Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/yxDoT1wwezQtoqUldfywGSmz5JE.roa
File:                     yxDoT1wwezQtoqUldfywGSmz5JE.roa (raw, json)
Hash identifier:          BZF8fCGDFANSR5ARS9aUPGHRmlhDhWRgvcs3Nf2jpMc=
Subject key identifier:   CB:10:E8:4F:5C:30:7B:34:2D:A2:A5:25:75:FC:B0:19:29:B3:E4:91
Certificate issuer:       /CN=25a89539520004270d34253bdc16d87784156e1a
Certificate serial:       018CC7276620D359F25EE3562D70C2315CE0
Authority key identifier: 25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/yxDoT1wwezQtoqUldfywGSmz5JE.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394923
IP address blocks:        31.210.149.0/24 maxlen: 24
                          31.210.148.0/24 maxlen: 24
                          31.210.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:66:20:d3:59:f2:5e:e3:56:2d:70:c2:31:5c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a89539520004270d34253bdc16d87784156e1a
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb10e84f5c307b342da2a52575fcb01929b3e491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ef:6c:42:28:7b:7c:c8:ad:ee:a5:18:64:92:
                    50:62:98:6a:58:4a:bc:1f:11:4a:25:58:ca:ee:24:
                    89:6b:19:05:65:1f:aa:32:63:fe:99:43:1e:cc:1a:
                    9b:1b:02:48:e0:c6:c6:0f:ff:91:9a:05:1e:d2:30:
                    63:21:ba:db:04:ca:b3:7c:86:e8:ba:68:4e:06:3a:
                    74:ce:40:92:0b:cc:42:97:d7:00:59:6c:66:7a:7c:
                    9f:71:36:87:5b:9f:d8:3e:75:f0:5a:56:46:fe:cc:
                    0d:3a:59:76:86:02:93:a3:4e:6c:10:a0:18:e2:c9:
                    43:ab:86:79:72:a6:08:98:0d:f0:f2:dd:fb:24:02:
                    c3:d1:86:3a:67:a8:99:36:cc:81:7a:72:35:57:e9:
                    e3:79:44:93:5e:af:9a:64:99:ee:96:5e:20:c5:18:
                    43:d0:d8:01:30:bb:57:2e:b8:6f:9b:f7:c3:f5:a8:
                    6a:ad:ed:1b:60:26:9f:06:ac:ea:ca:3e:22:dd:ca:
                    92:c4:4a:17:6f:de:7b:12:4f:ea:17:9c:28:30:e9:
                    c3:9a:56:db:0b:9f:6b:00:72:85:07:28:65:2d:ee:
                    5c:f7:f4:93:b2:0f:de:7c:b1:3f:e0:2e:df:d7:53:
                    d0:42:fd:c7:98:5f:a5:83:69:ef:c8:3b:9a:6d:22:
                    24:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:10:E8:4F:5C:30:7B:34:2D:A2:A5:25:75:FC:B0:19:29:B3:E4:91
            X509v3 Authority Key Identifier:
                keyid:25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/yxDoT1wwezQtoqUldfywGSmz5JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:02:be:36:15:07:e7:5b:5d:27:cd:86:69:a3:b8:56:54:12:
         4a:55:a2:68:00:c6:c4:fa:8c:fe:22:08:8a:37:6d:6d:df:bd:
         de:24:fc:ec:bb:47:74:60:a4:de:2d:61:47:cf:33:f2:38:1f:
         28:21:c1:1e:3a:3d:5b:40:cd:6f:f8:e3:15:2b:83:70:93:18:
         df:ef:0a:4d:6a:0d:27:46:6e:cf:42:e4:ea:38:bb:70:d8:c0:
         66:97:12:99:90:58:de:f6:bb:83:14:74:b6:7e:83:c5:1f:2b:
         5b:59:37:9f:a4:6d:33:0a:7f:f4:df:02:88:e5:30:02:7a:a6:
         0c:d3:c2:c9:e4:5f:7d:11:3f:49:39:c8:63:0c:04:9a:c9:d1:
         f3:fb:38:40:2b:ec:0d:5c:5e:51:af:d3:55:a1:a8:17:a1:fb:
         cf:20:42:b0:ba:59:90:72:67:00:c0:50:63:5e:b7:0b:2f:e7:
         41:83:ae:32:92:c4:b7:49:2a:ac:63:25:e2:72:43:5f:3b:a2:
         1a:80:0e:f7:82:95:fd:ec:9c:d8:e9:bd:a3:cc:a8:dd:56:5c:
         ab:0f:b2:81:b1:1e:d3:57:fc:80:2c:fa:c5:2b:d4:4a:9e:80:
         87:72:d3:f6:d3:d3:79:49:a0:e9:b7:5b:94:ba:b8:03:01:83:
         f1:28:bc:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2Yg01nyXuNWLXDCMVzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg5NTM5NTIwMDA0MjcwZDM0MjUzYmRjMTZkODc3ODQx
NTZlMWEwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjEwZTg0ZjVjMzA3YjM0MmRhMmE1MjU3NWZjYjAxOTI5YjNlNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4e9sQih7fMit7qUYZJJQYphqWEq8
HxFKJVjK7iSJaxkFZR+qMmP+mUMezBqbGwJI4MbGD/+RmgUe0jBjIbrbBMqzfIbo
umhOBjp0zkCSC8xCl9cAWWxmenyfcTaHW5/YPnXwWlZG/swNOll2hgKTo05sEKAY
4slDq4Z5cqYImA3w8t37JALD0YY6Z6iZNsyBenI1V+njeUSTXq+aZJnull4gxRhD
0NgBMLtXLrhvm/fD9ahqre0bYCafBqzqyj4i3cqSxEoXb957Ek/qF5woMOnDmlbb
C59rAHKFByhlLe5c9/STsg/efLE/4C7f11PQQv3HmF+lg2nvyDuabSIkEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsQ6E9cMHs0LaKlJXX8sBkps+SRMB8GA1UdIwQY
MBaAFCWolTlSAAQnDTQlO9wW2HeEFW4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgt
ZDAwNTI2YjkxNjA1LzEveXhEb1Qxd3dlelF0b3FVbGRmeXdHU216NUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgtZDAwNTI2YjkxNjA1
LzEvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH9KUMA0G
CSqGSIb3DQEBCwUAA4IBAQAnAr42FQfnW10nzYZpo7hWVBJKVaJoAMbE+oz+IgiK
N21t373eJPzsu0d0YKTeLWFHzzPyOB8oIcEeOj1bQM1v+OMVK4Nwkxjf7wpNag0n
Rm7PQuTqOLtw2MBmlxKZkFje9ruDFHS2foPFHytbWTefpG0zCn/03wKI5TACeqYM
08LJ5F99ET9JOchjDASaydHz+zhAK+wNXF5Rr9NVoagXofvPIEKwulmQcmcAwFBj
XrcLL+dBg64yksS3SSqsYyXickNfO6IagA73gpX97JzY6b2jzKjdVlyrD7KBsR7T
V/yALPrFK9RKnoCHctP209N5SaDpt1uUurgDAYPxKLzv
-----END CERTIFICATE-----