Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/v-whXSuK-x1uCyUmUk7PpjK_prw.roa
File:                     v-whXSuK-x1uCyUmUk7PpjK_prw.roa (raw, json)
Hash identifier:          QKDqlCPWm22GItyznvBEhsYIHNFY2OlnC4pNLQLOUe0=
Subject key identifier:   BF:EC:21:5D:2B:8A:FB:1D:6E:0B:25:26:52:4E:CF:A6:32:BF:A6:BC
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018CC64B21050FBDDB3CDDD604CD07ED0F47
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/v-whXSuK-x1uCyUmUk7PpjK_prw.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26931
IP address blocks:        31.186.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:21:05:0f:bd:db:3c:dd:d6:04:cd:07:ed:0f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfec215d2b8afb1d6e0b2526524ecfa632bfa6bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:55:3c:e9:df:66:a5:a5:48:d9:14:f8:c2:00:
                    78:5d:14:73:6c:06:a6:34:f4:8e:df:3d:c0:32:4b:
                    cf:85:d2:21:7f:7c:e5:d1:ff:14:07:05:ae:cb:27:
                    9c:ee:ed:82:b1:7a:9a:c2:98:10:96:5d:da:7c:bc:
                    af:b3:8e:55:70:53:da:6e:2e:eb:e8:ad:7a:fa:11:
                    84:c8:e0:79:93:67:10:b1:72:1e:2c:0b:8b:d7:e7:
                    14:6c:a6:c5:23:cb:2e:91:56:ac:52:7d:46:1a:2a:
                    a6:79:26:e9:34:5e:67:65:5e:ac:73:ac:0b:b9:85:
                    21:8b:6a:b2:f6:2c:7a:6e:17:41:c7:63:6f:61:c8:
                    88:e3:e5:7f:f9:95:b3:fa:bd:36:79:c2:79:71:37:
                    d9:ad:9f:66:1d:e8:3c:39:34:a2:9d:e3:d3:ae:df:
                    39:07:8d:14:fd:bf:3b:1f:5c:a8:4a:37:3e:9b:7e:
                    be:54:83:24:a7:76:3a:3d:90:e7:36:f0:30:f6:af:
                    4c:17:de:ee:ac:f6:af:15:79:c3:ad:97:de:72:02:
                    66:5e:e6:d7:bc:ca:7b:f7:f9:81:36:f9:56:89:3d:
                    a7:bd:0f:2e:75:23:b7:63:bd:df:75:e6:0e:ee:e8:
                    e3:9d:e0:34:8a:55:64:21:99:3a:24:92:b1:f1:9d:
                    40:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:EC:21:5D:2B:8A:FB:1D:6E:0B:25:26:52:4E:CF:A6:32:BF:A6:BC
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/v-whXSuK-x1uCyUmUk7PpjK_prw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:3d:4e:5e:4b:9d:ba:94:47:46:13:89:e0:cb:82:4d:3b:b5:
         c3:de:92:a6:51:34:0b:d9:99:3d:18:65:bc:4d:6b:8c:92:bf:
         b0:2e:89:82:75:ef:3e:3f:29:d8:0f:f7:d6:e9:b4:52:92:d1:
         8a:d9:78:d5:97:6f:fe:10:e9:80:08:a6:e5:00:b4:98:fa:9c:
         d7:dd:b2:b5:fe:2d:06:16:31:02:a1:1f:ae:4f:dd:be:d0:18:
         47:58:a4:33:81:f4:a4:8a:c6:79:53:5c:40:4d:cf:5f:cd:21:
         c3:99:34:fc:b7:f4:fb:a4:2a:a0:51:b1:56:60:20:4d:72:8d:
         73:f1:85:e8:32:ef:c8:d5:27:fa:74:f9:55:f3:af:bf:4e:3f:
         ad:1b:89:6c:2d:ff:a9:2e:fa:fc:1e:6d:94:18:3d:b8:cd:ca:
         fa:7e:d4:ab:88:bd:6e:c2:81:d7:08:a0:36:27:9d:25:d7:2a:
         d5:71:b6:99:e5:d6:dd:e3:10:95:76:a5:f8:fb:05:2a:82:5d:
         58:7a:86:09:ad:b8:d2:d6:9a:fe:ab:7f:26:8b:ee:3f:40:0d:
         c2:2b:78:12:7a:46:e7:07:e6:cd:5b:2b:2a:db:fe:6a:7c:53:
         c7:e6:ac:d3:bc:c7:fc:70:70:44:ae:d0:b4:bf:64:26:0d:af:
         4c:0a:6e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyEFD73bPN3WBM0H7Q9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmVjMjE1ZDJiOGFmYjFkNmUwYjI1MjY1MjRlY2ZhNjMyYmZhNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51U86d9mpaVI2RT4wgB4XRRzbAam
NPSO3z3AMkvPhdIhf3zl0f8UBwWuyyec7u2CsXqawpgQll3afLyvs45VcFPabi7r
6K16+hGEyOB5k2cQsXIeLAuL1+cUbKbFI8sukVasUn1GGiqmeSbpNF5nZV6sc6wL
uYUhi2qy9ix6bhdBx2NvYciI4+V/+ZWz+r02ecJ5cTfZrZ9mHeg8OTSinePTrt85
B40U/b87H1yoSjc+m36+VIMkp3Y6PZDnNvAw9q9MF97urPavFXnDrZfecgJmXubX
vMp79/mBNvlWiT2nvQ8udSO3Y73fdeYO7ujjneA0ilVkIZk6JJKx8Z1ARQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/sIV0rivsdbgslJlJOz6Yyv6a8MB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvdi13aFhTdUsteDF1Q3lVbVVrN1BwaktfcHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH7rrMA0G
CSqGSIb3DQEBCwUAA4IBAQCnPU5eS526lEdGE4ngy4JNO7XD3pKmUTQL2Zk9GGW8
TWuMkr+wLomCde8+PynYD/fW6bRSktGK2XjVl2/+EOmACKblALSY+pzX3bK1/i0G
FjECoR+uT92+0BhHWKQzgfSkisZ5U1xATc9fzSHDmTT8t/T7pCqgUbFWYCBNco1z
8YXoMu/I1Sf6dPlV86+/Tj+tG4lsLf+pLvr8Hm2UGD24zcr6ftSriL1uwoHXCKA2
J50l1yrVcbaZ5dbd4xCVdqX4+wUqgl1YeoYJrbjS1pr+q38mi+4/QA3CK3gSekbn
B+bNWysq2/5qfFPH5qzTvMf8cHBErtC0v2QmDa9MCm7W
-----END CERTIFICATE-----