Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/DKJzxVdxG4XR5l7FxXAAyx5I1Rk.roa
File:                     DKJzxVdxG4XR5l7FxXAAyx5I1Rk.roa (raw, json)
Hash identifier:          4ghl70yHJAoVjEKNWqwj051SvU2leduNg3iYVO+DazY=
Subject key identifier:   0C:A2:73:C5:57:71:1B:85:D1:E6:5E:C5:C5:70:00:CB:1E:48:D5:19
Certificate issuer:       /CN=34a2ea557b42a9fd3a80211506193c2b3389dc6f
Certificate serial:       018CC793F948F4995A5CF084AF964FECC698
Authority key identifier: 34:A2:EA:55:7B:42:A9:FD:3A:80:21:15:06:19:3C:2B:33:89:DC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/DKJzxVdxG4XR5l7FxXAAyx5I1Rk.roa
Signing time:             Tue 02 Jan 2024 00:30:12 +0000
ROA not before:           Tue 02 Jan 2024 00:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        31.193.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f9:48:f4:99:5a:5c:f0:84:af:96:4f:ec:c6:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34a2ea557b42a9fd3a80211506193c2b3389dc6f
        Validity
            Not Before: Jan  2 00:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ca273c557711b85d1e65ec5c57000cb1e48d519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:a3:84:39:7e:69:8c:e9:c9:eb:68:49:4c:
                    a8:c5:f7:c9:d7:25:3f:c2:d2:ba:a9:6a:1f:6e:a3:
                    4a:c0:cd:53:42:c1:eb:06:9f:60:9a:ab:8c:a9:ab:
                    7d:69:c2:85:57:46:29:06:68:91:c8:02:4a:8c:9a:
                    c8:24:6d:81:4c:ff:3a:d1:ac:26:6e:06:41:a2:82:
                    16:b8:55:4d:29:9b:2c:f9:91:21:13:53:1c:61:44:
                    c5:1a:89:69:87:6c:17:72:e7:f1:ea:8f:16:38:68:
                    9d:35:37:35:bd:5d:90:90:79:11:2e:c5:98:e4:33:
                    72:91:0c:75:35:b3:5f:50:a0:1c:ed:ef:36:bc:31:
                    2d:33:3e:46:6c:db:7d:fd:82:65:72:bc:9b:f5:6e:
                    0b:df:82:55:74:15:f8:02:ad:48:a7:71:7d:f0:45:
                    f5:db:42:4b:68:bd:81:de:b0:65:f3:65:8c:5e:01:
                    af:dd:bb:e5:24:f4:16:5c:c7:d9:7f:23:5a:97:8e:
                    40:14:e4:6a:07:0e:63:68:f7:4e:12:d2:f4:05:dc:
                    5f:af:e7:58:d5:c5:70:92:d4:46:34:66:6b:13:af:
                    c9:dd:b1:cb:e6:5e:1b:30:58:d6:0f:0c:a3:81:69:
                    e6:47:bd:50:ab:65:90:03:da:f7:9e:db:71:c7:d3:
                    db:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A2:73:C5:57:71:1B:85:D1:E6:5E:C5:C5:70:00:CB:1E:48:D5:19
            X509v3 Authority Key Identifier:
                keyid:34:A2:EA:55:7B:42:A9:FD:3A:80:21:15:06:19:3C:2B:33:89:DC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/DKJzxVdxG4XR5l7FxXAAyx5I1Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:30:8c:9e:cc:c2:cc:8a:82:97:cc:ba:97:86:f7:d6:82:e6:
