Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/31wOHaa9IKgb3erQdr5xyGt-mAg.roa
File:                     31wOHaa9IKgb3erQdr5xyGt-mAg.roa (raw, json)
Hash identifier:          rfdtqzIaD0QYP9J7duktv2XV3++BxM2b6rhsU2iYfrU=
Subject key identifier:   DF:5C:0E:1D:A6:BD:20:A8:1B:DD:EA:D0:76:BE:71:C8:6B:7E:98:08
Certificate issuer:       /CN=f71b99831d44b0bf7c00c50977f60b1844349cf2
Certificate serial:       018CC348CB39F2DFC213E2023D796044E43F
Authority key identifier: F7:1B:99:83:1D:44:B0:BF:7C:00:C5:09:77:F6:0B:18:44:34:9C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9xuZgx1EsL98AMUJd_YLGEQ0nPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/31wOHaa9IKgb3erQdr5xyGt-mAg.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42426
IP address blocks:        194.1.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/9xuZgx1EsL98AMUJd_YLGEQ0nPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/9xuZgx1EsL98AMUJd_YLGEQ0nPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9xuZgx1EsL98AMUJd_YLGEQ0nPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cb:39:f2:df:c2:13:e2:02:3d:79:60:44:e4:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f71b99831d44b0bf7c00c50977f60b1844349cf2
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df5c0e1da6bd20a81bddead076be71c86b7e9808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:05:81:b6:bc:19:cf:37:ac:80:e0:1b:e6:4b:
                    ce:4e:1e:24:91:ef:11:9a:be:93:2a:1c:34:1a:99:
                    82:63:cd:07:f4:47:77:8f:8e:8c:f2:3f:49:03:82:
                    3c:f5:52:55:23:0d:96:a9:2d:6d:9f:82:35:0f:b7:
                    ba:4d:e8:0d:33:2f:e7:6d:c7:fb:a0:8f:24:0c:7c:
                    b5:46:cd:87:ba:ea:f2:dc:e8:b9:54:64:93:1a:46:
                    a7:61:a1:eb:b7:89:b9:7b:06:f1:97:6f:70:34:8a:
                    d2:d9:06:d7:92:18:59:5f:0a:0d:f7:2e:36:c8:1f:
                    bc:8a:f3:ea:9c:d5:a3:c7:5e:f4:51:1a:ba:3d:08:
                    44:37:5b:a3:fa:88:a9:71:ef:02:5f:9b:0a:79:4b:
                    9d:55:44:43:1f:3a:2e:df:b5:94:22:65:e0:ba:85:
                    b5:64:96:30:dd:80:fc:e8:db:21:6b:79:c5:ed:7a:
                    f6:63:40:30:95:de:26:b4:bd:6e:ce:01:fa:b1:c6:
                    d1:0c:b1:47:d3:9d:83:4d:4c:68:d9:bf:1e:48:28:
                    8e:b0:33:e5:27:d4:66:41:a1:7f:c4:c5:5d:81:5f:
                    37:09:4e:2f:7a:cc:9f:ff:d1:87:4b:0d:b4:b7:8b:
                    ac:5e:ed:b6:4c:41:17:21:14:f3:05:0c:74:14:9e:
                    82:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5C:0E:1D:A6:BD:20:A8:1B:DD:EA:D0:76:BE:71:C8:6B:7E:98:08
            X509v3 Authority Key Identifier:
