Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/K2WduAB8Qmxufjz1pyVmP-krdrQ.roa
File:                     K2WduAB8Qmxufjz1pyVmP-krdrQ.roa (raw, json)
Hash identifier:          KhZSy57mRWsd2ivcH++N/zH+g6hXgWH3VU3XC2OyE9U=
Subject key identifier:   2B:65:9D:B8:00:7C:42:6C:6E:7E:3C:F5:A7:25:66:3F:E9:2B:76:B4
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       018CC6B7A5695D7FF3876C82E7AA45524349
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/K2WduAB8Qmxufjz1pyVmP-krdrQ.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64199
IP address blocks:        31.25.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a5:69:5d:7f:f3:87:6c:82:e7:aa:45:52:43:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b659db8007c426c6e7e3cf5a725663fe92b76b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:31:b8:27:eb:6d:b3:37:cc:47:67:0e:9b:ab:
                    d3:d4:ee:59:4f:6a:4e:5b:20:cc:01:49:7c:1a:77:
                    3b:72:f7:aa:a4:5f:3b:c9:97:11:f7:51:de:0f:7c:
                    cc:2b:6e:ff:81:60:50:29:32:f6:d1:0d:ea:9a:7e:
                    e9:b9:33:e2:5b:d2:76:94:bd:6e:9b:e6:68:05:3d:
                    7a:bf:24:b1:ef:ac:b4:0c:70:c0:4d:ed:2f:c4:51:
                    f4:91:d6:f2:1e:77:0f:a6:7e:1d:ef:5c:b1:67:9d:
                    8f:03:77:68:3a:f7:5f:b8:ec:a5:7f:f1:9f:56:8a:
                    0e:63:8b:6c:54:3c:e9:11:90:ae:ae:da:53:f6:e9:
                    ab:74:bb:76:0a:de:5a:30:c7:6b:a4:3d:37:f2:64:
                    d6:ef:60:fb:ec:b8:3e:29:14:ab:a9:d4:ef:c7:55:
                    f9:c1:47:ce:10:a8:e0:96:13:00:a7:4b:54:d6:a2:
                    26:9e:d7:bc:f1:53:87:c7:1b:8a:25:da:f4:96:cc:
                    d0:6d:32:b0:23:ee:74:4d:9d:e8:19:06:a3:d4:7e:
                    1c:af:36:89:ce:f3:ad:51:19:80:5e:44:1a:f5:dc:
                    ff:1f:cc:e4:af:5f:8c:77:b7:46:87:71:59:34:ff:
                    06:6f:3a:70:c6:7a:ce:c5:29:93:a4:d5:62:7f:0c:
                    41:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:65:9D:B8:00:7C:42:6C:6E:7E:3C:F5:A7:25:66:3F:E9:2B:76:B4
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/K2WduAB8Qmxufjz1pyVmP-krdrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:90:dd:fb:e5:75:b7:2b:be:4d:52:66:10:a0:27:c4:c8:b1:
         96:41:b6:c9:73:53:ac:36:f4:f9:ff:43:e4:9d:e9:bc:a3:58:
         00:c9:2f:dc:f6:9b:37:38:00:1c:28:9a:2f:8e:4b:3a:19:1b:
         04:66:9e:47:e3:a2:54:0a:e7:6c:56:91:cb:8a:41:fe:a8:57:
         f9:1f:1e:31:aa:a3:59:dd:f5:dc:bd:1c:23:eb:07:fb:f1:c2:
         78:9f:02:80:0e:70:61:69:14:6b:38:5f:b8:db:12:a0:06:75:
         57:3d:e4:df:fb:d8:92:e6:5f:81:51:59:11:0c:64:4c:26:13:
         c0:7b:f7:26:f8:30:1c:44:29:14:87:96:e8:6b:4d:fe:fd:20:
         47:c3:8d:a8:11:e3:bb:cb:21:59:68:a4:6a:9f:e0:53:a8:6e:
         39:73:5c:1c:2b:f4:a9:98:8f:b7:a8:97:96:7f:86:cf:eb:dc:
         e2:d6:32:98:4b:cc:2a:86:13:9a:67:bc:70:68:03:8f:d8:1c:
         a5:15:e4:03:78:44:61:8d:cc:83:17:65:00:2a:28:5f:94:8b:
         58:e9:96:9f:41:19:31:b8:c4:11:1f:da:5d:d8:50:be:09:79:
         08:e7:6b:d5:fd:9b:ba:2d:76:81:ce:65:d7:19:22:19:3b:4d:
         79:20:d0:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6VpXX/zh2yC56pFUkNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY1OWRiODAwN2M0MjZjNmU3ZTNjZjVhNzI1NjYzZmU5MmI3NmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjG4J+ttszfMR2cOm6vT1O5ZT2pO
WyDMAUl8Gnc7cveqpF87yZcR91HeD3zMK27/gWBQKTL20Q3qmn7puTPiW9J2lL1u
m+ZoBT16vySx76y0DHDATe0vxFH0kdbyHncPpn4d71yxZ52PA3doOvdfuOylf/Gf
VooOY4tsVDzpEZCurtpT9umrdLt2Ct5aMMdrpD038mTW72D77Lg+KRSrqdTvx1X5
wUfOEKjglhMAp0tU1qImnte88VOHxxuKJdr0lszQbTKwI+50TZ3oGQaj1H4crzaJ
zvOtURmAXkQa9dz/H8zkr1+Md7dGh3FZNP8GbzpwxnrOxSmTpNVifwxBmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtlnbgAfEJsbn489aclZj/pK3a0MB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvSzJXZHVBQjhRbXh1Zmp6MXB5Vm1QLWtyZHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxkLMA0G
CSqGSIb3DQEBCwUAA4IBAQCakN375XW3K75NUmYQoCfEyLGWQbbJc1OsNvT5/0Pk
nem8o1gAyS/c9ps3OAAcKJovjks6GRsEZp5H46JUCudsVpHLikH+qFf5Hx4xqqNZ
3fXcvRwj6wf78cJ4nwKADnBhaRRrOF+42xKgBnVXPeTf+9iS5l+BUVkRDGRMJhPA
e/cm+DAcRCkUh5boa03+/SBHw42oEeO7yyFZaKRqn+BTqG45c1wcK/SpmI+3qJeW
f4bP69zi1jKYS8wqhhOaZ7xwaAOP2BylFeQDeERhjcyDF2UAKihflItY6ZafQRkx
uMQRH9pd2FC+CXkI52vV/Zu6LXaBzmXXGSIZO015IND7
-----END CERTIFICATE-----