Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/nAEeOljdfjmUrTtKHCmdse5HIUQ.roa
File:                     nAEeOljdfjmUrTtKHCmdse5HIUQ.roa (raw, json)
Hash identifier:          6lNLUdGCLsYYW+Uu2Ct57V4Z84VTvW+oIx8ctf9Jouk=
Subject key identifier:   9C:01:1E:3A:58:DD:7E:39:94:AD:3B:4A:1C:29:9D:B1:EE:47:21:44
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       0194266B822E24027DABACF8283BA8DA2AEE
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/nAEeOljdfjmUrTtKHCmdse5HIUQ.roa
Signing time:             Thu 02 Jan 2025 09:49:27 +0000
ROA not before:           Thu 02 Jan 2025 09:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50233
IP address blocks:        212.31.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:82:2e:24:02:7d:ab:ac:f8:28:3b:a8:da:2a:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  2 09:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c011e3a58dd7e3994ad3b4a1c299db1ee472144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:45:bf:b7:b3:48:ef:be:5f:74:0b:61:06:d7:
                    d0:49:4f:00:73:c8:6b:0b:e7:bf:07:9e:bf:bb:05:
                    0f:8e:2d:45:8b:38:ae:d2:df:80:e6:f1:76:16:70:
                    87:20:c5:aa:5c:8b:3c:a1:94:65:ac:fb:2f:5c:66:
                    b8:20:48:0a:5b:dd:80:ef:99:0d:dc:61:49:8d:6e:
                    fe:ba:f0:73:7a:a8:16:dd:36:1e:e7:c7:84:9e:1c:
                    2c:04:5c:74:a3:67:43:39:71:f7:13:55:e0:f1:47:
                    e1:04:87:a0:97:e9:15:93:8b:96:68:18:2e:bc:81:
                    3d:60:b2:5b:bc:32:7c:4c:3c:ac:71:1b:b3:ba:6f:
                    e4:69:23:01:15:e8:ca:ac:81:0c:af:d1:da:51:79:
                    0c:8e:72:d8:07:79:cc:ae:16:38:de:a9:4a:fb:e0:
                    d1:69:47:86:73:ef:c0:d0:07:da:b0:87:4a:5f:4c:
                    0d:0c:f2:76:d6:f4:c7:0a:e9:29:66:92:13:44:f3:
                    8d:8e:2b:f3:f8:20:c0:09:bc:f5:3f:d8:8f:9f:9e:
                    4b:e4:64:7c:56:8b:e8:3b:4d:08:e2:67:92:fa:ca:
                    a0:3b:d4:cc:51:1c:37:de:99:00:39:63:16:3f:01:
                    b4:0d:39:dc:b4:d9:6a:ff:4a:4d:b1:6a:46:bf:a2:
                    09:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:01:1E:3A:58:DD:7E:39:94:AD:3B:4A:1C:29:9D:B1:EE:47:21:44
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/nAEeOljdfjmUrTtKHCmdse5HIUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.31.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:40:3e:f6:d1:fa:ed:e4:df:31:e7:8b:d6:c6:d4:99:c6:db:
         a7:da:00:75:21:ab:b5:5a:cf:5c:de:6d:c5:1e:14:34:84:c6:
         44:33:5b:d9:c5:73:cf:94:11:b7:8d:fa:c2:50:a9:d3:a6:f1:
         d3:59:48:85:78:6b:48:de:e0:a0:c7:36:8b:77:de:64:b9:84:
         81:1d:fa:29:b6:02:c8:de:f5:73:a9:7d:48:48:5a:51:c6:6a:
         ec:f1:93:09:7b:5b:4e:40:c7:eb:55:76:67:ab:a4:51:3e:18:
         01:b8:40:d7:de:bf:61:00:c4:45:3d:0e:0c:4f:84:62:58:c1:
         65:e2:53:ba:86:18:21:f5:f4:4e:4b:42:a9:99:93:6a:98:43:
         e6:b0:11:a2:3a:13:24:06:01:43:d6:95:88:4b:cb:f1:10:42:
         f6:d4:84:3b:c9:82:c1:f1:a9:03:d8:d0:80:d0:f0:17:fa:aa:
         f8:a6:4d:4c:95:4a:74:a7:d1:4f:a1:4d:d6:97:cf:d0:d2:b0:
         ce:f9:e8:77:35:6b:e6:52:e7:e1:91:ee:72:2b:32:9f:fb:df:
         28:a7:8f:95:81:ae:6d:11:46:e8:3b:f2:29:a7:0b:b8:ce:c4:
         a6:cc:08:8d:68:cf:82:4d:e6:0d:3a:c0:28:87:e9:73:6d:91:
         4a:3a:22:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4IuJAJ9q6z4KDuo2iruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjUwMTAyMDk0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzAxMWUzYTU4ZGQ3ZTM5OTRhZDNiNGExYzI5OWRiMWVlNDcyMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EW/t7NI775fdAthBtfQSU8Ac8hr
C+e/B56/uwUPji1Fiziu0t+A5vF2FnCHIMWqXIs8oZRlrPsvXGa4IEgKW92A75kN
3GFJjW7+uvBzeqgW3TYe58eEnhwsBFx0o2dDOXH3E1Xg8UfhBIegl+kVk4uWaBgu
vIE9YLJbvDJ8TDyscRuzum/kaSMBFejKrIEMr9HaUXkMjnLYB3nMrhY43qlK++DR
aUeGc+/A0AfasIdKX0wNDPJ21vTHCukpZpITRPONjivz+CDACbz1P9iPn55L5GR8
VovoO00I4meS+sqgO9TMURw33pkAOWMWPwG0DTnctNlq/0pNsWpGv6IJQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwBHjpY3X45lK07ShwpnbHuRyFEMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvbkFFZU9samRmam1VclR0S0hDbWRzZTVISVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1B92MA0G
CSqGSIb3DQEBCwUAA4IBAQBSQD720frt5N8x54vWxtSZxtun2gB1Iau1Ws9c3m3F
HhQ0hMZEM1vZxXPPlBG3jfrCUKnTpvHTWUiFeGtI3uCgxzaLd95kuYSBHfoptgLI
3vVzqX1ISFpRxmrs8ZMJe1tOQMfrVXZnq6RRPhgBuEDX3r9hAMRFPQ4MT4RiWMFl
4lO6hhgh9fROS0KpmZNqmEPmsBGiOhMkBgFD1pWIS8vxEEL21IQ7yYLB8akD2NCA
0PAX+qr4pk1MlUp0p9FPoU3Wl8/Q0rDO+eh3NWvmUufhke5yKzKf+98op4+Vga5t
EUboO/Ippwu4zsSmzAiNaM+CTeYNOsAoh+lzbZFKOiLM
-----END CERTIFICATE-----