Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dWZE1eLtzP2l_Rg4UJ9Lfhb95SM.roa
File:                     dWZE1eLtzP2l_Rg4UJ9Lfhb95SM.roa (raw, json)
Hash identifier:          fsyKi9WbBke68zmhXyQZSpO0yX1CIe2SOTSzhKFLvdY=
Subject key identifier:   75:66:44:D5:E2:ED:CC:FD:A5:FD:18:38:50:9F:4B:7E:16:FD:E5:23
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB6AF71D90613592D69B0B7FA233FA
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dWZE1eLtzP2l_Rg4UJ9Lfhb95SM.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        31.12.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:6a:f7:1d:90:61:35:92:d6:9b:0b:7f:a2:33:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=756644d5e2edccfda5fd1838509f4b7e16fde523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1b:8d:d1:6f:5c:25:6e:da:35:d4:36:c4:15:
                    b0:ea:de:93:83:01:52:17:1f:49:9d:e5:cd:e7:3d:
                    e9:13:fa:28:88:1a:4b:de:2f:ef:e8:76:0c:33:da:
                    41:d9:c6:c8:68:93:c3:9e:9f:21:fd:7d:b4:09:01:
                    1c:1d:c9:21:5a:90:8e:2c:9e:a6:c3:a6:54:bf:a2:
                    5b:f4:3f:e1:f3:0a:73:c1:80:86:bd:9e:47:29:5f:
                    23:ce:81:83:36:ab:18:ca:80:fe:80:45:8f:21:2c:
                    f3:64:93:89:59:0c:c6:22:f7:f9:f0:d0:12:5b:d1:
                    ca:f3:8f:1a:57:bb:05:a4:69:e9:9e:c2:cf:d4:fe:
                    a9:f0:a3:fb:95:1e:52:f4:47:c6:19:aa:0f:99:08:
                    13:c8:ac:ef:8d:b2:d1:a5:87:77:3e:15:26:bb:1e:
                    b7:1a:bb:7d:79:d2:9e:3a:8f:aa:d7:b6:d3:2a:a0:
                    26:02:6a:ea:cd:ca:0f:48:75:d5:0b:42:70:53:38:
                    de:cc:02:f3:40:89:41:69:cd:00:e9:dd:cd:c4:c1:
                    51:ab:84:7a:54:e7:0b:cc:50:45:e0:79:ba:45:68:
                    46:17:8c:19:d0:4f:22:f5:b8:da:a0:c1:41:65:25:
                    b7:47:58:1e:c0:ae:e9:d8:aa:d0:a2:28:0b:cb:3d:
                    54:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:66:44:D5:E2:ED:CC:FD:A5:FD:18:38:50:9F:4B:7E:16:FD:E5:23
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dWZE1eLtzP2l_Rg4UJ9Lfhb95SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:56:be:cf:55:0f:68:b4:1b:95:d7:ea:09:64:b5:6d:7f:0c:
         fd:f9:e0:93:d0:56:c5:51:fa:92:ba:c6:40:51:75:04:3b:03:
         36:c8:b2:26:63:c7:e2:56:59:e8:2e:76:7c:21:f5:57:c8:a8:
         3e:c7:ab:0b:96:fb:71:43:65:53:91:41:dc:64:1f:00:c9:45:
         9e:42:32:d1:70:fe:3b:f6:c0:fa:9d:d1:10:e1:99:66:7e:0d:
         97:ae:bb:0a:23:92:5c:54:49:ef:2c:95:e8:eb:df:bd:24:27:
         bc:29:42:b9:e3:30:d5:d3:1c:72:24:d0:db:e7:ef:a5:74:1d:
         cf:50:90:54:a5:1e:e4:e2:66:d8:0b:b9:16:94:12:e3:50:b2:
         6d:b7:22:60:8c:96:d5:cd:0a:4c:8f:90:c2:a1:82:b3:01:d0:
         14:9c:22:62:af:a9:1e:1d:81:9a:a8:c1:6b:33:a5:b4:dd:6f:
         3f:3f:61:b5:fc:e4:6f:4c:3a:43:12:ef:2e:86:6f:55:fb:a8:
         0a:ac:d1:1f:76:9c:f8:3c:d0:22:f2:6f:c3:f5:1d:59:0e:e4:
         bd:8b:1d:7e:d9:5c:2e:55:5e:46:03:61:b9:11:cc:36:f6:b5:
         ae:00:5d:e9:61:e4:5b:19:e9:ed:17:9a:a4:d4:b7:a3:0e:4f:
         8e:9a:b6:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22r3HZBhNZLWmwt/ojP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTY2NDRkNWUyZWRjY2ZkYTVmZDE4Mzg1MDlmNGI3ZTE2ZmRlNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxuN0W9cJW7aNdQ2xBWw6t6TgwFS
Fx9JneXN5z3pE/ooiBpL3i/v6HYMM9pB2cbIaJPDnp8h/X20CQEcHckhWpCOLJ6m
w6ZUv6Jb9D/h8wpzwYCGvZ5HKV8jzoGDNqsYyoD+gEWPISzzZJOJWQzGIvf58NAS
W9HK848aV7sFpGnpnsLP1P6p8KP7lR5S9EfGGaoPmQgTyKzvjbLRpYd3PhUmux63
Grt9edKeOo+q17bTKqAmAmrqzcoPSHXVC0JwUzjezALzQIlBac0A6d3NxMFRq4R6
VOcLzFBF4Hm6RWhGF4wZ0E8i9bjaoMFBZSW3R1gewK7p2KrQoigLyz1U7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVmRNXi7cz9pf0YOFCfS34W/eUjMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvZFdaRTFlTHR6UDJsX1JnNFVKOUxmaGI5NVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwxLMA0G
CSqGSIb3DQEBCwUAA4IBAQAlVr7PVQ9otBuV1+oJZLVtfwz9+eCT0FbFUfqSusZA
UXUEOwM2yLImY8fiVlnoLnZ8IfVXyKg+x6sLlvtxQ2VTkUHcZB8AyUWeQjLRcP47
9sD6ndEQ4Zlmfg2XrrsKI5JcVEnvLJXo69+9JCe8KUK54zDV0xxyJNDb5++ldB3P
UJBUpR7k4mbYC7kWlBLjULJttyJgjJbVzQpMj5DCoYKzAdAUnCJir6keHYGaqMFr
M6W03W8/P2G1/ORvTDpDEu8uhm9V+6gKrNEfdpz4PNAi8m/D9R1ZDuS9ix1+2Vwu
VV5GA2G5Ecw29rWuAF3pYeRbGentF5qk1LejDk+Omrbn
-----END CERTIFICATE-----