Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/rAEwzbDeabIwAl_0o9I5pV2p3gY.roa
File:                     rAEwzbDeabIwAl_0o9I5pV2p3gY.roa (raw, json)
Hash identifier:          SwHzGigoMnrXH3tS8tZKql5tagaBzvPXk5oyiOZAhcM=
Subject key identifier:   AC:01:30:CD:B0:DE:69:B2:30:02:5F:F4:A3:D2:39:A5:5D:A9:DE:06
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       01942445A58D5F2DDF6E35F9AC3E38976472
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/rAEwzbDeabIwAl_0o9I5pV2p3gY.roa
Signing time:             Wed 01 Jan 2025 23:48:51 +0000
ROA not before:           Wed 01 Jan 2025 23:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212560
IP address blocks:        31.193.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a5:8d:5f:2d:df:6e:35:f9:ac:3e:38:97:64:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac0130cdb0de69b230025ff4a3d239a55da9de06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:91:5a:56:2f:f7:92:52:51:18:a1:db:eb:7d:
                    b0:e1:fb:e0:9b:62:d5:7f:3e:1f:8e:71:d8:33:ee:
                    b3:7e:0b:c4:65:43:c0:15:7d:7c:86:2a:65:df:2f:
                    24:5e:0c:4e:93:27:39:df:81:c8:f9:c2:10:7a:d0:
                    89:fd:9a:8e:17:56:57:f7:a6:fc:47:55:63:3f:c8:
                    e3:ac:ba:80:8e:67:a1:14:40:d3:39:48:86:73:98:
                    16:ec:88:c7:6e:66:5e:09:d5:42:95:cd:fd:2f:44:
                    6d:1c:47:dd:bf:7b:50:87:9c:f8:25:aa:1e:3c:65:
                    05:f9:b5:e3:84:33:00:72:ae:44:87:67:b2:ba:c5:
                    e0:66:97:39:c7:4d:fe:db:ad:9b:09:2c:c4:b4:d1:
                    f9:8d:ef:fb:62:2f:40:32:b7:30:33:49:ec:f4:65:
                    35:88:e7:99:7a:77:5f:18:3c:13:67:ff:2a:3b:a1:
                    c4:05:2a:8c:32:52:8c:cd:68:38:6e:a8:ce:48:bd:
                    c6:b8:78:3a:0e:62:2f:50:41:7e:c0:f3:73:e6:73:
                    f7:22:db:a7:70:21:45:d1:2d:5f:99:1a:28:c3:51:
                    25:e2:8d:2c:fe:0a:fb:05:b3:ec:44:f2:cd:fe:39:
                    51:97:bb:7b:4a:cb:f8:12:bc:77:d9:bc:d8:4b:cc:
                    b5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:01:30:CD:B0:DE:69:B2:30:02:5F:F4:A3:D2:39:A5:5D:A9:DE:06
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/rAEwzbDeabIwAl_0o9I5pV2p3gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:75:30:25:68:59:58:71:33:39:dc:3f:35:15:ff:c6:a5:c8:
         57:3b:69:8e:4e:ec:1d:29:cf:6e:49:06:35:c8:ec:c8:35:b6:
         70:d9:19:50:67:dd:89:95:13:52:10:cb:f8:25:fb:cd:42:99:
         fd:fa:8c:87:81:98:50:b2:92:36:57:de:90:b8:a2:0c:0c:f7:
         7c:87:94:56:dc:d5:9a:32:78:c8:e8:1f:51:53:7c:5e:a3:c9:
         79:6c:20:75:08:ed:4b:de:aa:8c:74:40:4d:db:37:47:6e:99:
         ae:08:94:be:10:e1:12:30:36:68:14:ca:08:9b:ad:25:29:b7:
         ba:61:a2:a5:0e:b2:a4:d2:59:53:38:09:22:e4:47:35:9d:dc:
         03:d4:cc:a4:33:5b:de:55:a7:a5:4f:af:92:76:08:ff:38:aa:
         b5:98:2b:62:38:e5:82:b5:7d:e0:11:b2:f7:3b:d4:63:33:72:
         8d:5e:b1:0b:dc:71:28:d1:25:59:1b:98:a3:44:29:f6:05:14:
         d8:7c:e6:45:ed:f4:3e:98:f6:46:a9:5f:08:20:70:16:60:70:
         ba:d9:40:24:d0:8b:7c:ac:70:fc:7f:24:74:69:20:86:73:09:
         35:9c:d0:72:27:06:27:b4:15:6b:c9:92:5f:2c:61:1f:be:ba:
         88:44:77:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaWNXy3fbjX5rD44l2RyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAxMzBjZGIwZGU2OWIyMzAwMjVmZjRhM2QyMzlhNTVkYTlkZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZFaVi/3klJRGKHb632w4fvgm2LV
fz4fjnHYM+6zfgvEZUPAFX18hipl3y8kXgxOkyc534HI+cIQetCJ/ZqOF1ZX96b8
R1VjP8jjrLqAjmehFEDTOUiGc5gW7IjHbmZeCdVClc39L0RtHEfdv3tQh5z4Jaoe
PGUF+bXjhDMAcq5Eh2eyusXgZpc5x03+262bCSzEtNH5je/7Yi9AMrcwM0ns9GU1
iOeZendfGDwTZ/8qO6HEBSqMMlKMzWg4bqjOSL3GuHg6DmIvUEF+wPNz5nP3Itun
cCFF0S1fmRoow1El4o0s/gr7BbPsRPLN/jlRl7t7Ssv4Erx32bzYS8y13wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwBMM2w3mmyMAJf9KPSOaVdqd4GMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvckFFd3piRGVhYkl3QWxfMG85STVwVjJwM2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G4MA0G
CSqGSIb3DQEBCwUAA4IBAQAldTAlaFlYcTM53D81Ff/GpchXO2mOTuwdKc9uSQY1
yOzINbZw2RlQZ92JlRNSEMv4JfvNQpn9+oyHgZhQspI2V96QuKIMDPd8h5RW3NWa
MnjI6B9RU3xeo8l5bCB1CO1L3qqMdEBN2zdHbpmuCJS+EOESMDZoFMoIm60lKbe6
YaKlDrKk0llTOAki5Ec1ndwD1MykM1veVaelT6+Sdgj/OKq1mCtiOOWCtX3gEbL3
O9RjM3KNXrEL3HEo0SVZG5ijRCn2BRTYfOZF7fQ+mPZGqV8IIHAWYHC62UAk0It8
rHD8fyR0aSCGcwk1nNByJwYntBVryZJfLGEfvrqIRHfu
-----END CERTIFICATE-----