Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/K94-vq4RMPIrCF-JpwKle15QiRY.roa
File:                     K94-vq4RMPIrCF-JpwKle15QiRY.roa (raw, json)
Hash identifier:          TKwI1NFZi9YHQwZVi8oV6jQ7Dykjn6bFxbZvf9sCIzg=
Subject key identifier:   2B:DE:3E:BE:AE:11:30:F2:2B:08:5F:89:A7:02:A5:7B:5E:50:89:16
Certificate issuer:       /CN=1e80c5a70a236384054f3584915092c41714eed7
Certificate serial:       018CC424BBBBE5069A5F2BFC2BB819BFC92C
Authority key identifier: 1E:80:C5:A7:0A:23:63:84:05:4F:35:84:91:50:92:C4:17:14:EE:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/K94-vq4RMPIrCF-JpwKle15QiRY.roa
Signing time:             Mon 01 Jan 2024 08:29:50 +0000
ROA not before:           Mon 01 Jan 2024 08:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56624
IP address blocks:        31.133.8.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:bb:bb:e5:06:9a:5f:2b:fc:2b:b8:19:bf:c9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e80c5a70a236384054f3584915092c41714eed7
        Validity
            Not Before: Jan  1 08:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bde3ebeae1130f22b085f89a702a57b5e508916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c6:b5:77:a2:ef:57:7a:c1:ba:dd:0b:e6:8f:
                    a9:99:9e:3f:1d:90:d5:ca:cb:4c:78:f6:82:62:07:
                    e9:f2:62:de:c5:7a:61:ef:dc:25:a2:3c:1d:83:7d:
                    d6:f6:4d:57:8b:c5:96:ca:91:d9:c7:f7:d5:9e:47:
                    69:10:8b:86:b1:b4:c0:70:32:b2:a5:01:b5:30:f3:
                    f1:31:84:2a:44:36:69:44:14:2c:26:6e:fe:c9:08:
                    5d:31:b0:f8:dd:72:35:fe:e4:6d:9e:66:4f:fd:47:
                    c3:31:bd:46:e9:05:26:f4:fc:69:88:8b:c9:f1:d0:
                    35:10:7c:a1:78:db:d9:f1:89:5e:99:0c:38:b0:2f:
                    c3:8a:1a:e7:c7:a7:c6:f0:e7:e5:9e:c2:6f:d0:d3:
                    34:7e:bd:ad:c9:e8:fe:67:c5:d9:f4:86:44:4a:0e:
                    d2:38:5a:9e:f8:5f:8d:e2:d7:74:a6:a6:c2:39:7d:
                    fd:ee:f8:be:7c:ef:0a:49:63:86:eb:07:e9:80:0b:
                    79:f1:6f:23:68:80:09:72:78:91:7a:6d:6f:0a:23:
                    ad:75:04:47:a2:d5:3d:ce:04:bf:96:2d:50:28:12:
                    26:12:1c:c6:f0:89:6f:66:f4:6f:e3:5c:de:02:9d:
                    21:b2:66:fb:f1:5e:34:bb:d0:35:45:0e:1a:ee:77:
                    57:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:DE:3E:BE:AE:11:30:F2:2B:08:5F:89:A7:02:A5:7B:5E:50:89:16
            X509v3 Authority Key Identifier:
                keyid:1E:80:C5:A7:0A:23:63:84:05:4F:35:84:91:50:92:C4:17:14:EE:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/K94-vq4RMPIrCF-JpwKle15QiRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:c3:f0:6d:13:14:6a:41:8a:0c:d7:c3:5e:47:e5:31:8b:7d:
