Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/ldBqwZxqjRhjUom118RK80ySq6Q.roa
File:                     ldBqwZxqjRhjUom118RK80ySq6Q.roa (raw, json)
Hash identifier:          Wm1IbQsteTdn7Wq8dDE23d9TNbkR4VcSoBkU4CuNLCc=
Subject key identifier:   95:D0:6A:C1:9C:6A:8D:18:63:52:89:B5:D7:C4:4A:F3:4C:92:AB:A4
Certificate issuer:       /CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
Certificate serial:       018CC8020DB85DD2C182F5A1060AC68D5ADA
Authority key identifier: D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/ldBqwZxqjRhjUom118RK80ySq6Q.roa
Signing time:             Tue 02 Jan 2024 02:30:26 +0000
ROA not before:           Tue 02 Jan 2024 02:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210854
IP address blocks:        31.210.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 01:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:0d:b8:5d:d2:c1:82:f5:a1:06:0a:c6:8d:5a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
        Validity
            Not Before: Jan  2 02:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d06ac19c6a8d18635289b5d7c44af34c92aba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:69:cd:fd:85:44:2f:cd:3b:16:99:12:09:79:
                    af:61:70:30:09:f0:63:ef:cd:e7:5c:39:14:5b:46:
                    7f:56:c9:dd:3c:bd:ff:34:77:e9:ac:78:68:dc:dc:
                    83:a5:d4:c9:bd:71:dc:11:ef:7d:80:3f:19:77:6a:
                    9d:ea:7f:7c:57:43:f6:6a:38:4b:52:af:d9:7e:0d:
                    7a:be:6e:16:62:9f:f8:33:a0:cd:a0:a6:08:90:1b:
                    a3:d1:05:1d:be:83:22:5d:c3:c2:ae:fc:9f:df:40:
                    ff:dd:dc:b9:da:d9:39:06:30:75:94:3b:ef:e0:dc:
                    72:c1:fe:5c:85:8d:56:e7:e5:52:1e:85:e9:04:24:
                    31:17:14:b4:3b:f5:ad:a7:7a:88:90:93:76:c2:d1:
                    66:53:bb:d9:54:31:d7:08:90:ca:21:60:19:92:52:
                    19:f3:de:dd:02:83:6d:1e:61:f3:b9:93:92:d9:f6:
                    26:20:a8:05:11:b3:84:80:da:cf:8b:b9:3f:27:df:
                    fa:06:de:ad:28:9f:6c:98:02:c5:8e:a4:2d:fb:77:
                    56:1d:1d:6a:97:44:5d:51:81:5c:fb:83:0b:0e:da:
                    25:0c:58:32:12:2e:37:f7:82:93:ae:14:cf:44:1b:
                    4c:f2:d1:ce:fb:02:57:f1:89:4c:c2:b0:a9:38:7f:
                    05:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D0:6A:C1:9C:6A:8D:18:63:52:89:B5:D7:C4:4A:F3:4C:92:AB:A4
            X509v3 Authority Key Identifier:
                keyid:D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/ldBqwZxqjRhjUom118RK80ySq6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:3f:89:eb:29:1a:55:80:b2:7d:82:bc:0c:26:9b:42:91:d2:
         0b:3a:52:e6:45:0d:d0:43:25:19:0d:88:5a:8a:39:15:6b:79:
         e5:68:e3:4c:97:8d:bf:4f:70:ee:f3:94:86:4f:33:bc:f3:70:
         2b:4b:ff:52:27:b1:00:44:c9:cb:da:7a:f0:7c:02:59:17:46:
         82:e0:1f:67:2e:4f:5a:31:2b:1b:b5:ed:0b:4e:f7:cb:b0:5b:
         57:53:20:a5:06:bb:af:31:ce:6c:58:ea:32:86:d5:5e:1c:70:
         b0:f4:53:6b:2e:9d:94:d4:3e:bb:b7:6f:36:9a:99:b4:cb:45:
         4a:46:01:23:5b:ae:02:45:46:80:c1:0c:6d:92:15:0a:a9:a7:
         b8:4b:f5:a3:02:4e:45:02:1f:54:76:09:a3:e8:c1:df:f2:06:
         de:40:5a:cf:94:8f:d2:bc:87:d5:00:15:dc:a8:3d:82:be:dc:
         63:34:71:4c:54:da:4f:f4:41:dc:19:be:ed:67:e0:41:8f:21:
         55:6d:82:9f:99:a0:c2:86:55:e3:59:53:f3:ed:44:30:0e:5d:
         c6:31:c3:4f:cb:3a:eb:e9:4f:6a:e8:c8:6a:be:06:8c:4b:a9:
         1d:b9:b8:44:d4:8c:37:80:4d:86:18:59:6a:6a:d7:04:53:bd:
         69:d1:1a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAg24XdLBgvWhBgrGjVraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MGI1NjVkNzczNjc1M2RiZTdmNjYyNGJkZjFkMmJjMTg5
NmY3YzAwHhcNMjQwMTAyMDIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQwNmFjMTljNmE4ZDE4NjM1Mjg5YjVkN2M0NGFmMzRjOTJhYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WnN/YVEL807FpkSCXmvYXAwCfBj
783nXDkUW0Z/VsndPL3/NHfprHho3NyDpdTJvXHcEe99gD8Zd2qd6n98V0P2ajhL
Uq/Zfg16vm4WYp/4M6DNoKYIkBuj0QUdvoMiXcPCrvyf30D/3dy52tk5BjB1lDvv
4Nxywf5chY1W5+VSHoXpBCQxFxS0O/Wtp3qIkJN2wtFmU7vZVDHXCJDKIWAZklIZ
897dAoNtHmHzuZOS2fYmIKgFEbOEgNrPi7k/J9/6Bt6tKJ9smALFjqQt+3dWHR1q
l0RdUYFc+4MLDtolDFgyEi4394KTrhTPRBtM8tHO+wJX8YlMwrCpOH8FdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXQasGcao0YY1KJtdfESvNMkqukMB8GA1UdIwQY
MBaAFNgLVl13NnU9vn9mJL3x0rwYlvfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5Mjct
MjMyNzc4MjJmZWZhLzEvbGRCcXdaeHFqUmhqVW9tMTE4Uks4MHlTcTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5MjctMjMyNzc4MjJmZWZh
LzEvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9IRMA0G
CSqGSIb3DQEBCwUAA4IBAQAQP4nrKRpVgLJ9grwMJptCkdILOlLmRQ3QQyUZDYha
ijkVa3nlaONMl42/T3Du85SGTzO883ArS/9SJ7EARMnL2nrwfAJZF0aC4B9nLk9a
MSsbte0LTvfLsFtXUyClBruvMc5sWOoyhtVeHHCw9FNrLp2U1D67t282mpm0y0VK
RgEjW64CRUaAwQxtkhUKqae4S/WjAk5FAh9Udgmj6MHf8gbeQFrPlI/SvIfVABXc
qD2CvtxjNHFMVNpP9EHcGb7tZ+BBjyFVbYKfmaDChlXjWVPz7UQwDl3GMcNPyzrr
6U9q6MhqvgaMS6kdubhE1Iw3gE2GGFlqatcEU71p0Roa
-----END CERTIFICATE-----