         18:7f:da:89:f7:85:40:5f:80:a3:51:bb:1a:58:0b:a1:1d:1c:
         25:cd:3c:f1:b8:4d:c4:dc:c6:93:bb:e4:8b:12:c2:9b:5d:ae:
         57:65:27:fc:04:b2:03:7d:13:8f:5a:10:1f:06:4b:13:fa:d9:
         db:b9:9a:22:ee:50:7c:c7:b6:98:98:1e:e9:e7:1a:4c:da:08:
         c0:a1:14:df:43:e3:fb:c8:2b:cb:a4:5e:d5:e4:88:ae:63:5a:
         a8:a7:7e:56:34:6c:36:55:c9:15:0b:c7:2c:5f:74:0b:73:ed:
         4b:6f:e5:85:4c:c3:b3:65:ae:0e:af:af:9a:51:4b:f0:c7:d4:
         55:84:60:a6:78:4d:1f:a7:7d:7e:a8:72:8d:8f:05:d1:50:3d:
         e1:fa:51:b8:a9:af:de:75:0b:1d:07:72:26:fc:7a:63:eb:ba:
         85:f7:13:a7:45:10:fd:7e:48:7b:e4:37:c1:4d:77:70:5b:29:
         73:60:34:d8:66:da:14:c6:62:e3:8e:bb:4b:8c:f6:82:9d:f6:
         06:09:29:cf:22:4a:80:d2:ca:61:99:03:f0:17:f5:71:11:0a:
         57:16:ac:d3:fa:d2:ce:10:07:c0:b9:03:19:c5:12:df:3c:50:
         c2:b1:e1:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/lI9JlaXPCEr5ZP7MaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YTJlYTU1N2I0MmE5ZmQzYTgwMjExNTA2MTkzYzJiMzM4
OWRjNmYwHhcNMjQwMTAyMDAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2EyNzNjNTU3NzExYjg1ZDFlNjVlYzVjNTcwMDBjYjFlNDhkNTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsqjhDl+aYzpyetoSUyoxffJ1yU/
wtK6qWofbqNKwM1TQsHrBp9gmquMqat9acKFV0YpBmiRyAJKjJrIJG2BTP860awm
bgZBooIWuFVNKZss+ZEhE1McYUTFGolph2wXcufx6o8WOGidNTc1vV2QkHkRLsWY
5DNykQx1NbNfUKAc7e82vDEtMz5GbNt9/YJlcryb9W4L34JVdBX4Aq1Ip3F98EX1
20JLaL2B3rBl82WMXgGv3bvlJPQWXMfZfyNal45AFORqBw5jaPdOEtL0Bdxfr+dY
1cVwktRGNGZrE6/J3bHL5l4bMFjWDwyjgWnmR71Qq2WQA9r3nttxx9PbTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyic8VXcRuF0eZexcVwAMseSNUZMB8GA1UdIwQY
MBaAFDSi6lV7Qqn9OoAhFQYZPCszidxvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTktMcVZYdENxZjA2Z0NFVkJoazhLek9KM0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zMTMxNWMtODFhNC00OTY5LTg1NzEt
ZDc2MzQ2YTdhZGM2LzEvREtKenhWZHhHNFhSNWw3RnhYQUF5eDVJMVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zMTMxNWMtODFhNC00OTY5LTg1NzEtZDc2MzQ2YTdhZGM2
LzEvTktMcVZYdENxZjA2Z0NFVkJoazhLek9KM0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G/MA0G
CSqGSIb3DQEBCwUAA4IBAQCJMIyezMLMioKXzLqXhvfWguYYf9qJ94VAX4CjUbsa
WAuhHRwlzTzxuE3E3MaTu+SLEsKbXa5XZSf8BLIDfROPWhAfBksT+tnbuZoi7lB8
x7aYmB7p5xpM2gjAoRTfQ+P7yCvLpF7V5IiuY1qop35WNGw2VckVC8csX3QLc+1L
b+WFTMOzZa4Or6+aUUvwx9RVhGCmeE0fp31+qHKNjwXRUD3h+lG4qa/edQsdB3Im
/Hpj67qF9xOnRRD9fkh75DfBTXdwWylzYDTYZtoUxmLjjrtLjPaCnfYGCSnPIkqA
0sphmQPwF/VxEQpXFqzT+tLOEAfAuQMZxRLfPFDCseEF
-----END CERTIFICATE-----