Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sYRrDNMxYHCXCl-v5ZZlfJ6qZY4.roa
File:                     sYRrDNMxYHCXCl-v5ZZlfJ6qZY4.roa (raw, json)
Hash identifier:          HQ9bDBPGeXLzu9SAwb4tLZEuvWmj+4xAgtehD4gbIgc=
Subject key identifier:   B1:84:6B:0C:D3:31:60:70:97:0A:5F:AF:E5:96:65:7C:9E:AA:65:8E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EADF7FDEA08560C382DE5D9AE9EC73970
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sYRrDNMxYHCXCl-v5ZZlfJ6qZY4.roa
Signing time:             Fri 05 Apr 2024 11:14:54 +0000
ROA not before:           Fri 05 Apr 2024 11:14:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        31.13.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:f7:fd:ea:08:56:0c:38:2d:e5:d9:ae:9e:c7:39:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  5 11:14:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1846b0cd3316070970a5fafe596657c9eaa658e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:1e:7f:d6:0a:5e:48:9d:e4:03:95:f0:30:43:
                    3b:d8:44:cf:9c:2b:30:bd:bf:30:f3:b8:39:90:01:
                    9a:32:7b:a3:ee:cd:0a:d5:46:a4:80:c8:ae:06:3b:
                    1c:75:f5:e3:fe:77:cc:72:0f:5b:1f:93:b2:47:a5:
                    ab:40:89:1a:1c:c8:99:94:c6:6a:77:ac:f4:86:8d:
                    f8:5e:14:83:bf:38:d2:dd:01:61:09:41:8e:00:c6:
                    da:30:1f:51:93:87:4c:a3:27:9e:fd:9c:8a:2f:8a:
                    b5:c4:1e:28:bf:c1:94:16:bc:b8:00:24:0c:59:ae:
                    04:c1:48:20:21:37:d6:e0:fa:5b:b6:04:4e:de:45:
                    e4:44:e7:92:2a:63:0c:b9:5c:fb:b2:52:67:0f:4b:
                    86:57:70:7c:fc:6c:ab:24:0c:df:37:58:b9:6b:ea:
                    f5:62:78:71:7f:f0:d8:2b:fd:e4:f2:3f:8e:7a:0b:
                    3b:c7:a6:53:97:78:ce:e4:b3:dc:f1:8b:8b:7d:c6:
                    b0:94:7f:fc:9e:8e:4e:b3:4b:01:dd:03:bd:f8:16:
                    4d:0e:30:e7:80:2b:30:03:bf:ca:d7:0a:3c:ea:72:
                    e1:1e:76:f5:92:ed:0f:c3:87:ba:3c:47:26:67:67:
                    dc:68:0b:83:25:d1:26:7b:53:20:c9:9b:3e:4f:86:
                    d1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:84:6B:0C:D3:31:60:70:97:0A:5F:AF:E5:96:65:7C:9E:AA:65:8E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sYRrDNMxYHCXCl-v5ZZlfJ6qZY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d1:03:9e:78:fe:9b:51:e6:94:6d:d5:59:76:1b:7a:2a:4f:
         fb:8f:57:c2:3e:64:d5:6d:fa:85:d1:a4:5e:18:d7:7f:9a:83:
         f9:1d:53:f1:1b:6d:7e:e1:d5:fd:0e:77:a8:f3:64:c0:2c:21:
         c5:3a:cc:73:ba:1d:55:30:97:02:76:88:c7:e8:b7:ba:b1:f6:
         a2:08:91:87:21:5d:14:8a:3c:2f:3e:8e:21:67:6e:a7:c3:53:
         7a:8f:14:05:ef:07:15:b3:55:13:92:b0:be:03:5c:93:5a:42:
         82:45:3f:77:1b:91:5d:b5:56:8d:7d:d6:b9:3e:b6:1c:69:95:
         53:21:cb:0d:8f:57:1f:92:59:db:92:62:07:2b:34:ce:e4:da:
         1f:52:11:52:b5:ad:06:0e:82:ba:2f:1f:c6:be:38:d5:0d:98:
         b2:92:8a:3d:fb:55:ef:24:c3:74:c4:78:1e:de:3d:f5:b7:37:
         72:0c:bb:28:4c:a1:a5:64:27:e2:44:fa:d9:c3:b7:33:9e:f8:
         e7:13:6f:fe:bb:f9:7e:55:38:4b:f5:dc:a9:27:a7:6f:03:06:
         c8:93:fc:c8:85:30:b4:85:c4:c3:a7:03:c0:c4:73:e5:6f:85:
         83:e6:21:cb:2b:92:88:61:58:b7:08:b3:b5:4d:56:50:3c:4f:
         e7:e4:2c:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6t9/3qCFYMOC3l2a6exzlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDA1MTExNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTg0NmIwY2QzMzE2MDcwOTcwYTVmYWZlNTk2NjU3YzllYWE2NThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhB5/1gpeSJ3kA5XwMEM72ETPnCsw
vb8w87g5kAGaMnuj7s0K1UakgMiuBjscdfXj/nfMcg9bH5OyR6WrQIkaHMiZlMZq
d6z0ho34XhSDvzjS3QFhCUGOAMbaMB9Rk4dMoyee/ZyKL4q1xB4ov8GUFry4ACQM
Wa4EwUggITfW4PpbtgRO3kXkROeSKmMMuVz7slJnD0uGV3B8/GyrJAzfN1i5a+r1
Ynhxf/DYK/3k8j+Oegs7x6ZTl3jO5LPc8YuLfcawlH/8no5Os0sB3QO9+BZNDjDn
gCswA7/K1wo86nLhHnb1ku0Pw4e6PEcmZ2fcaAuDJdEme1MgyZs+T4bR5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGEawzTMWBwlwpfr+WWZXyeqmWOMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc1lSckROTXhZSENYQ2wtdjVaWmxmSjZxWlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw34MA0G
CSqGSIb3DQEBCwUAA4IBAQBx0QOeeP6bUeaUbdVZdht6Kk/7j1fCPmTVbfqF0aRe
GNd/moP5HVPxG21+4dX9Dneo82TALCHFOsxzuh1VMJcCdojH6Le6sfaiCJGHIV0U
ijwvPo4hZ26nw1N6jxQF7wcVs1UTkrC+A1yTWkKCRT93G5FdtVaNfda5PrYcaZVT
IcsNj1cfklnbkmIHKzTO5NofUhFSta0GDoK6Lx/GvjjVDZiykoo9+1XvJMN0xHge
3j31tzdyDLsoTKGlZCfiRPrZw7cznvjnE2/+u/l+VThL9dypJ6dvAwbIk/zIhTC0
hcTDpwPAxHPlb4WD5iHLK5KIYVi3CLO1TVZQPE/n5CxN
-----END CERTIFICATE-----