Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/2A1M9twGPD1-4PIkttPdprW7aBM.roa
File:                     2A1M9twGPD1-4PIkttPdprW7aBM.roa (raw, json)
Hash identifier:          pfzZjAP4oOXZVW16atseLgUkhdLMr4uAWy0Rj7f1Rr0=
Subject key identifier:   D8:0D:4C:F6:DC:06:3C:3D:7E:E0:F2:24:B6:D3:DD:A6:B5:BB:68:13
Certificate issuer:       /CN=1dbd8981d70d1c4e1c4f0538bd04f7011fadc3b9
Certificate serial:       018CC5DC00662C7E284A09F215A0E75C60DA
Authority key identifier: 1D:BD:89:81:D7:0D:1C:4E:1C:4F:05:38:BD:04:F7:01:1F:AD:C3:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/2A1M9twGPD1-4PIkttPdprW7aBM.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        194.31.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:00:66:2c:7e:28:4a:09:f2:15:a0:e7:5c:60:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dbd8981d70d1c4e1c4f0538bd04f7011fadc3b9
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d80d4cf6dc063c3d7ee0f224b6d3dda6b5bb6813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b2:24:cf:83:7d:76:65:2c:eb:f0:fc:01:ea:
                    c6:a3:6d:f3:47:f6:4d:c8:c0:01:d7:87:55:cf:eb:
                    32:03:f8:3e:6c:1b:2a:53:b7:47:ab:43:62:95:c4:
                    90:47:29:2f:7c:0e:9d:ba:c5:4e:bd:be:0e:57:15:
                    88:f7:46:d2:d4:f6:ea:de:32:6e:99:27:86:aa:dc:
                    c0:28:f9:ea:16:e8:27:65:d2:17:81:dd:c3:18:e3:
                    f1:e9:07:43:21:2f:98:ef:b3:51:11:ad:fc:b6:f3:
                    82:94:ea:81:f5:70:70:4f:38:87:c1:8f:bc:bf:e4:
                    43:18:0f:15:9d:93:7d:6b:63:b1:50:d3:66:8d:ec:
                    02:59:58:3c:c4:d1:af:17:a0:2d:96:87:f2:b3:ed:
                    0d:00:bd:be:66:e7:46:c6:52:38:52:1c:5d:e2:e7:
                    6c:7c:de:cd:6d:75:4d:81:ba:46:97:38:6e:97:c6:
                    e4:cf:6c:a6:0f:ea:f4:ab:71:d1:fd:e4:bc:36:3a:
                    63:e5:45:25:b1:50:27:9f:00:5f:da:23:a6:c0:ac:
                    df:d0:9b:d3:b7:a4:f8:16:a6:aa:ff:08:68:8a:e0:
                    9d:af:c0:55:ca:bf:4f:6a:61:4c:67:18:8d:0c:ca:
                    1d:22:4b:1c:24:60:fb:e0:10:f6:6b:18:0c:5e:9d:
                    e4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:0D:4C:F6:DC:06:3C:3D:7E:E0:F2:24:B6:D3:DD:A6:B5:BB:68:13
            X509v3 Authority Key Identifier:
                keyid:1D:BD:89:81:D7:0D:1C:4E:1C:4F:05:38:BD:04:F7:01:1F:AD:C3:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/2A1M9twGPD1-4PIkttPdprW7aBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ef25e5-fc90-427b-a849-3a158d1722dc/1/Hb2JgdcNHE4cTwU4vQT3AR-tw7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:16:af:23:99:0c:95:22:dd:3d:d5:da:b7:43:0b:ba:df:64:
