Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/wA28Vi9Z-XSkygCJG5hHA7-hEeU.roa
File:                     wA28Vi9Z-XSkygCJG5hHA7-hEeU.roa (raw, json)
Hash identifier:          IrfBxSwmgxPQtqU+H/YFBoeRPTUF0J2YPOIkCnJInrI=
Subject key identifier:   C0:0D:BC:56:2F:59:F9:74:A4:CA:00:89:1B:98:47:03:BF:A1:11:E5
Certificate issuer:       /CN=19da8fa2a19630873ed48b06af65ce17d1507566
Certificate serial:       018CC56E12166264F187125DF0FB2FD2880D
Authority key identifier: 19:DA:8F:A2:A1:96:30:87:3E:D4:8B:06:AF:65:CE:17:D1:50:75:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GdqPoqGWMIc-1IsGr2XOF9FQdWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/wA28Vi9Z-XSkygCJG5hHA7-hEeU.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212560
IP address blocks:        31.193.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/GdqPoqGWMIc-1IsGr2XOF9FQdWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/GdqPoqGWMIc-1IsGr2XOF9FQdWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GdqPoqGWMIc-1IsGr2XOF9FQdWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:12:16:62:64:f1:87:12:5d:f0:fb:2f:d2:88:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19da8fa2a19630873ed48b06af65ce17d1507566
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c00dbc562f59f974a4ca00891b984703bfa111e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c9:2a:04:97:a8:4d:50:24:b7:a2:05:90:80:
                    2d:27:ae:77:39:66:6f:c0:be:30:6a:9b:3a:e1:36:
                    0b:04:84:c8:a0:52:05:64:5e:e5:82:05:be:6e:76:
                    df:12:e7:2b:11:71:ec:3e:91:86:65:70:c1:88:20:
                    b5:98:3c:a5:b0:cd:e4:a3:93:c0:63:58:f9:2c:60:
                    3d:47:8e:e9:a0:0b:71:48:19:b5:3a:11:2b:7e:62:
                    36:3a:eb:e5:d8:78:d7:46:0a:b9:ba:a7:4e:71:89:
                    48:0c:53:ef:a8:53:50:e7:1e:cb:76:ca:24:f3:02:
                    03:b0:b3:0a:76:e1:15:5e:89:02:b4:aa:07:c4:b9:
                    87:7f:33:cd:e6:fc:e1:dc:a6:ed:69:6f:52:e4:7d:
                    dc:30:ae:d7:cc:23:6c:8d:92:3a:6b:0a:59:d0:15:
                    d1:e0:51:34:c1:12:38:17:b2:d0:06:a2:26:03:76:
                    59:08:b9:30:bd:12:a1:fb:fc:80:1b:f0:87:a7:f1:
                    6c:49:e8:46:fc:47:61:d2:d1:01:4a:e4:60:67:76:
                    7f:0a:99:66:67:16:c1:9d:e6:bf:f8:d2:6a:dc:4d:
                    41:3d:b0:56:cd:d2:11:4a:53:e7:4a:2f:77:3a:24:
                    ff:9b:84:20:63:51:5d:f9:d6:ba:a3:a2:02:7a:1f:
                    a4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:0D:BC:56:2F:59:F9:74:A4:CA:00:89:1B:98:47:03:BF:A1:11:E5
            X509v3 Authority Key Identifier:
                keyid:19:DA:8F:A2:A1:96:30:87:3E:D4:8B:06:AF:65:CE:17:D1:50:75:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GdqPoqGWMIc-1IsGr2XOF9FQdWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/wA28Vi9Z-XSkygCJG5hHA7-hEeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4f220c-5f6e-467e-a26c-9843cd23fb04/1/GdqPoqGWMIc-1IsGr2XOF9FQdWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:44:ea:0c:d6:03:f6:cf:56:8f:6b:f8:32:dc:e6:d4:be:ae:
         4e:d9:71:02:18:ef:7d:40:b4:63:b2:02:42:13:18:47:bb:af:
         3b:81:c3:44:a0:59:05:e9:6f:5a:01:19:dd:7e:09:69:a7:16:
         53:59:ee:85:2e:14:ba:7e:22:cb:29:40:0b:fa:35:c7:2b:42:
         31:63:4f:49:e3:a3:31:dd:20:37:51:d8:ff:ce:58:01:26:b3:
         d9:bd:4b:71:4c:4a:4d:41:3c:8a:b7:99:fc:4d:70:54:c7:38:
         a4:4d:f1:ae:1a:67:b9:39:bc:b9:e4:3d:1c:76:1b:78:4a:70:
         73:0b:9b:a3:ec:d1:d5:79:cd:89:8b:e7:a4:17:bd:42:79:c8:
         05:60:65:c8:60:1c:7e:88:04:5b:3f:c6:0a:46:c3:3e:cf:eb:
         d3:99:96:7b:d8:fd:27:da:ec:fb:fb:ad:86:d5:1e:f0:66:e8:
         17:ad:03:30:69:1c:d9:ca:81:60:22:4f:c2:3d:8d:78:8d:77:
         10:a9:bd:ca:43:7b:e1:75:37:87:82:ad:68:eb:07:63:1a:68:
         ee:e8:64:4a:d6:a5:c9:d2:5b:8e:49:cb:0c:d4:b3:ee:07:b8:
         20:51:93:87:d4:2a:f4:30:10:af:8c:4e:94:e0:fd:76:cb:8a:
         d2:ba:a0:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhIWYmTxhxJd8Psv0ogNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZGE4ZmEyYTE5NjMwODczZWQ0OGIwNmFmNjVjZTE3ZDE1
MDc1NjYwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBkYmM1NjJmNTlmOTc0YTRjYTAwODkxYjk4NDcwM2JmYTExMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsskqBJeoTVAkt6IFkIAtJ653OWZv
wL4waps64TYLBITIoFIFZF7lggW+bnbfEucrEXHsPpGGZXDBiCC1mDylsM3ko5PA
Y1j5LGA9R47poAtxSBm1OhErfmI2Ouvl2HjXRgq5uqdOcYlIDFPvqFNQ5x7Ldsok
8wIDsLMKduEVXokCtKoHxLmHfzPN5vzh3KbtaW9S5H3cMK7XzCNsjZI6awpZ0BXR
4FE0wRI4F7LQBqImA3ZZCLkwvRKh+/yAG/CHp/FsSehG/Edh0tEBSuRgZ3Z/Cplm
ZxbBnea/+NJq3E1BPbBWzdIRSlPnSi93OiT/m4QgY1Fd+da6o6ICeh+kCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMANvFYvWfl0pMoAiRuYRwO/oRHlMB8GA1UdIwQY
MBaAFBnaj6KhljCHPtSLBq9lzhfRUHVmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2RxUG9xR1dNSWMtMUlzR3IyWE9GOUZRZFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80ZjIyMGMtNWY2ZS00NjdlLWEyNmMt
OTg0M2NkMjNmYjA0LzEvd0EyOFZpOVotWFNreWdDSkc1aEhBNy1oRWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80ZjIyMGMtNWY2ZS00NjdlLWEyNmMtOTg0M2NkMjNmYjA0
LzEvR2RxUG9xR1dNSWMtMUlzR3IyWE9GOUZRZFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G4MA0G
CSqGSIb3DQEBCwUAA4IBAQBaROoM1gP2z1aPa/gy3ObUvq5O2XECGO99QLRjsgJC
ExhHu687gcNEoFkF6W9aARndfglppxZTWe6FLhS6fiLLKUAL+jXHK0IxY09J46Mx
3SA3Udj/zlgBJrPZvUtxTEpNQTyKt5n8TXBUxzikTfGuGme5Oby55D0cdht4SnBz
C5uj7NHVec2Ji+ekF71CecgFYGXIYBx+iARbP8YKRsM+z+vTmZZ72P0n2uz7+62G
1R7wZugXrQMwaRzZyoFgIk/CPY14jXcQqb3KQ3vhdTeHgq1o6wdjGmju6GRK1qXJ
0luOScsM1LPuB7ggUZOH1Cr0MBCvjE6U4P12y4rSuqDU
-----END CERTIFICATE-----