Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/GO15u0hUk--xOeD3TC0lvJq36_Q.roa
File:                     GO15u0hUk--xOeD3TC0lvJq36_Q.roa (raw, json)
Hash identifier:          wJUvU5m+rT/r7m7D+Jha+hvvcMCL6FBFg7dDDhPtbT0=
Subject key identifier:   18:ED:79:BB:48:54:93:EF:B1:39:E0:F7:4C:2D:25:BC:9A:B7:EB:F4
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       0190029E6A3A673F538689F9EA1BB27299D5
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/GO15u0hUk--xOeD3TC0lvJq36_Q.roa
Signing time:             Mon 10 Jun 2024 14:47:34 +0000
ROA not before:           Mon 10 Jun 2024 14:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        31.222.204.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:9e:6a:3a:67:3f:53:86:89:f9:ea:1b:b2:72:99:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jun 10 14:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18ed79bb485493efb139e0f74c2d25bc9ab7ebf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a2:8c:47:09:d8:a3:cd:4f:c4:56:95:fe:1e:
                    7c:8d:f2:b5:bd:8f:e9:96:9c:3c:03:b6:9a:6e:ed:
                    9d:91:2e:cb:bc:80:a4:4e:3e:cf:ef:96:8e:b7:49:
                    9f:df:4d:30:e0:5f:24:b0:37:a0:e4:07:16:40:69:
                    df:f9:7f:b8:d5:c6:af:78:ae:d8:4f:0a:bf:a7:bd:
                    9b:1c:d9:fa:c1:7e:c1:4b:6a:63:4d:ba:d0:97:6d:
                    a7:f4:f5:08:22:2c:f1:0b:da:e8:c4:c9:c3:f3:58:
                    44:96:97:48:d3:5a:86:c8:cb:94:2a:b9:34:99:34:
                    ec:3a:14:fe:f4:97:c3:64:0c:cf:37:3e:a3:fb:ca:
                    ba:75:ea:60:1a:84:8b:d4:d6:eb:fa:7a:3b:dc:7f:
                    f2:27:0b:dd:25:f9:e4:58:f4:3f:21:7a:60:33:6b:
                    83:76:1c:9a:0f:e4:1e:92:fe:cc:d9:58:6e:b4:2d:
                    f3:9d:f0:16:fd:85:7f:f1:92:81:fe:5e:e9:aa:54:
                    15:c2:26:f7:34:0c:50:e4:4c:93:5f:a5:d9:d6:d5:
                    27:b3:4d:8c:ca:9e:2b:d0:17:da:34:7c:56:b9:2d:
                    a4:9d:2a:79:55:69:2e:87:3b:8b:a4:0f:a2:03:cb:
                    cb:7d:ff:5d:b2:5c:3f:27:55:7c:33:ec:8b:5f:bc:
                    77:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:ED:79:BB:48:54:93:EF:B1:39:E0:F7:4C:2D:25:BC:9A:B7:EB:F4
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/GO15u0hUk--xOeD3TC0lvJq36_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:2c:ef:c0:2f:7c:b1:a2:91:01:fe:42:22:34:ca:f9:9f:9d:
         16:ae:8a:c3:b1:df:74:2f:73:9d:4d:36:c4:dc:e6:9f:96:72:
         94:91:6d:63:bb:7c:75:89:4e:82:7c:45:ac:7b:bc:c4:3f:c3:
         63:3f:27:c1:10:c5:dd:1b:c8:c1:38:03:66:c8:6f:2d:93:d2:
         9d:94:c7:4e:dd:71:c5:04:c9:49:fd:25:04:63:6f:02:87:04:
         6a:ef:8a:18:56:a4:52:61:ea:61:b2:e8:38:c0:91:36:15:3f:
         e1:6e:06:9c:d5:3b:39:36:29:80:91:f3:4e:15:b4:a5:51:c3:
         2a:15:e2:3c:e1:62:d6:c4:b0:56:41:ca:1b:9c:4b:b3:47:1f:
         ec:f9:b3:8f:99:89:cf:66:72:cd:57:4c:25:7b:6b:19:10:f4:
         4f:95:a1:88:c1:4b:9b:ab:a5:30:96:f7:32:67:a4:8e:ee:2c:
         e5:ae:16:e2:f8:2e:50:8e:16:a6:94:c7:5a:a2:ef:ad:a3:fb:
         c8:44:88:cc:4b:3b:0a:86:d9:67:77:c0:6c:9e:fb:4e:5f:20:
         18:49:fc:72:4b:87:68:84:5a:a3:9d:db:bc:70:27:bd:e4:47:
         54:d2:40:5d:18:de:83:03:c2:88:6b:6b:73:51:39:41:7c:71:
         4f:21:7c:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZACnmo6Zz9Thon56huycpnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjQwNjEwMTQ0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGVkNzliYjQ4NTQ5M2VmYjEzOWUwZjc0YzJkMjViYzlhYjdlYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqKMRwnYo81PxFaV/h58jfK1vY/p
lpw8A7aabu2dkS7LvICkTj7P75aOt0mf300w4F8ksDeg5AcWQGnf+X+41caveK7Y
Twq/p72bHNn6wX7BS2pjTbrQl22n9PUIIizxC9roxMnD81hElpdI01qGyMuUKrk0
mTTsOhT+9JfDZAzPNz6j+8q6depgGoSL1Nbr+no73H/yJwvdJfnkWPQ/IXpgM2uD
dhyaD+Qekv7M2VhutC3znfAW/YV/8ZKB/l7pqlQVwib3NAxQ5EyTX6XZ1tUns02M
yp4r0BfaNHxWuS2knSp5VWkuhzuLpA+iA8vLff9dslw/J1V8M+yLX7x34QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjtebtIVJPvsTng90wtJbyat+v0MB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvR08xNXUwaFVrLS14T2VEM1RDMGx2SnEzNl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH97MMA0G
CSqGSIb3DQEBCwUAA4IBAQBuLO/AL3yxopEB/kIiNMr5n50WrorDsd90L3OdTTbE
3OaflnKUkW1ju3x1iU6CfEWse7zEP8NjPyfBEMXdG8jBOANmyG8tk9KdlMdO3XHF
BMlJ/SUEY28ChwRq74oYVqRSYephsug4wJE2FT/hbgac1Ts5NimAkfNOFbSlUcMq
FeI84WLWxLBWQcobnEuzRx/s+bOPmYnPZnLNV0wle2sZEPRPlaGIwUubq6Uwlvcy
Z6SO7izlrhbi+C5QjhamlMdaou+to/vIRIjMSzsKhtlnd8BsnvtOXyAYSfxyS4do
hFqjndu8cCe95EdU0kBdGN6DA8KIa2tzUTlBfHFPIXxq
-----END CERTIFICATE-----