e6:
                    a6:f8:f2:d4:5f:b5:0b:5a:db:60:7d:6d:90:3a:9c:
                    a5:dc:a2:91:f9:62:b4:f2:5e:2b:db:6e:d8:d8:35:
                    1e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5F:94:C9:E4:78:A4:09:2E:B9:1F:9B:89:9C:86:53:41:97:07:8F
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/31-UyeR4pAkuuR-biZyGU0GXB48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.192.0/21
                  91.223.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:03:dc:66:b4:3f:1f:dd:a9:c0:f4:c7:76:df:95:2e:e2:66:
         18:6a:64:c5:6f:2e:be:57:53:6f:68:26:ff:2a:ef:2b:e7:6e:
         53:70:04:b7:22:fd:13:5f:a7:99:cb:0d:3a:2e:c7:8a:25:f7:
         52:8c:ed:8d:9a:16:75:fe:6c:02:b8:fe:9d:6a:72:f1:59:a1:
         25:c6:3e:0b:c6:92:f8:25:06:c2:3b:9d:50:bc:10:36:b7:58:
         c4:89:7b:10:2e:6b:41:77:08:12:32:40:ec:78:84:e2:04:0d:
         7f:32:1e:98:af:62:15:7b:dc:77:75:97:8f:4b:9b:9f:f1:bc:
         7a:98:bd:5e:2b:4c:bc:45:64:c8:81:f8:32:bd:19:13:c9:f4:
         2e:91:eb:16:48:e5:9b:f9:ea:18:89:1f:ec:03:6c:48:12:ed:
         ca:bb:3e:0c:0e:39:fd:c5:74:fd:e4:37:e3:90:35:aa:61:5d:
         94:4c:11:9c:49:1b:88:b0:69:c1:0c:1e:80:d9:00:dd:5c:63:
         73:a7:b6:29:f1:b5:fe:20:fe:f4:77:59:1f:4b:f5:21:ce:95:
         47:ae:67:48:a9:29:0b:47:4f:d3:08:29:7f:21:16:77:e1:ba:
         fe:6a:3d:e6:4a:70:22:74:3e:41:6d:d5:2b:a8:30:6a:ce:34:
         9d:bd:e3:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkjx9Wxn2bzu3hzd2EK7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjVmOTRjOWU0NzhhNDA5MmViOTFmOWI4OTljODY1MzQxOTcwNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufuJJOhB8zaHFNMG/vFNCHxZ0xbS
XEiUIRxec9DjEPW92vDL+N3bA8OCIwQNe8TY5RgFZ/GOng/HAa+ZIKEL9/TF2MLn
+1NG1t8G4kKfFIvbJ9/FO6LB9B/TGSqqyhQc80ZoZ4Hv1b7yrOh/ylxf8oWSP8XI
R4kLVx9C2SlsrGmlG4B9oGdUMrT7VcnEEwaAGJfMdeeR5MdP+rxGvUREFYuUNaEN
kHWBB/OVkU5hdav8NipzMkX+3+Qx1bNXzO7m1uDQRNBZNhrC8XvoB9yb61s7ZrZB
jV3oX9G8sPMuo+am+PLUX7ULWttgfW2QOpyl3KKR+WK08l4r227Y2DUeyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN9flMnkeKQJLrkfm4mchlNBlwePMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvMzEtVXllUjRwQWt1dVItYmlaeUdVMEdYQjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBbPAAwQA
W9/9MA0GCSqGSIb3DQEBCwUAA4IBAQCeA9xmtD8f3anA9Md235Uu4mYYamTFby6+
V1NvaCb/Ku8r525TcAS3Iv0TX6eZyw06LseKJfdSjO2NmhZ1/mwCuP6danLxWaEl
xj4LxpL4JQbCO51QvBA2t1jEiXsQLmtBdwgSMkDseITiBA1/Mh6Yr2IVe9x3dZeP
S5uf8bx6mL1eK0y8RWTIgfgyvRkTyfQukesWSOWb+eoYiR/sA2xIEu3Kuz4MDjn9
xXT95DfjkDWqYV2UTBGcSRuIsGnBDB6A2QDdXGNzp7Yp8bX+IP70d1kfS/UhzpVH
rmdIqSkLR0/TCCl/IRZ34br+aj3mSnAidD5BbdUrqDBqzjSdveP2
-----END CERTIFICATE-----