         e9:f3:8b:61:db:90:29:64:39:fc:6a:f6:5e:bc:48:06:e9:30:
         e0:98:73:78:c3:44:c7:4b:91:eb:45:77:d5:3b:10:d0:70:4b:
         1d:f9:2c:66:fc:a3:95:79:f6:d1:3d:aa:cc:8e:fb:fa:b1:94:
         3f:d6:f8:eb:c1:e2:bb:f2:3f:97:83:9a:04:23:ea:31:57:10:
         ea:8b:b8:8d:d0:ea:16:f6:d3:dc:9a:24:be:fd:73:68:71:59:
         16:a9:32:e1:04:29:2f:45:d4:cb:1d:55:9a:f3:ef:77:8b:4d:
         99:63:6d:de:2f:6b:20:bc:ba:5f:30:03:ef:a7:f4:85:5b:d4:
         18:13:d8:62:fe:46:83:b7:76:b0:49:49:e9:f2:9c:03:f4:d1:
         f3:b7:e7:8d:ff:f4:41:54:40:5c:a6:db:9b:1a:46:76:36:ad:
         db:54:26:f8:0a:e2:b9:1e:5f:34:8a:cf:11:a8:6e:5f:f3:d2:
         92:d3:43:5e:9a:89:eb:23:a9:88:24:24:3c:65:00:c5:a3:8e:
         69:11:f0:8a:00:da:2e:4d:2a:82:6f:8d:d7:65:81:77:0c:a8:
         f1:4c:1f:f6:90:56:1a:96:1f:6f:a0:32:c5:ed:ac:12:8e:df:
         42:27:3b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJLu75QaaXyv8K7gZv8ksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlODBjNWE3MGEyMzYzODQwNTRmMzU4NDkxNTA5MmM0MTcx
NGVlZDcwHhcNMjQwMTAxMDgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmRlM2ViZWFlMTEzMGYyMmIwODVmODlhNzAyYTU3YjVlNTA4OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8a1d6LvV3rBut0L5o+pmZ4/HZDV
ystMePaCYgfp8mLexXph79wlojwdg33W9k1Xi8WWypHZx/fVnkdpEIuGsbTAcDKy
pQG1MPPxMYQqRDZpRBQsJm7+yQhdMbD43XI1/uRtnmZP/UfDMb1G6QUm9PxpiIvJ
8dA1EHyheNvZ8YlemQw4sC/Dihrnx6fG8OflnsJv0NM0fr2tyej+Z8XZ9IZESg7S
OFqe+F+N4td0pqbCOX397vi+fO8KSWOG6wfpgAt58W8jaIAJcniRem1vCiOtdQRH
otU9zgS/li1QKBImEhzG8IlvZvRv41zeAp0hsmb78V40u9A1RQ4a7ndXAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvePr6uETDyKwhfiacCpXteUIkWMB8GA1UdIwQY
MBaAFB6AxacKI2OEBU81hJFQksQXFO7XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG9ERnB3b2pZNFFGVHpXRWtWQ1N4QmNVN3RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jZmNiMDktMGY1MC00ZjFiLTg3M2Ut
NjYxNjMxYmJhOTUzLzEvSzk0LXZxNFJNUElyQ0YtSnB3S2xlMTVRaVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jZmNiMDktMGY1MC00ZjFiLTg3M2UtNjYxNjMxYmJhOTUz
LzEvSG9ERnB3b2pZNFFGVHpXRWtWQ1N4QmNVN3RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4UIMA0G
CSqGSIb3DQEBCwUAA4IBAQBZw/BtExRqQYoM18NeR+Uxi33p84th25ApZDn8avZe
vEgG6TDgmHN4w0THS5HrRXfVOxDQcEsd+Sxm/KOVefbRParMjvv6sZQ/1vjrweK7
8j+Xg5oEI+oxVxDqi7iN0OoW9tPcmiS+/XNocVkWqTLhBCkvRdTLHVWa8+93i02Z
Y23eL2sgvLpfMAPvp/SFW9QYE9hi/kaDt3awSUnp8pwD9NHzt+eN//RBVEBcptub
GkZ2Nq3bVCb4CuK5Hl80is8RqG5f89KS00NemonrI6mIJCQ8ZQDFo45pEfCKANou
TSqCb43XZYF3DKjxTB/2kFYalh9voDLF7awSjt9CJzt9
-----END CERTIFICATE-----