Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/0olqnyOo0nUVh1ilCqapAJXTxGo.roa
File:                     0olqnyOo0nUVh1ilCqapAJXTxGo.roa (raw, json)
Hash identifier:          QbTOs16h4O3NAsC3Tw1vvuOWffwH1LUoNZ7NKT8DzBo=
Subject key identifier:   D2:89:6A:9F:23:A8:D2:75:15:87:58:A5:0A:A6:A9:00:95:D3:C4:6A
Certificate issuer:       /CN=8d9f4e82dba8023999efbdad34b271a1f4892e9e
Certificate serial:       0191D67C109DA8CD0AC3710C1932FD761E89
Authority key identifier: 8D:9F:4E:82:DB:A8:02:39:99:EF:BD:AD:34:B2:71:A1:F4:89:2E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/0olqnyOo0nUVh1ilCqapAJXTxGo.roa
Signing time:             Mon 09 Sep 2024 11:12:20 +0000
ROA not before:           Mon 09 Sep 2024 11:12:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35299
IP address blocks:        85.31.136.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:7c:10:9d:a8:cd:0a:c3:71:0c:19:32:fd:76:1e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d9f4e82dba8023999efbdad34b271a1f4892e9e
        Validity
            Not Before: Sep  9 11:12:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2896a9f23a8d275158758a50aa6a90095d3c46a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:1c:a7:25:c0:2c:eb:7d:9b:78:68:df:30:
                    0e:91:5c:b4:f9:64:a6:f5:c7:0c:94:bc:ec:31:36:
                    7d:5b:3c:07:2f:1c:55:05:05:ae:b9:c7:8b:1f:d0:
                    54:e7:da:de:0b:41:f2:1f:9e:78:b2:c1:ee:52:ee:
                    94:49:5f:09:9f:93:43:43:60:c9:06:f6:0b:21:93:
                    60:72:e3:c3:07:85:33:42:c1:36:6c:54:8c:9b:b0:
                    06:35:1c:a0:db:bb:a6:84:78:90:45:45:ae:f4:32:
                    9e:c6:fe:9f:6b:01:9e:59:c1:d1:c1:95:c3:88:15:
                    67:4d:93:ca:dc:ac:ba:52:5c:f7:80:74:81:41:0c:
                    90:2c:d7:1a:83:1e:0d:5b:14:37:5b:2f:c1:af:3c:
                    f9:0b:bb:4b:af:19:4b:26:04:f1:71:38:24:16:67:
                    ba:81:91:42:ca:6f:a4:c6:81:b6:83:bd:04:7a:39:
                    24:91:b0:ab:20:66:49:a9:79:d4:dc:6a:34:05:4c:
                    11:14:ac:94:39:b0:97:1c:ab:1b:26:d6:4f:9a:a1:
                    15:2e:37:9f:4f:90:f5:f6:f1:75:76:68:32:b6:e8:
                    e3:17:58:6e:cb:ec:07:ae:54:83:59:da:09:8f:65:
                    93:b1:44:e5:f8:46:ec:e0:53:5b:57:24:b5:f4:75:
                    4c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:89:6A:9F:23:A8:D2:75:15:87:58:A5:0A:A6:A9:00:95:D3:C4:6A
            X509v3 Authority Key Identifier:
                keyid:8D:9F:4E:82:DB:A8:02:39:99:EF:BD:AD:34:B2:71:A1:F4:89:2E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/0olqnyOo0nUVh1ilCqapAJXTxGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:bc:4c:7a:3d:29:95:33:36:8c:fd:17:ab:e9:0c:b7:04:d8:
