Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/dsS4VNIg93YvqePaRuvGszciFfU.roa
File:                     dsS4VNIg93YvqePaRuvGszciFfU.roa (raw, json)
Hash identifier:          o4aGfkBGQ7JmAtbi5kf1Leut82oLzrWNdamU55YtNFk=
Subject key identifier:   76:C4:B8:54:D2:20:F7:76:2F:A9:E3:DA:46:EB:C6:B3:37:22:15:F5
Certificate issuer:       /CN=684ac8a021270682765d23ef0338f35c786ddb35
Certificate serial:       018CC86FAF57B762AB56364E00904DD70B2F
Authority key identifier: 68:4A:C8:A0:21:27:06:82:76:5D:23:EF:03:38:F3:5C:78:6D:DB:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aErIoCEnBoJ2XSPvAzjzXHht2zU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/dsS4VNIg93YvqePaRuvGszciFfU.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58207
IP address blocks:        31.129.124.0/24 maxlen: 24
                          195.16.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/aErIoCEnBoJ2XSPvAzjzXHht2zU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/aErIoCEnBoJ2XSPvAzjzXHht2zU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aErIoCEnBoJ2XSPvAzjzXHht2zU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:af:57:b7:62:ab:56:36:4e:00:90:4d:d7:0b:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=684ac8a021270682765d23ef0338f35c786ddb35
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76c4b854d220f7762fa9e3da46ebc6b3372215f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2b:2a:69:c2:9b:9c:39:ad:82:e9:1c:0a:bc:
                    5a:46:cc:2d:f2:75:37:dc:66:2f:04:7c:38:d6:38:
                    8a:73:3c:1b:5f:4d:3a:4e:38:e0:e4:44:75:cc:36:
                    db:e1:dc:20:bd:e1:3e:8c:30:f1:5c:12:cd:d0:87:
                    61:9c:af:07:5e:9f:27:28:8c:82:64:d5:a8:54:fd:
                    e6:ca:e1:00:39:e9:4c:9f:65:34:a4:be:dd:a2:cf:
                    9c:53:22:24:24:12:cc:1b:52:cb:8b:57:9d:c0:d8:
                    51:5b:99:50:87:59:30:28:3b:c5:60:85:49:c5:a9:
                    03:d5:dd:94:e6:27:b7:c5:34:cb:83:0e:43:4f:fe:
                    d8:e7:32:7a:0d:6f:a2:8d:f1:34:3c:c9:f7:c7:5d:
                    2f:04:8e:44:c7:95:37:ff:38:e5:de:e3:77:6f:93:
                    d8:eb:94:00:83:93:7d:83:2d:bc:db:77:af:a1:9e:
                    01:5c:68:aa:f5:3f:4f:b2:a4:2d:de:66:ef:58:3a:
                    9b:75:ce:06:12:27:0c:e7:82:f1:3f:d2:e3:bc:34:
                    69:9c:c5:dc:b0:91:22:3e:ea:bf:3e:86:7a:6f:42:
                    44:1c:eb:1f:a3:f0:3a:f4:f7:b8:7e:32:07:d0:7d:
                    0c:6c:45:38:5f:ed:5a:45:9a:3f:3b:95:9c:f2:82:
                    b0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:C4:B8:54:D2:20:F7:76:2F:A9:E3:DA:46:EB:C6:B3:37:22:15:F5
            X509v3 Authority Key Identifier:
