Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZjRxUryFRCH3-rY0Vgct3-g8jmU.roa
File:                     ZjRxUryFRCH3-rY0Vgct3-g8jmU.roa (raw, json)
Hash identifier:          I3rcxoDRnoayL225/1ftNV1t7f4IAoMZg8Hl4OB/ZVQ=
Subject key identifier:   66:34:71:52:BC:85:44:21:F7:FA:B6:34:56:07:2D:DF:E8:3C:8E:65
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802903B13CA7643CC637BE2B00890E3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZjRxUryFRCH3-rY0Vgct3-g8jmU.roa
Signing time:             Tue 02 Jan 2024 02:31:00 +0000
ROA not before:           Tue 02 Jan 2024 02:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209365
IP address blocks:        31.170.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:90:3b:13:ca:76:43:cc:63:7b:e2:b0:08:90:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66347152bc854421f7fab63456072ddfe83c8e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f6:83:32:1c:70:fe:59:5b:ac:69:56:34:e9:
                    2c:90:39:b1:9b:8d:43:93:d9:63:3e:5c:e9:d5:98:
                    f9:56:0c:40:65:4f:b8:8f:9a:54:3c:eb:35:07:84:
                    64:8b:9a:56:f0:f2:9c:69:5e:46:3a:39:33:80:b6:
                    ef:35:b4:3a:96:9a:13:09:e6:6c:75:ca:b9:0f:15:
                    e7:37:46:95:ba:ce:9f:7a:7e:ae:41:b5:5a:9c:78:
                    74:d1:e2:6c:6e:da:db:85:c8:74:e6:aa:65:31:ca:
                    ad:cf:d4:80:6c:0c:f7:38:a2:4a:23:5a:c8:7a:66:
                    35:f8:05:6f:70:c8:2f:ae:7c:25:20:0e:a7:45:89:
                    6c:9e:77:5a:89:53:31:1c:db:87:59:57:95:77:7d:
                    65:80:f5:a3:d6:24:5a:70:d5:1e:a9:8f:8e:6b:86:
                    21:64:eb:5a:9c:7f:14:59:57:89:99:ef:24:86:2b:
                    8e:65:63:81:a4:e1:c1:07:c6:e4:00:fc:c8:da:8c:
                    d8:f2:a7:9c:0a:1a:5e:6e:aa:f4:1c:a4:dd:0d:ad:
                    8b:e2:5a:8f:25:91:03:7b:60:0c:17:62:08:55:31:
                    42:14:dd:90:38:13:02:32:92:59:28:97:fc:ac:19:
                    45:95:1e:8d:5f:a4:df:df:bf:83:2a:6d:53:6d:35:
                    27:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:34:71:52:BC:85:44:21:F7:FA:B6:34:56:07:2D:DF:E8:3C:8E:65
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZjRxUryFRCH3-rY0Vgct3-g8jmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.170.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:96:41:52:e1:b1:eb:80:89:99:00:bc:f8:d2:80:3a:1f:b4:
         c9:32:33:47:fa:2e:c8:85:8d:dc:25:fc:b7:61:e0:be:fb:76:
         77:60:50:77:bf:ae:23:58:5b:2f:9b:6d:1c:5f:22:ab:a0:5c:
         09:27:5a:c8:b1:44:1d:d4:86:b4:23:f7:b9:29:69:e2:df:c7:
         7e:5f:d1:95:be:2c:24:09:50:e4:e5:00:6a:af:56:63:b5:e1:
         0c:f5:dd:56:8e:ac:9b:3c:5b:f1:37:25:c1:61:79:49:5a:2e:
         04:5f:4c:17:a3:bb:4f:37:24:b0:1c:c1:94:3e:2c:5e:be:77:
         68:da:da:99:0a:f9:4f:d8:a6:f4:84:a6:8e:9b:a1:b4:14:c4:
         fa:04:12:96:19:09:c9:d0:c8:06:ae:c4:a8:8d:f7:ea:15:2b:
         39:5a:1f:a1:b4:ee:47:0f:eb:30:9f:9f:d2:ff:81:4b:a3:db:
         c7:df:98:8b:b6:10:27:6a:3d:d6:12:78:0a:ea:b3:a2:2c:74:
         ff:29:12:f9:bb:02:f2:07:9a:77:c7:ac:82:c8:8a:bb:9e:22:
         5e:b0:1e:92:1b:a5:fe:91:8a:d6:3d:7f:40:7e:3a:99:a7:9a:
         6b:f3:c9:b2:3a:84:e3:d8:20:dc:6a:a3:6e:83:4b:d5:bc:ee:
         00:64:32:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApA7E8p2Q8xje+KwCJDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjM0NzE1MmJjODU0NDIxZjdmYWI2MzQ1NjA3MmRkZmU4M2M4ZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfaDMhxw/llbrGlWNOkskDmxm41D
k9ljPlzp1Zj5VgxAZU+4j5pUPOs1B4Rki5pW8PKcaV5GOjkzgLbvNbQ6lpoTCeZs
dcq5DxXnN0aVus6fen6uQbVanHh00eJsbtrbhch05qplMcqtz9SAbAz3OKJKI1rI
emY1+AVvcMgvrnwlIA6nRYlsnndaiVMxHNuHWVeVd31lgPWj1iRacNUeqY+Oa4Yh
ZOtanH8UWVeJme8khiuOZWOBpOHBB8bkAPzI2ozY8qecChpebqr0HKTdDa2L4lqP
JZEDe2AMF2IIVTFCFN2QOBMCMpJZKJf8rBlFlR6NX6Tf37+DKm1TbTUniwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGY0cVK8hUQh9/q2NFYHLd/oPI5lMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWmpSeFVyeUZSQ0gzLXJZMFZnY3QzLWc4am1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6pnMA0G
CSqGSIb3DQEBCwUAA4IBAQBQlkFS4bHrgImZALz40oA6H7TJMjNH+i7IhY3cJfy3
YeC++3Z3YFB3v64jWFsvm20cXyKroFwJJ1rIsUQd1Ia0I/e5KWni38d+X9GVviwk
CVDk5QBqr1ZjteEM9d1WjqybPFvxNyXBYXlJWi4EX0wXo7tPNySwHMGUPixevndo
2tqZCvlP2Kb0hKaOm6G0FMT6BBKWGQnJ0MgGrsSojffqFSs5Wh+htO5HD+swn5/S
/4FLo9vH35iLthAnaj3WEngK6rOiLHT/KRL5uwLyB5p3x6yCyIq7niJesB6SG6X+
kYrWPX9AfjqZp5pr88myOoTj2CDcaqNug0vVvO4AZDKS
-----END CERTIFICATE-----