         bc:b7:01:cd:2f:ae:b3:f4:4f:ea:82:90:e8:ca:86:b7:a5:50:
         1f:cc:dd:e1:3a:66:a6:a8:63:c2:9a:ba:1c:56:3b:1d:de:72:
         33:8a:35:5d:38:d5:73:3f:81:f9:f7:43:f2:57:b4:3e:47:c0:
         c4:1c:b3:29:89:c7:b7:de:18:a3:2f:b2:a4:2c:d3:0a:3b:cc:
         e8:16:3f:4f:a6:93:86:88:9a:c0:8f:4f:4b:15:1c:52:f4:3b:
         17:e0:c1:18:4c:33:4e:c2:ce:39:0f:c6:1e:4b:ff:a3:2e:2e:
         b0:4b:73:6b:e0:fa:07:13:88:40:44:04:27:cd:62:5a:11:0b:
         25:ed:a4:76:72:c0:76:33:ee:73:a3:d5:e6:d7:22:4e:eb:91:
         0c:4c:19:a5:3c:ce:b4:46:c6:4d:3b:3d:aa:5d:3b:59:98:cc:
         24:0a:07:bd:a5:66:2b:48:70:08:0c:d0:a6:5f:e4:c2:02:3c:
         ad:2c:03:35:39:ea:02:ca:29:ef:af:68:40:54:c6:49:32:96:
         8f:8d:85:ea:b9:22:88:09:a6:b1:58:9e:71:33:c2:15:c1:8c:
         e6:51:5e:b0:3f:e9:6d:14:15:24:36:0e:80:1b:3a:09:29:cf:
         bb:2b:24:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHWfBCdqM0Kw3EMGTL9dh6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkOWY0ZTgyZGJhODAyMzk5OWVmYmRhZDM0YjI3MWExZjQ4
OTJlOWUwHhcNMjQwOTA5MTExMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg5NmE5ZjIzYThkMjc1MTU4NzU4YTUwYWE2YTkwMDk1ZDNjNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhocpyXALOt9m3ho3zAOkVy0+WSm
9ccMlLzsMTZ9WzwHLxxVBQWuuceLH9BU59reC0HyH554ssHuUu6USV8Jn5NDQ2DJ
BvYLIZNgcuPDB4UzQsE2bFSMm7AGNRyg27umhHiQRUWu9DKexv6fawGeWcHRwZXD
iBVnTZPK3Ky6Ulz3gHSBQQyQLNcagx4NWxQ3Wy/Brzz5C7tLrxlLJgTxcTgkFme6
gZFCym+kxoG2g70EejkkkbCrIGZJqXnU3Go0BUwRFKyUObCXHKsbJtZPmqEVLjef
T5D19vF1dmgytujjF1huy+wHrlSDWdoJj2WTsUTl+Ebs4FNbVyS19HVMPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKJap8jqNJ1FYdYpQqmqQCV08RqMB8GA1UdIwQY
MBaAFI2fToLbqAI5me+9rTSycaH0iS6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalo5T2d0dW9Bam1aNzcydE5MSnhvZlNKTHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hNjY0OTEtZmZiMC00YTQyLWJhMTMt
ZmJkOWZlYjBmMTNjLzEvMG9scW55T28wblVWaDFpbENxYXBBSlhUeEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hNjY0OTEtZmZiMC00YTQyLWJhMTMtZmJkOWZlYjBmMTNj
LzEvalo5T2d0dW9Bam1aNzcydE5MSnhvZlNKTHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVR+IMA0G
CSqGSIb3DQEBCwUAA4IBAQCtvEx6PSmVMzaM/Rer6Qy3BNi8twHNL66z9E/qgpDo
yoa3pVAfzN3hOmamqGPCmrocVjsd3nIzijVdONVzP4H590PyV7Q+R8DEHLMpice3
3hijL7KkLNMKO8zoFj9PppOGiJrAj09LFRxS9DsX4MEYTDNOws45D8YeS/+jLi6w
S3Nr4PoHE4hARAQnzWJaEQsl7aR2csB2M+5zo9Xm1yJO65EMTBmlPM60RsZNOz2q
XTtZmMwkCge9pWYrSHAIDNCmX+TCAjytLAM1OeoCyinvr2hAVMZJMpaPjYXquSKI
CaaxWJ5xM8IVwYzmUV6wP+ltFBUkNg6AGzoJKc+7KyQ5
-----END CERTIFICATE-----