                keyid:68:4A:C8:A0:21:27:06:82:76:5D:23:EF:03:38:F3:5C:78:6D:DB:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aErIoCEnBoJ2XSPvAzjzXHht2zU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/dsS4VNIg93YvqePaRuvGszciFfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/d30b5d-7f3b-4a5a-9897-0c011c9c927d/1/aErIoCEnBoJ2XSPvAzjzXHht2zU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.124.0/24
                  195.16.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:88:54:09:7c:dc:e5:1b:1b:ee:78:99:d7:37:fc:51:54:43:
         25:30:3b:d5:cd:fd:a0:59:77:50:12:56:e1:3a:c7:4b:d1:bc:
         7f:b6:3c:20:97:94:87:c2:a4:3d:67:70:62:ca:a8:05:23:35:
         15:e2:45:ab:07:64:67:eb:9c:90:a0:6f:3b:ba:1e:ca:72:59:
         b9:fb:cb:ab:fa:82:46:70:8a:44:af:94:50:6e:1e:30:e1:ca:
         2e:fb:f8:90:f8:52:63:7b:f0:26:f7:05:be:7e:58:3f:f8:39:
         fc:79:63:9d:d6:9e:83:bc:31:1c:f0:69:8b:78:78:4e:61:23:
         17:99:87:70:6d:18:6b:48:4f:e2:8f:72:1e:b8:82:63:f8:c3:
         27:7c:3a:7f:1b:47:c5:98:95:1b:1f:b3:05:41:97:83:26:a3:
         36:fe:2b:f7:ed:2c:28:a3:32:9e:87:e9:a8:cb:13:80:74:32:
         58:41:3e:c9:69:c7:68:60:70:88:72:1d:d3:db:8f:9e:0b:87:
         92:23:2d:96:17:bc:36:d9:60:43:0f:99:6a:a3:e7:96:cc:71:
         0e:2f:4f:5f:a4:9e:1d:96:bd:75:69:86:dd:82:a2:1d:5e:16:
         e5:cb:ed:ec:0e:ea:d8:63:19:b7:53:bd:9e:b1:8c:3b:48:52:
         34:bc:bd:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb69Xt2KrVjZOAJBN1wsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NGFjOGEwMjEyNzA2ODI3NjVkMjNlZjAzMzhmMzVjNzg2
ZGRiMzUwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmM0Yjg1NGQyMjBmNzc2MmZhOWUzZGE0NmViYzZiMzM3MjIxNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwisqacKbnDmtgukcCrxaRswt8nU3
3GYvBHw41jiKczwbX006Tjjg5ER1zDbb4dwgveE+jDDxXBLN0IdhnK8HXp8nKIyC
ZNWoVP3myuEAOelMn2U0pL7dos+cUyIkJBLMG1LLi1edwNhRW5lQh1kwKDvFYIVJ
xakD1d2U5ie3xTTLgw5DT/7Y5zJ6DW+ijfE0PMn3x10vBI5Ex5U3/zjl3uN3b5PY
65QAg5N9gy2823evoZ4BXGiq9T9PsqQt3mbvWDqbdc4GEicM54LxP9LjvDRpnMXc
sJEiPuq/PoZ6b0JEHOsfo/A69Pe4fjIH0H0MbEU4X+1aRZo/O5Wc8oKwYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHbEuFTSIPd2L6nj2kbrxrM3IhX1MB8GA1UdIwQY
MBaAFGhKyKAhJwaCdl0j7wM481x4bds1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUVySW9DRW5Cb0oyWFNQdkF6anpYSGh0MnpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kMzBiNWQtN2YzYi00YTVhLTk4OTct
MGMwMTFjOWM5MjdkLzEvZHNTNFZOSWc5M1l2cWVQYVJ1dkdzemNpRmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kMzBiNWQtN2YzYi00YTVhLTk4OTctMGMwMTFjOWM5Mjdk
LzEvYUVySW9DRW5Cb0oyWFNQdkF6anpYSGh0MnpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4F8AwQA
wxBdMA0GCSqGSIb3DQEBCwUAA4IBAQADiFQJfNzlGxvueJnXN/xRVEMlMDvVzf2g
WXdQElbhOsdL0bx/tjwgl5SHwqQ9Z3BiyqgFIzUV4kWrB2Rn65yQoG87uh7Kclm5
+8ur+oJGcIpEr5RQbh4w4cou+/iQ+FJje/Am9wW+flg/+Dn8eWOd1p6DvDEc8GmL
eHhOYSMXmYdwbRhrSE/ij3IeuIJj+MMnfDp/G0fFmJUbH7MFQZeDJqM2/iv37Swo
ozKeh+moyxOAdDJYQT7JacdoYHCIch3T24+eC4eSIy2WF7w22WBDD5lqo+eWzHEO
L09fpJ4dlr11aYbdgqIdXhbly+3sDurYYxm3U72esYw7SFI0vL0R
-----END CERTIFICATE-----