Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/GiNohb1Z-DajycYfnzNpucse6F0.roa
File:                     GiNohb1Z-DajycYfnzNpucse6F0.roa (raw, json)
Hash identifier:          L91OMW5wfUw5AWfdMO/4Lv0alOTY+AGGGQW9FCTWX+0=
Subject key identifier:   1A:23:68:85:BD:59:F8:36:A3:C9:C6:1F:9F:33:69:B9:CB:1E:E8:5D
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018CC64B222A65FA14C758D57A38847A68CA
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/GiNohb1Z-DajycYfnzNpucse6F0.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55096
IP address blocks:        31.186.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:22:2a:65:fa:14:c7:58:d5:7a:38:84:7a:68:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a236885bd59f836a3c9c61f9f3369b9cb1ee85d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fa:bf:32:dc:bc:8f:08:16:11:cb:77:5a:07:
                    a7:14:8a:3a:19:38:a1:78:e6:3e:89:5b:9c:56:18:
                    91:94:20:fb:83:cd:d0:ec:3b:ae:b3:c7:6f:f4:47:
                    0a:d3:44:b4:9b:fd:48:46:5b:e5:10:1d:53:e9:eb:
                    a1:d4:34:2f:54:00:68:10:46:12:3e:6c:c5:bb:9e:
                    9e:22:43:b1:0d:7e:30:af:60:c4:c8:33:fe:d7:3c:
                    3b:5d:5d:f4:7a:8d:7a:5c:e6:1e:a7:a4:44:61:d9:
                    7c:78:66:dc:de:95:c7:12:f5:87:a3:96:5b:df:46:
                    15:b7:14:05:29:84:8b:31:c4:42:ba:6a:ff:02:0e:
                    68:6c:3e:fc:ae:31:fb:d4:4d:7b:15:ab:31:dd:b6:
                    f1:5e:b0:f4:3a:ce:29:ed:d9:8e:2a:71:b6:df:9a:
                    fd:a8:a6:a8:9a:db:42:bd:21:e3:4c:66:19:fb:fc:
                    49:b0:6e:6a:4a:ab:3c:c2:2e:7e:7e:62:a9:4c:0a:
                    71:f8:d2:bd:f9:55:6b:53:3d:86:4b:06:ac:0e:85:
                    76:ef:bd:a3:77:78:a8:c6:c2:b5:1b:9b:8e:73:db:
                    b7:21:b8:de:47:a3:e4:00:bd:b4:3c:c2:2d:8f:cd:
                    33:d1:87:e0:e4:34:54:e5:7a:6f:25:12:85:d4:5c:
                    ae:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:23:68:85:BD:59:F8:36:A3:C9:C6:1F:9F:33:69:B9:CB:1E:E8:5D
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/GiNohb1Z-DajycYfnzNpucse6F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:83:ee:a3:40:59:17:2a:f3:f1:8a:e9:d8:58:0e:6a:c9:4e:
         d5:79:36:9d:d0:1c:e9:71:c5:e0:e7:45:09:a4:f0:8d:1a:6b:
         62:37:7b:7d:20:dc:eb:ac:5f:e5:3d:b3:66:45:09:d9:d2:e7:
         48:5f:c9:3b:13:f2:45:fa:28:22:94:f5:24:31:f1:4c:c3:44:
         f3:c9:46:bc:eb:4d:4d:39:ce:e0:4b:bd:bd:29:ae:86:33:2f:
         fa:ee:21:3f:89:5c:e1:9e:52:05:1f:9d:5a:e5:a2:9f:de:cb:
         d0:6f:87:aa:8b:64:92:ac:b9:2f:2f:53:c1:83:2b:57:81:67:
         20:d7:3f:21:f8:3b:ec:5f:85:4e:c1:46:ab:65:5b:5d:97:14:
         aa:e2:92:b1:8f:c8:49:52:53:aa:ce:d6:cf:8d:bf:30:3b:60:
         e4:35:f0:50:e4:82:a3:69:39:d6:a9:40:52:b2:2d:c7:f8:09:
         60:f8:8c:6d:dd:00:be:9f:6e:96:f3:59:5a:45:e4:08:14:87:
         a9:f5:64:42:a4:60:69:c4:3e:8e:ce:3f:ec:64:ad:c8:0a:94:
         50:74:8a:56:a6:37:51:6b:38:0b:99:c3:18:fc:94:79:4c:f2:
         aa:2b:53:30:26:17:9c:d3:96:e6:41:0a:65:72:41:ee:0c:17:
         b6:01:25:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyIqZfoUx1jVejiEemjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTIzNjg4NWJkNTlmODM2YTNjOWM2MWY5ZjMzNjliOWNiMWVlODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/q/Mty8jwgWEct3WgenFIo6GTih
eOY+iVucVhiRlCD7g83Q7Duus8dv9EcK00S0m/1IRlvlEB1T6euh1DQvVABoEEYS
PmzFu56eIkOxDX4wr2DEyDP+1zw7XV30eo16XOYep6REYdl8eGbc3pXHEvWHo5Zb
30YVtxQFKYSLMcRCumr/Ag5obD78rjH71E17Fasx3bbxXrD0Os4p7dmOKnG235r9
qKaomttCvSHjTGYZ+/xJsG5qSqs8wi5+fmKpTApx+NK9+VVrUz2GSwasDoV2772j
d3ioxsK1G5uOc9u3IbjeR6PkAL20PMItj80z0Yfg5DRU5XpvJRKF1FyuiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBojaIW9Wfg2o8nGH58zabnLHuhdMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvR2lOb2hiMVotRGFqeWNZZm56TnB1Y3NlNkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7r1MA0G
CSqGSIb3DQEBCwUAA4IBAQAig+6jQFkXKvPxiunYWA5qyU7VeTad0BzpccXg50UJ
pPCNGmtiN3t9INzrrF/lPbNmRQnZ0udIX8k7E/JF+igilPUkMfFMw0TzyUa8601N
Oc7gS729Ka6GMy/67iE/iVzhnlIFH51a5aKf3svQb4eqi2SSrLkvL1PBgytXgWcg
1z8h+DvsX4VOwUarZVtdlxSq4pKxj8hJUlOqztbPjb8wO2DkNfBQ5IKjaTnWqUBS
si3H+Alg+Ixt3QC+n26W81laReQIFIep9WRCpGBpxD6Ozj/sZK3ICpRQdIpWpjdR
azgLmcMY/JR5TPKqK1MwJhec05bmQQplckHuDBe2ASXo
-----END CERTIFICATE-----