Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/AOgdR3P2F9fJv0FmsQ6NcV95fYk.roa
File:                     AOgdR3P2F9fJv0FmsQ6NcV95fYk.roa (raw, json)
Hash identifier:          rXlERcg3EmKn2Sg8PD9MOab5PekyRteaKDqcdeebkos=
Subject key identifier:   00:E8:1D:47:73:F6:17:D7:C9:BF:41:66:B1:0E:8D:71:5F:79:7D:89
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       018CC94BE7CB3B412FD62CDE9713B1F5B05C
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/AOgdR3P2F9fJv0FmsQ6NcV95fYk.roa
Signing time:             Tue 02 Jan 2024 08:30:44 +0000
ROA not before:           Tue 02 Jan 2024 08:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210541
IP address blocks:        31.128.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e7:cb:3b:41:2f:d6:2c:de:97:13:b1:f5:b0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 08:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00e81d4773f617d7c9bf4166b10e8d715f797d89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:78:7e:27:92:11:a2:ea:b8:b1:cc:09:95:
                    71:71:a7:8a:a0:2e:c7:d9:9d:ae:29:1b:42:ed:aa:
                    da:c6:1d:32:f6:bd:61:19:dd:c1:66:1b:5d:ac:4e:
                    f3:67:72:ac:ca:bf:6d:21:78:e7:c3:d1:55:4b:f8:
                    73:fd:90:e9:82:12:45:73:5c:16:53:f0:88:f0:3d:
                    1e:76:78:99:34:90:05:3f:f6:65:fe:59:f5:11:3e:
                    ba:40:36:69:e6:dc:89:fe:f0:cb:95:44:08:db:83:
                    90:f9:ac:9f:3d:e6:41:e9:af:06:6c:02:06:ce:98:
                    b7:f8:d9:6e:a1:35:82:b5:c9:7f:55:ee:1c:a6:6e:
                    2f:43:e8:af:20:41:c1:ea:65:87:30:db:5e:c7:15:
                    9e:de:d9:de:2d:31:66:3b:65:a1:2a:ef:17:a6:08:
                    a8:a1:a3:89:13:3b:11:18:e3:62:a1:48:19:e9:8d:
                    c5:9f:03:d2:5e:eb:07:f8:ae:17:70:85:fd:74:a8:
                    53:69:3c:b7:64:48:2f:67:99:a6:26:08:5e:fb:36:
                    ea:64:bb:5d:b1:72:83:f5:64:67:2c:61:26:8c:ea:
                    80:62:cc:03:3a:5b:e7:6d:2c:38:08:90:95:40:c8:
                    1b:a8:a4:e7:d8:3d:87:83:85:ef:31:d7:6e:4f:da:
                    83:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E8:1D:47:73:F6:17:D7:C9:BF:41:66:B1:0E:8D:71:5F:79:7D:89
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/AOgdR3P2F9fJv0FmsQ6NcV95fYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:92:7f:0b:35:ca:86:66:2d:26:b2:b2:b5:b2:a1:98:4b:ff:
         d2:a8:09:9b:b4:2e:46:75:3f:14:18:90:fa:71:da:e2:e7:e5:
         18:24:d0:f9:21:14:99:42:02:a8:8b:51:ab:13:ab:80:f4:cd:
         92:61:c9:25:31:bd:48:7c:86:a9:44:ff:c3:c5:ad:d4:6f:77:
         1e:06:02:ed:d4:c4:83:9b:1f:5b:46:0c:a1:0f:2c:9f:e0:74:
         85:3a:8f:79:86:eb:2c:8f:ab:70:42:b5:4e:69:c2:37:d3:19:
         b7:c1:0b:28:17:23:87:8b:ed:61:4a:d8:59:a3:5a:27:c7:b7:
         67:8d:d8:f4:01:64:27:91:92:6d:e4:4c:a4:0d:5d:5c:65:ba:
         d8:41:c2:e9:ac:93:a6:eb:e1:4d:a1:73:28:e4:8a:89:c3:0c:
         bf:cb:68:ad:a3:da:00:11:08:1b:fe:2c:80:f6:d0:2f:9e:e5:
         11:2f:32:78:3b:7b:9d:5e:85:6b:f5:c2:64:1e:a3:59:2c:74:
         c6:f0:0a:17:c3:c5:28:8d:2d:c6:1d:a8:9d:42:23:ed:bf:d0:
         0f:6e:c9:e9:61:49:bb:fa:2d:20:7b:12:19:4d:66:8a:d8:b9:
         4a:d5:e9:ee:38:a1:67:05:2d:ca:9b:eb:39:36:24:45:db:aa:
         07:65:3e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+fLO0Ev1izelxOx9bBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjQwMTAyMDgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGU4MWQ0NzczZjYxN2Q3YzliZjQxNjZiMTBlOGQ3MTVmNzk3ZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotZ4fieSEaLquLHMCZVxcaeKoC7H
2Z2uKRtC7araxh0y9r1hGd3BZhtdrE7zZ3Ksyr9tIXjnw9FVS/hz/ZDpghJFc1wW
U/CI8D0edniZNJAFP/Zl/ln1ET66QDZp5tyJ/vDLlUQI24OQ+ayfPeZB6a8GbAIG
zpi3+NluoTWCtcl/Ve4cpm4vQ+ivIEHB6mWHMNtexxWe3tneLTFmO2WhKu8Xpgio
oaOJEzsRGONioUgZ6Y3FnwPSXusH+K4XcIX9dKhTaTy3ZEgvZ5mmJghe+zbqZLtd
sXKD9WRnLGEmjOqAYswDOlvnbSw4CJCVQMgbqKTn2D2Hg4XvMdduT9qDxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADoHUdz9hfXyb9BZrEOjXFfeX2JMB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvQU9nZFIzUDJGOWZKdjBGbXNRNk5jVjk1ZllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4DyMA0G
CSqGSIb3DQEBCwUAA4IBAQAukn8LNcqGZi0msrK1sqGYS//SqAmbtC5GdT8UGJD6
cdri5+UYJND5IRSZQgKoi1GrE6uA9M2SYcklMb1IfIapRP/Dxa3Ub3ceBgLt1MSD
mx9bRgyhDyyf4HSFOo95hussj6twQrVOacI30xm3wQsoFyOHi+1hSthZo1onx7dn
jdj0AWQnkZJt5EykDV1cZbrYQcLprJOm6+FNoXMo5IqJwwy/y2ito9oAEQgb/iyA
9tAvnuURLzJ4O3udXoVr9cJkHqNZLHTG8AoXw8UojS3GHaidQiPtv9APbsnpYUm7
+i0gexIZTWaK2LlK1enuOKFnBS3Km+s5NiRF26oHZT7+
-----END CERTIFICATE-----