         80:7c:1e:f3:96:4b:33:79:57:9b:52:a1:c3:c7:d9:de:86:9f:
         e5:9e:2b:c5:bc:7d:6b:9a:b7:eb:f5:fe:79:6e:3c:35:e4:c6:
         59:c2:e0:88:77:66:b6:66:3f:d7:44:97:8f:8b:cb:44:1f:80:
         ee:b3:2a:b6:94:b9:7b:d0:04:5f:c7:e1:46:d9:37:f1:34:0f:
         b9:cc:7d:ca:22:6c:bb:2c:ab:5a:2b:86:14:55:62:f0:bc:15:
         65:66:b5:1f:51:c7:01:d7:cb:7d:17:b1:7c:5e:69:58:b5:33:
         61:64:90:70:f5:07:61:b6:6d:c1:87:ff:b5:e6:b7:c7:6c:b8:
         8c:b4:12:90:e4:67:28:c4:84:f1:f5:c8:0c:35:d9:8c:31:fc:
         7d:2c:49:b1:a8:89:54:cf:f7:75:37:91:2f:13:9b:d6:63:ae:
         17:52:54:d7:f7:06:e5:96:0b:36:3d:6c:bd:02:20:84:09:c9:
         04:25:28:3a:52:d3:ed:6b:a9:d1:0b:57:e4:0a:cb:b6:7d:45:
         37:cc:1d:7c:24:41:64:31:c8:01:4c:1c:a3:26:a4:8e:73:1f:
         fa:46:da:7d:f3:61:a1:fc:4e:20:15:31:7d:bf:24:79:46:bb:
         d7:e0:45:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ABmLH4oSgnyFaDnXGDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYmQ4OTgxZDcwZDFjNGUxYzRmMDUzOGJkMDRmNzAxMWZh
ZGMzYjkwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODBkNGNmNmRjMDYzYzNkN2VlMGYyMjRiNmQzZGRhNmI1YmI2ODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7Ikz4N9dmUs6/D8AerGo23zR/ZN
yMAB14dVz+syA/g+bBsqU7dHq0NilcSQRykvfA6dusVOvb4OVxWI90bS1Pbq3jJu
mSeGqtzAKPnqFugnZdIXgd3DGOPx6QdDIS+Y77NREa38tvOClOqB9XBwTziHwY+8
v+RDGA8VnZN9a2OxUNNmjewCWVg8xNGvF6Atlofys+0NAL2+ZudGxlI4Uhxd4uds
fN7NbXVNgbpGlzhul8bkz2ymD+r0q3HR/eS8Njpj5UUlsVAnnwBf2iOmwKzf0JvT
t6T4Fqaq/whoiuCdr8BVyr9PamFMZxiNDModIkscJGD74BD2axgMXp3krQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgNTPbcBjw9fuDyJLbT3aa1u2gTMB8GA1UdIwQY
MBaAFB29iYHXDRxOHE8FOL0E9wEfrcO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGIySmdkY05IRTRjVHdVNHZRVDNBUi10dzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lZjI1ZTUtZmM5MC00MjdiLWE4NDkt
M2ExNThkMTcyMmRjLzEvMkExTTl0d0dQRDEtNFBJa3R0UGRwclc3YUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lZjI1ZTUtZmM5MC00MjdiLWE4NDktM2ExNThkMTcyMmRj
LzEvSGIySmdkY05IRTRjVHdVNHZRVDNBUi10dzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9tMA0G
CSqGSIb3DQEBCwUAA4IBAQCzFq8jmQyVIt091dq3Qwu632SAfB7zlkszeVebUqHD
x9nehp/lnivFvH1rmrfr9f55bjw15MZZwuCId2a2Zj/XRJePi8tEH4Dusyq2lLl7
0ARfx+FG2TfxNA+5zH3KImy7LKtaK4YUVWLwvBVlZrUfUccB18t9F7F8XmlYtTNh
ZJBw9Qdhtm3Bh/+15rfHbLiMtBKQ5GcoxITx9cgMNdmMMfx9LEmxqIlUz/d1N5Ev
E5vWY64XUlTX9wbllgs2PWy9AiCECckEJSg6UtPta6nRC1fkCsu2fUU3zB18JEFk
McgBTByjJqSOcx/6Rtp982Gh/E4gFTF9vyR5RrvX4EXF
-----END CERTIFICATE-----