Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/_eOkdTh5AZb_4-tj0jYibkxj6xI.roa
File:                     _eOkdTh5AZb_4-tj0jYibkxj6xI.roa (raw, json)
Hash identifier:          j7JG/NKL/ofOkXGMCJPyR/L24k8qbMqX+dxFy1+5eto=
Subject key identifier:   FD:E3:A4:75:38:79:01:96:FF:E3:EB:63:D2:36:22:6E:4C:63:EB:12
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B52B464F2A73C68C3BE86B2AA3BA2
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/_eOkdTh5AZb_4-tj0jYibkxj6xI.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62416
IP address blocks:        31.7.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:52:b4:64:f2:a7:3c:68:c3:be:86:b2:aa:3b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde3a47538790196ffe3eb63d236226e4c63eb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:94:c6:50:db:b3:69:d9:42:ef:9c:61:a4:c0:
                    c8:6f:4b:e1:4b:5a:f7:7d:e0:ff:5c:38:05:a8:b1:
                    21:78:a4:63:3f:42:ff:21:56:75:5a:a6:45:5f:a6:
                    8b:2a:3a:49:ab:5f:48:0c:d8:21:6a:ba:fa:df:99:
                    10:fd:a6:66:e2:d2:56:a4:a1:25:9b:b5:0e:32:08:
                    ea:a5:d0:a1:2f:a6:53:33:1d:30:5b:b7:d0:5f:38:
                    c4:4d:8c:e3:ac:49:7b:d2:8c:a8:40:e3:24:0c:84:
                    d1:54:f6:c9:c7:ea:17:39:33:b7:60:82:78:2f:16:
                    ea:a0:67:0a:e8:20:93:e2:7d:bd:57:07:ab:80:5a:
                    11:6d:50:8f:98:0d:af:65:07:3b:00:f7:15:93:32:
                    91:ca:5c:31:6b:5c:9d:23:4f:1a:7d:fd:95:83:d3:
                    74:76:99:a3:f3:d6:2a:e6:02:3a:24:96:02:e2:85:
                    11:50:46:55:73:c4:c6:e9:80:16:2b:8b:73:b0:7e:
                    8c:7e:8a:06:7d:07:5a:9a:6b:1d:16:56:37:eb:60:
                    6d:35:a2:e0:df:24:fc:97:6a:99:b4:62:20:39:6d:
                    eb:0e:a5:d1:53:22:c5:4a:10:a0:2b:0a:7b:d6:d4:
                    05:fb:9d:eb:95:cd:62:1e:9a:fa:36:6e:20:91:96:
                    31:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E3:A4:75:38:79:01:96:FF:E3:EB:63:D2:36:22:6E:4C:63:EB:12
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/_eOkdTh5AZb_4-tj0jYibkxj6xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:55:09:c3:7b:7c:7d:32:b0:c3:50:eb:8d:bd:b6:da:1e:26:
         74:63:27:6d:32:6c:61:ee:49:77:84:df:f1:75:e6:19:b0:86:
         70:59:00:2b:50:2d:d7:bc:a5:7f:5f:bd:cd:24:54:ad:b6:1e:
         b4:23:91:f4:22:bf:b2:57:2d:22:15:77:ec:d6:6b:56:26:6d:
         3b:9c:43:17:9c:88:93:18:83:9c:c0:6a:78:40:b5:ca:7b:93:
         ee:a4:65:9d:61:aa:5c:f7:ec:7d:ed:fd:74:c2:f0:f8:ee:ff:
         9d:e4:30:66:b8:89:61:c0:cd:8c:1d:4c:db:3b:14:90:19:60:
         62:60:9b:e6:04:29:19:50:68:f9:c6:c6:2c:bd:f3:96:25:2f:
         55:1d:96:0c:cb:70:bc:cd:c9:4b:4e:72:f8:a3:71:6a:49:b3:
         bf:f1:79:15:98:0b:4b:ca:7e:25:c6:b4:98:4b:17:39:27:c6:
         7c:c3:2c:f6:b1:6e:d8:ee:af:c9:a4:00:f3:62:2f:d7:f8:c7:
         bd:6c:00:38:42:ca:53:ee:a6:96:46:05:84:1c:56:75:f0:43:
         a2:00:7d:6e:0c:17:a6:69:28:d8:ef:08:df:dd:6e:ab:6b:79:
         fa:8f:91:fa:b0:65:82:3a:32:59:e8:bd:fd:8d:d8:e7:60:6e:
         ef:29:35:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1K0ZPKnPGjDvoayqjuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGUzYTQ3NTM4NzkwMTk2ZmZlM2ViNjNkMjM2MjI2ZTRjNjNlYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJTGUNuzadlC75xhpMDIb0vhS1r3
feD/XDgFqLEheKRjP0L/IVZ1WqZFX6aLKjpJq19IDNgharr635kQ/aZm4tJWpKEl
m7UOMgjqpdChL6ZTMx0wW7fQXzjETYzjrEl70oyoQOMkDITRVPbJx+oXOTO3YIJ4
LxbqoGcK6CCT4n29VwergFoRbVCPmA2vZQc7APcVkzKRylwxa1ydI08aff2Vg9N0
dpmj89Yq5gI6JJYC4oURUEZVc8TG6YAWK4tzsH6MfooGfQdammsdFlY362BtNaLg
3yT8l2qZtGIgOW3rDqXRUyLFShCgKwp71tQF+53rlc1iHpr6Nm4gkZYxXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3jpHU4eQGW/+PrY9I2Im5MY+sSMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvX2VPa2RUaDVBWmJfNC10ajBqWWlia3hqNnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHwdKMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVQnDe3x9MrDDUOuNvbbaHiZ0YydtMmxh7kl3hN/x
deYZsIZwWQArUC3XvKV/X73NJFStth60I5H0Ir+yVy0iFXfs1mtWJm07nEMXnIiT
GIOcwGp4QLXKe5PupGWdYapc9+x97f10wvD47v+d5DBmuIlhwM2MHUzbOxSQGWBi
YJvmBCkZUGj5xsYsvfOWJS9VHZYMy3C8zclLTnL4o3FqSbO/8XkVmAtLyn4lxrSY
Sxc5J8Z8wyz2sW7Y7q/JpADzYi/X+Me9bAA4QspT7qaWRgWEHFZ18EOiAH1uDBem
aSjY7wjf3W6ra3n6j5H6sGWCOjJZ6L39jdjnYG7vKTW6
-----END CERTIFICATE-----