Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/o80vuntiOHyM_DGd8zJe24AzCZI.roa
File:                     o80vuntiOHyM_DGd8zJe24AzCZI.roa (raw, json)
Hash identifier:          SQ6l+4+ufr3QSd4mD7NbJjK85h6jk9sPh9x1WVBfD68=
Subject key identifier:   A3:CD:2F:BA:7B:62:38:7C:8C:FC:31:9D:F3:32:5E:DB:80:33:09:92
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC5014BC7A8F381D764956EC2ED3D87A0
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/o80vuntiOHyM_DGd8zJe24AzCZI.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50233
IP address blocks:        212.31.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4b:c7:a8:f3:81:d7:64:95:6e:c2:ed:3d:87:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3cd2fba7b62387c8cfc319df3325edb80330992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b3:d4:e2:c3:0c:2d:69:7a:18:28:a2:97:88:
                    9d:35:6c:c3:99:c2:89:08:76:9c:c4:46:a4:e2:b3:
                    d8:4b:b4:3c:6d:a4:95:44:0f:9a:f6:5f:53:99:86:
                    af:62:67:7e:ad:cd:9d:88:66:39:99:dd:30:c7:c4:
                    17:88:4d:ae:87:9a:fc:69:43:85:11:51:f4:b3:86:
                    5f:f7:dc:c6:99:37:57:f4:0e:ab:96:fa:45:f2:f5:
                    83:43:88:0e:17:57:6d:21:c1:fe:86:3a:39:69:53:
                    b9:05:a8:ea:ce:6f:31:aa:7c:55:f0:f2:f3:fd:4e:
                    80:08:ad:66:84:68:d6:6c:bf:c6:71:12:78:7b:03:
                    59:43:6d:aa:19:9b:93:ba:dd:b7:27:9d:de:df:fa:
                    e6:74:b0:0e:91:a5:57:cc:9d:a0:f0:52:22:d8:e5:
                    6e:8f:1d:d7:8e:e3:b6:04:c5:9c:b6:51:f7:84:73:
                    21:88:cb:83:4d:90:a8:fa:33:ef:59:73:c9:5f:b9:
                    8f:3c:c5:31:8c:22:14:9b:44:ae:ea:a7:03:35:f8:
                    7c:3b:43:37:51:3c:b4:65:4b:d7:0c:59:e2:51:8a:
                    11:0e:49:71:0c:05:5d:34:7c:e9:3e:a0:70:bf:cd:
                    aa:49:05:07:c2:a7:84:2e:b8:97:ae:6a:92:c5:86:
                    9f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CD:2F:BA:7B:62:38:7C:8C:FC:31:9D:F3:32:5E:DB:80:33:09:92
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/o80vuntiOHyM_DGd8zJe24AzCZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.31.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:a3:ee:d6:81:79:03:13:c1:71:81:1e:45:aa:e2:d6:95:48:
         be:39:1e:a0:0f:15:82:92:3f:46:22:38:ea:d8:ac:72:1c:17:
         b0:bb:2c:ce:ab:13:8f:88:bd:21:94:7a:b7:e6:13:9d:3d:48:
         b6:6b:16:fd:71:59:ec:c9:00:88:93:9b:4b:ec:c7:e6:c3:5c:
         2c:ae:31:12:bd:ca:69:7b:dc:47:9f:55:4a:27:6c:a6:5c:de:
         59:77:5a:ae:86:de:6e:bc:fe:a4:53:1d:eb:7f:55:48:7d:cb:
         66:1f:cd:41:61:aa:a2:17:3f:54:cb:3a:e1:80:01:c0:73:35:
         22:7d:49:5d:7a:5d:4c:6d:a5:8e:cf:4a:50:37:80:89:e1:2a:
         0c:cb:82:24:00:37:54:8d:5b:ce:1c:13:a9:d6:fd:3d:37:37:
         80:7b:e5:d1:aa:29:30:2e:e3:c1:8b:ca:20:c3:2c:d9:33:a7:
         74:3e:fd:48:db:0b:c8:1f:0f:4f:16:c3:e6:4e:35:c8:e6:49:
         aa:1a:40:5d:84:78:c1:ab:1b:ce:52:2b:93:1f:d8:8d:be:44:
         4c:a5:15:03:68:4b:e3:1c:af:9d:64:fc:a1:0c:9b:23:c1:5e:
         ef:27:ef:19:64:e3:5a:0f:9d:5d:41:0f:1b:11:92:43:11:1b:
         57:f5:fe:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUvHqPOB12SVbsLtPYegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NkMmZiYTdiNjIzODdjOGNmYzMxOWRmMzMyNWVkYjgwMzMwOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibPU4sMMLWl6GCiil4idNWzDmcKJ
CHacxEak4rPYS7Q8baSVRA+a9l9TmYavYmd+rc2diGY5md0wx8QXiE2uh5r8aUOF
EVH0s4Zf99zGmTdX9A6rlvpF8vWDQ4gOF1dtIcH+hjo5aVO5Bajqzm8xqnxV8PLz
/U6ACK1mhGjWbL/GcRJ4ewNZQ22qGZuTut23J53e3/rmdLAOkaVXzJ2g8FIi2OVu
jx3XjuO2BMWctlH3hHMhiMuDTZCo+jPvWXPJX7mPPMUxjCIUm0Su6qcDNfh8O0M3
UTy0ZUvXDFniUYoRDklxDAVdNHzpPqBwv82qSQUHwqeELriXrmqSxYafaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPNL7p7Yjh8jPwxnfMyXtuAMwmSMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvbzgwdnVudGlPSHlNX0RHZDh6SmUyNEF6Q1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1B92MA0G
CSqGSIb3DQEBCwUAA4IBAQCfo+7WgXkDE8FxgR5FquLWlUi+OR6gDxWCkj9GIjjq
2KxyHBewuyzOqxOPiL0hlHq35hOdPUi2axb9cVnsyQCIk5tL7Mfmw1wsrjESvcpp
e9xHn1VKJ2ymXN5Zd1quht5uvP6kUx3rf1VIfctmH81BYaqiFz9UyzrhgAHAczUi
fUldel1MbaWOz0pQN4CJ4SoMy4IkADdUjVvOHBOp1v09NzeAe+XRqikwLuPBi8og
wyzZM6d0Pv1I2wvIHw9PFsPmTjXI5kmqGkBdhHjBqxvOUiuTH9iNvkRMpRUDaEvj
HK+dZPyhDJsjwV7vJ+8ZZONaD51dQQ8bEZJDERtX9f6N
-----END CERTIFICATE-----