                keyid:F7:1B:99:83:1D:44:B0:BF:7C:00:C5:09:77:F6:0B:18:44:34:9C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9xuZgx1EsL98AMUJd_YLGEQ0nPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/31wOHaa9IKgb3erQdr5xyGt-mAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6e6175-635a-4cc6-94ed-0dcf45a5af3d/1/9xuZgx1EsL98AMUJd_YLGEQ0nPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:95:8a:b7:86:4a:2e:d1:64:22:2d:15:c7:22:a4:c9:e9:88:
         37:af:5a:37:2c:6d:3e:bb:eb:b0:9c:b3:d8:8e:19:12:68:cf:
         ab:ef:3d:2e:ff:3e:5f:ca:18:09:93:c4:3a:6a:40:05:82:d3:
         6a:55:9f:ea:88:e0:d0:55:a8:4d:17:1a:04:94:e2:3e:0d:47:
         c4:8f:e0:b7:cd:a2:41:0d:ad:51:57:79:1e:76:a0:b8:6b:6b:
         d4:e2:e9:eb:31:3d:ae:10:cd:41:a0:13:3b:97:d6:8d:c4:6c:
         34:a9:f3:36:8c:24:67:90:ea:db:07:f7:81:2a:f6:27:6f:d8:
         33:a5:86:1f:df:88:15:a7:fc:bb:a4:86:7e:f4:9b:d0:a2:71:
         ff:fa:fb:89:7b:c0:0b:7b:15:b4:69:ab:86:63:97:a7:0c:3c:
         e4:45:fd:b9:ad:e8:cc:18:c6:30:19:fa:97:9e:0f:07:73:3c:
         a3:70:9e:e9:b3:94:3c:9c:38:c6:76:ac:1d:74:72:da:18:ca:
         aa:f5:bd:a4:25:c3:da:dc:7d:36:9c:35:e1:e8:a9:e5:fb:76:
         72:d9:fa:37:03:a4:f4:fc:65:11:54:b1:f3:9e:6d:78:b1:00:
         7b:d6:e2:ce:8a:94:43:ff:d3:76:5a:fe:25:fa:c1:de:90:0a:
         42:9f:88:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMs58t/CE+ICPXlgROQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MWI5OTgzMWQ0NGIwYmY3YzAwYzUwOTc3ZjYwYjE4NDQz
NDljZjIwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjVjMGUxZGE2YmQyMGE4MWJkZGVhZDA3NmJlNzFjODZiN2U5ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgWBtrwZzzesgOAb5kvOTh4kke8R
mr6TKhw0GpmCY80H9Ed3j46M8j9JA4I89VJVIw2WqS1tn4I1D7e6TegNMy/nbcf7
oI8kDHy1Rs2Huury3Oi5VGSTGkanYaHrt4m5ewbxl29wNIrS2QbXkhhZXwoN9y42
yB+8ivPqnNWjx170URq6PQhEN1uj+oipce8CX5sKeUudVURDHzou37WUImXguoW1
ZJYw3YD86Nsha3nF7Xr2Y0Awld4mtL1uzgH6scbRDLFH052DTUxo2b8eSCiOsDPl
J9RmQaF/xMVdgV83CU4vesyf/9GHSw20t4usXu22TEEXIRTzBQx0FJ6CAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9cDh2mvSCoG93q0Ha+cchrfpgIMB8GA1UdIwQY
MBaAFPcbmYMdRLC/fADFCXf2CxhENJzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXh1Wmd4MUVzTDk4QU1VSmRfWUxHRVEwblBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC82ZTYxNzUtNjM1YS00Y2M2LTk0ZWQt
MGRjZjQ1YTVhZjNkLzEvMzF3T0hhYTlJS2diM2VyUWRyNXh5R3QtbUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC82ZTYxNzUtNjM1YS00Y2M2LTk0ZWQtMGRjZjQ1YTVhZjNk
LzEvOXh1Wmd4MUVzTDk4QU1VSmRfWUxHRVEwblBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGyMA0G
CSqGSIb3DQEBCwUAA4IBAQB/lYq3hkou0WQiLRXHIqTJ6Yg3r1o3LG0+u+uwnLPY
jhkSaM+r7z0u/z5fyhgJk8Q6akAFgtNqVZ/qiODQVahNFxoElOI+DUfEj+C3zaJB
Da1RV3kedqC4a2vU4unrMT2uEM1BoBM7l9aNxGw0qfM2jCRnkOrbB/eBKvYnb9gz
pYYf34gVp/y7pIZ+9JvQonH/+vuJe8ALexW0aauGY5enDDzkRf25rejMGMYwGfqX
ng8HczyjcJ7ps5Q8nDjGdqwddHLaGMqq9b2kJcPa3H02nDXh6Knl+3Zy2fo3A6T0
/GURVLHznm14sQB71uLOipRD/9N2Wv4l+sHekApCn4gM
-----END CERTIFICATE-----