Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4W8tGFC2nT9F_SeiWReZIV1hj2E.roa
File:                     4W8tGFC2nT9F_SeiWReZIV1hj2E.roa (raw, json)
Hash identifier:          /Q7JvH2xQgn9Ka/JwYXyYhYRG1Gt0334+JQeUEzTZjU=
Subject key identifier:   E1:6F:2D:18:50:B6:9D:3F:45:FD:27:A2:59:17:99:21:5D:61:8F:61
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802A1AC812148F691F82B3F8D23DB5D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4W8tGFC2nT9F_SeiWReZIV1hj2E.roa
Signing time:             Tue 02 Jan 2024 02:31:04 +0000
ROA not before:           Tue 02 Jan 2024 02:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        185.222.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:a1:ac:81:21:48:f6:91:f8:2b:3f:8d:23:db:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e16f2d1850b69d3f45fd27a2591799215d618f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0a:61:84:cf:b2:ea:ac:97:77:4e:70:5f:56:
                    5f:f4:dd:36:97:69:1a:db:bc:24:32:2c:87:ef:c5:
                    e9:2f:c9:9a:57:41:33:9a:c4:d2:e1:d8:42:96:7b:
                    09:54:f2:dc:80:5e:11:d0:a2:8a:21:d5:0c:ac:67:
                    82:7c:42:f1:33:83:9d:75:6b:e8:f9:d1:d6:d8:6b:
                    df:6d:6b:f2:08:cb:03:32:f8:3d:c2:90:60:51:75:
                    fb:e6:4b:e2:16:2e:81:f1:06:9f:36:ce:f7:58:82:
                    20:88:6a:51:7b:4c:51:c5:13:6a:4d:70:59:92:fe:
                    ad:8e:e8:89:56:7d:3a:80:00:f4:e8:e5:60:52:12:
                    b8:ff:b9:7d:18:3d:e4:3e:db:8b:34:5a:59:e8:69:
                    38:2f:fa:ca:af:69:7c:2e:1e:18:45:73:43:57:0a:
                    fe:3f:95:12:50:5b:98:56:d6:7d:4f:19:24:e5:0f:
                    7d:1e:2d:17:4b:f5:d7:22:ae:13:9d:8a:5c:1a:df:
                    ec:eb:11:f8:44:27:a7:29:2b:b9:b9:85:f0:a1:43:
                    27:f4:53:5e:56:93:64:a2:69:cb:ff:77:86:d9:10:
                    9d:08:3f:1f:fc:dd:3b:79:28:77:9e:08:73:a0:5f:
                    50:56:ef:ce:66:bb:11:4e:8d:68:9d:fe:bc:4d:90:
                    a8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6F:2D:18:50:B6:9D:3F:45:FD:27:A2:59:17:99:21:5D:61:8F:61
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4W8tGFC2nT9F_SeiWReZIV1hj2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f2:1c:1a:13:38:3e:35:9c:b5:a5:6d:7e:b9:13:3e:d6:71:
         0a:2c:50:5e:35:76:ec:36:02:49:f6:d0:b6:a0:1d:50:7f:74:
         6b:88:fd:b1:77:a1:06:54:0e:65:03:1d:73:c4:07:44:39:bc:
         04:79:34:6f:c3:fb:a9:a5:6d:6b:f5:36:ac:30:26:2f:11:5f:
         b9:d8:ac:9c:de:c2:7d:c4:da:e7:4f:35:18:c1:63:bb:a3:ba:
         dc:a3:50:77:48:87:d6:1b:b5:9b:98:56:22:01:96:11:22:bc:
         b9:1b:7e:2f:7f:a4:8d:70:e0:7b:36:24:6b:36:7a:0a:64:68:
         5d:c9:d0:8f:d4:8d:01:91:44:c1:54:13:03:93:13:4a:02:f0:
         67:fe:12:69:6c:20:39:2f:a7:d9:8e:da:13:e5:24:bd:e5:27:
         d4:d9:6d:89:fd:f0:be:27:98:44:9c:56:9f:81:58:b5:01:3c:
         99:3e:ba:01:4b:58:66:1c:08:d0:de:00:b7:96:c1:01:b6:db:
         fc:2a:26:1f:69:a3:7f:05:1e:c4:c1:8f:04:86:e1:e4:b2:ad:
         cc:a4:e3:65:ed:25:02:d3:b9:55:96:f7:dd:70:c7:cd:82:a0:
         76:3c:88:6c:aa:98:99:c4:f2:70:d8:72:ce:8e:2e:aa:00:a6:
         6c:06:3e:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAqGsgSFI9pH4Kz+NI9tdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZmMmQxODUwYjY5ZDNmNDVmZDI3YTI1OTE3OTkyMTVkNjE4ZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQphhM+y6qyXd05wX1Zf9N02l2ka
27wkMiyH78XpL8maV0EzmsTS4dhClnsJVPLcgF4R0KKKIdUMrGeCfELxM4OddWvo
+dHW2GvfbWvyCMsDMvg9wpBgUXX75kviFi6B8QafNs73WIIgiGpRe0xRxRNqTXBZ
kv6tjuiJVn06gAD06OVgUhK4/7l9GD3kPtuLNFpZ6Gk4L/rKr2l8Lh4YRXNDVwr+
P5USUFuYVtZ9Txkk5Q99Hi0XS/XXIq4TnYpcGt/s6xH4RCenKSu5uYXwoUMn9FNe
VpNkomnL/3eG2RCdCD8f/N07eSh3nghzoF9QVu/OZrsRTo1onf68TZCohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFvLRhQtp0/Rf0nolkXmSFdYY9hMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNFc4dEdGQzJuVDlGX1NlaVdSZVpJVjFoajJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4fMA0G
CSqGSIb3DQEBCwUAA4IBAQBn8hwaEzg+NZy1pW1+uRM+1nEKLFBeNXbsNgJJ9tC2
oB1Qf3RriP2xd6EGVA5lAx1zxAdEObwEeTRvw/uppW1r9TasMCYvEV+52Kyc3sJ9
xNrnTzUYwWO7o7rco1B3SIfWG7WbmFYiAZYRIry5G34vf6SNcOB7NiRrNnoKZGhd
ydCP1I0BkUTBVBMDkxNKAvBn/hJpbCA5L6fZjtoT5SS95SfU2W2J/fC+J5hEnFaf
gVi1ATyZProBS1hmHAjQ3gC3lsEBttv8KiYfaaN/BR7EwY8EhuHksq3MpONl7SUC
07lVlvfdcMfNgqB2PIhsqpiZxPJw2HLOji6qAKZsBj7o
-----END CERTIFICATE-----