Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/R-_0K-2dzRd03dlzOTttsi5-JHA.roa
File:                     R-_0K-2dzRd03dlzOTttsi5-JHA.roa (raw, json)
Hash identifier:          d4u+81G3nMG3uQxML5dlmINsqTk9/2uI8TMWJUEA/sg=
Subject key identifier:   47:EF:F4:2B:ED:9D:CD:17:74:DD:D9:73:39:3B:6D:B2:2E:7E:24:70
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019179773ABD3B2286E3580ACB906851C84F
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/R-_0K-2dzRd03dlzOTttsi5-JHA.roa
Signing time:             Thu 22 Aug 2024 09:42:22 +0000
ROA not before:           Thu 22 Aug 2024 09:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214505
IP address blocks:        31.186.250.0/23 maxlen: 24
                          95.172.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:77:3a:bd:3b:22:86:e3:58:0a:cb:90:68:51:c8:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Aug 22 09:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47eff42bed9dcd1774ddd973393b6db22e7e2470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b1:88:29:15:0a:6c:51:a6:4f:a3:29:e9:06:
                    5b:7f:7d:d0:a7:c4:96:8b:5b:8b:f4:c8:85:b7:72:
                    7d:91:0e:c6:cc:76:56:c3:26:0e:df:50:1b:2b:f0:
                    5c:67:c7:1c:7c:89:94:8a:a0:8b:41:cc:51:93:1c:
                    69:e2:c9:fe:81:af:95:d1:8e:40:64:88:2c:45:3a:
                    25:4f:6c:61:70:96:95:24:20:a7:92:f5:0a:15:4a:
                    bb:41:ca:4b:76:fd:e8:01:da:9c:3c:60:a6:50:3c:
                    bd:42:78:5e:58:aa:de:17:a9:aa:40:59:5a:d5:5e:
                    a9:57:19:26:d8:04:19:1f:cb:9d:21:71:65:bf:a1:
                    82:ca:81:8a:c9:10:29:cc:c9:ba:13:bd:71:29:d0:
                    a0:0e:f2:54:9e:c6:42:84:fd:58:8e:6c:6c:d2:8a:
                    b8:32:23:0c:13:1f:e2:d5:e7:f7:79:cd:c3:85:fa:
                    8c:e6:25:6e:5d:f6:d5:00:7a:b6:70:5f:d6:e5:11:
                    c9:57:60:80:f6:57:be:78:b6:14:b9:fd:4f:bd:14:
                    92:22:b1:e9:15:67:01:47:b1:f1:27:17:3d:67:dd:
                    9f:b0:47:60:c6:cd:e6:24:de:f0:d2:89:4f:e0:33:
                    6f:93:44:30:b3:0d:c5:93:44:77:f5:53:24:e7:4e:
                    be:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EF:F4:2B:ED:9D:CD:17:74:DD:D9:73:39:3B:6D:B2:2E:7E:24:70
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/R-_0K-2dzRd03dlzOTttsi5-JHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.250.0/23
                  95.172.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2b:1f:cd:a0:70:6b:da:d3:5a:fa:66:e4:7a:da:b1:d6:de:
         65:3e:47:bf:a4:00:ed:b4:76:2e:b7:58:b0:a6:70:0a:66:75:
         17:41:3b:9d:16:fe:e6:5a:22:83:eb:60:af:9f:69:e6:e2:d9:
         cb:70:79:ac:9f:cc:88:21:a3:8f:ea:a4:7f:5c:64:52:6b:c9:
         52:f2:7e:af:3a:f9:0a:e7:74:ef:9a:6b:01:46:23:0e:4e:d0:
         05:32:37:27:be:d7:8e:0a:c2:ef:f8:d7:72:8a:ae:c5:9f:a5:
         3d:23:10:d6:92:4f:ad:b2:23:cb:7e:69:68:90:b5:ea:16:a6:
         89:f8:28:6d:1b:1e:52:82:7a:a5:0c:c4:06:aa:d1:5b:21:ec:
         8e:6d:74:6e:b2:34:f8:f5:62:0f:42:66:9f:bb:a1:f1:78:5b:
         26:9d:f0:8f:8f:15:89:ba:c0:76:2e:0f:bf:65:d5:4f:65:5d:
         af:3d:76:50:a0:7c:1f:26:9f:d5:67:ed:7a:0b:b0:52:64:98:
         be:c5:a7:b1:fd:9c:7e:a7:dc:d0:a8:4a:bf:8b:a5:bf:67:e3:
         18:5d:22:9e:bc:da:10:c9:11:fd:1b:5d:56:31:ed:b9:47:ef:
         f1:19:07:36:2a:6d:b7:dd:81:65:fe:0b:f9:a2:56:5c:97:2b:
         bf:64:3e:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF5dzq9OyKG41gKy5BoUchPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwODIyMDk0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VmZjQyYmVkOWRjZDE3NzRkZGQ5NzMzOTNiNmRiMjJlN2UyNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LGIKRUKbFGmT6Mp6QZbf33Qp8SW
i1uL9MiFt3J9kQ7GzHZWwyYO31AbK/BcZ8ccfImUiqCLQcxRkxxp4sn+ga+V0Y5A
ZIgsRTolT2xhcJaVJCCnkvUKFUq7QcpLdv3oAdqcPGCmUDy9QnheWKreF6mqQFla
1V6pVxkm2AQZH8udIXFlv6GCyoGKyRApzMm6E71xKdCgDvJUnsZChP1Yjmxs0oq4
MiMMEx/i1ef3ec3DhfqM5iVuXfbVAHq2cF/W5RHJV2CA9le+eLYUuf1PvRSSIrHp
FWcBR7HxJxc9Z92fsEdgxs3mJN7w0olP4DNvk0Qwsw3Fk0R39VMk506+OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEfv9Cvtnc0XdN3Zczk7bbIufiRwMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvUi1fMEstMmR6UmQwM2Rsek9UdHRzaTUtSkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH7r6AwQA
X6xcMA0GCSqGSIb3DQEBCwUAA4IBAQAtKx/NoHBr2tNa+mbketqx1t5lPke/pADt
tHYut1iwpnAKZnUXQTudFv7mWiKD62Cvn2nm4tnLcHmsn8yIIaOP6qR/XGRSa8lS
8n6vOvkK53TvmmsBRiMOTtAFMjcnvteOCsLv+Ndyiq7Fn6U9IxDWkk+tsiPLfmlo
kLXqFqaJ+ChtGx5SgnqlDMQGqtFbIeyObXRusjT49WIPQmafu6HxeFsmnfCPjxWJ
usB2Lg+/ZdVPZV2vPXZQoHwfJp/VZ+16C7BSZJi+xaex/Zx+p9zQqEq/i6W/Z+MY
XSKevNoQyRH9G11WMe25R+/xGQc2Km233YFl/gv5olZclyu/ZD5d
-----END CERTIFICATE-----