Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/KWKUox9sOQ5-9_8WM4SyrLb8sqc.roa
File:                     KWKUox9sOQ5-9_8WM4SyrLb8sqc.roa (raw, json)
Hash identifier:          KX63hO3B5GE4PurZk/chalvF9oo17eptTPmHSE8hLLE=
Subject key identifier:   29:62:94:A3:1F:6C:39:0E:7E:F7:FF:16:33:84:B2:AC:B6:FC:B2:A7
Certificate issuer:       /CN=34a2ea557b42a9fd3a80211506193c2b3389dc6f
Certificate serial:       018CC793F99D07C027EED9EB65379FAB6FE7
Authority key identifier: 34:A2:EA:55:7B:42:A9:FD:3A:80:21:15:06:19:3C:2B:33:89:DC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/KWKUox9sOQ5-9_8WM4SyrLb8sqc.roa
Signing time:             Tue 02 Jan 2024 00:30:12 +0000
ROA not before:           Tue 02 Jan 2024 00:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        31.193.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f9:9d:07:c0:27:ee:d9:eb:65:37:9f:ab:6f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34a2ea557b42a9fd3a80211506193c2b3389dc6f
        Validity
            Not Before: Jan  2 00:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296294a31f6c390e7ef7ff163384b2acb6fcb2a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:6e:f6:b5:de:e8:d0:25:0c:2f:16:bf:74:
                    7f:df:7b:be:a3:79:bd:5b:a9:99:69:1d:a3:27:3d:
                    c2:3d:2c:c2:05:9d:b7:a4:04:98:80:ad:82:62:34:
                    de:df:73:37:1c:8a:97:6e:95:b7:16:c5:c8:b7:e5:
                    07:e4:f3:94:bc:23:a0:ca:e7:bf:a0:62:c4:f0:cd:
                    8d:71:68:55:17:82:bb:1c:dd:54:6a:00:f2:3a:c9:
                    a0:6a:ba:05:78:17:27:7b:a3:70:34:9e:bb:cc:24:
                    4a:2f:50:79:6c:41:aa:b4:69:b1:9b:b4:5d:f9:6f:
                    ef:d0:3c:35:99:67:f3:20:a7:30:63:6f:75:f0:16:
                    56:fd:22:c6:1a:0d:31:be:da:e3:80:7c:c8:73:b1:
                    c8:cd:dc:cc:ec:b2:7c:10:60:2f:1b:4b:f5:69:63:
                    35:47:43:79:ba:ce:24:28:60:28:f6:ad:16:8b:21:
                    2e:6b:cd:76:3d:5f:51:a7:15:f1:aa:f6:d9:92:79:
                    73:89:18:a5:26:65:97:dd:d3:9f:c3:28:b4:f6:17:
                    85:01:92:99:3b:5f:fa:21:2b:87:a5:6a:5a:5e:71:
                    16:5b:fd:12:ab:58:45:11:93:02:1c:39:e9:5a:1e:
                    8e:f4:92:b6:82:1d:46:f8:d4:c0:b3:2c:7a:bf:c5:
                    2e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:62:94:A3:1F:6C:39:0E:7E:F7:FF:16:33:84:B2:AC:B6:FC:B2:A7
            X509v3 Authority Key Identifier:
                keyid:34:A2:EA:55:7B:42:A9:FD:3A:80:21:15:06:19:3C:2B:33:89:DC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NKLqVXtCqf06gCEVBhk8KzOJ3G8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/KWKUox9sOQ5-9_8WM4SyrLb8sqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31315c-81a4-4969-8571-d76346a7adc6/1/NKLqVXtCqf06gCEVBhk8KzOJ3G8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c7:d6:8c:bd:58:20:5e:07:f1:bf:2c:2f:94:cd:64:98:9b:
         56:c2:c5:b6:a3:e2:50:97:2e:6f:42:9d:36:8e:c6:09:9f:95:
         f5:60:f3:a6:35:63:ce:5b:76:ad:e9:06:fb:2a:62:a4:ce:a1:
         ef:f2:d6:e3:47:ec:69:14:1c:00:95:43:d5:2d:9e:1d:25:6e:
         d8:38:49:99:9e:6f:47:6f:92:16:42:c7:56:03:aa:f5:25:95:
         bd:bc:ea:92:fc:6e:ea:56:52:98:71:16:fa:ff:9f:ea:0e:7a:
         e1:ea:f4:3c:f3:b2:3f:76:76:c0:c6:92:a5:ba:66:73:c5:20:
         67:0f:9c:0c:3e:a9:27:2a:a9:c5:73:77:96:85:32:27:04:96:
         1c:29:ff:27:a6:99:ca:ee:f3:e6:51:82:4a:79:1e:3e:b4:6d:
         e1:0a:45:69:52:e7:44:ea:d3:67:0f:2d:5f:a5:c5:a0:72:ef:
         42:2c:9a:fb:a3:69:88:8d:22:a5:b8:51:c4:2f:1f:0e:4f:2a:
         b5:f2:f4:7e:7b:47:98:a3:7c:c7:fc:53:bd:0b:78:42:5b:6a:
         54:7e:f6:b4:a7:47:e7:44:ae:b6:3a:f4:12:0f:ec:f6:d5:66:
         6e:bb:03:bd:89:1a:5d:2a:41:da:06:9a:82:16:d5:db:dd:60:
         09:a8:e3:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/mdB8An7tnrZTefq2/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YTJlYTU1N2I0MmE5ZmQzYTgwMjExNTA2MTkzYzJiMzM4
OWRjNmYwHhcNMjQwMTAyMDAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYyOTRhMzFmNmMzOTBlN2VmN2ZmMTYzMzg0YjJhY2I2ZmNiMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnENu9rXe6NAlDC8Wv3R/33u+o3m9
W6mZaR2jJz3CPSzCBZ23pASYgK2CYjTe33M3HIqXbpW3FsXIt+UH5POUvCOgyue/
oGLE8M2NcWhVF4K7HN1UagDyOsmgaroFeBcne6NwNJ67zCRKL1B5bEGqtGmxm7Rd
+W/v0Dw1mWfzIKcwY2918BZW/SLGGg0xvtrjgHzIc7HIzdzM7LJ8EGAvG0v1aWM1
R0N5us4kKGAo9q0WiyEua812PV9RpxXxqvbZknlziRilJmWX3dOfwyi09heFAZKZ
O1/6ISuHpWpaXnEWW/0Sq1hFEZMCHDnpWh6O9JK2gh1G+NTAsyx6v8Uu4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClilKMfbDkOfvf/FjOEsqy2/LKnMB8GA1UdIwQY
MBaAFDSi6lV7Qqn9OoAhFQYZPCszidxvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTktMcVZYdENxZjA2Z0NFVkJoazhLek9KM0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zMTMxNWMtODFhNC00OTY5LTg1NzEt
ZDc2MzQ2YTdhZGM2LzEvS1dLVW94OXNPUTUtOV84V000U3lyTGI4c3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zMTMxNWMtODFhNC00OTY5LTg1NzEtZDc2MzQ2YTdhZGM2
LzEvTktMcVZYdENxZjA2Z0NFVkJoazhLek9KM0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G/MA0G
CSqGSIb3DQEBCwUAA4IBAQA1x9aMvVggXgfxvywvlM1kmJtWwsW2o+JQly5vQp02
jsYJn5X1YPOmNWPOW3at6Qb7KmKkzqHv8tbjR+xpFBwAlUPVLZ4dJW7YOEmZnm9H
b5IWQsdWA6r1JZW9vOqS/G7qVlKYcRb6/5/qDnrh6vQ887I/dnbAxpKlumZzxSBn
D5wMPqknKqnFc3eWhTInBJYcKf8nppnK7vPmUYJKeR4+tG3hCkVpUudE6tNnDy1f
pcWgcu9CLJr7o2mIjSKluFHELx8OTyq18vR+e0eYo3zH/FO9C3hCW2pUfva0p0fn
RK62OvQSD+z21WZuuwO9iRpdKkHaBpqCFtXb3WAJqONS
-----END CERTIFICATE-----