Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FJucU2anko9z-qPnoBbUJfH-vMQ.roa
File:                     FJucU2anko9z-qPnoBbUJfH-vMQ.roa (raw, json)
Hash identifier:          kT1ZrGofF3MISRzrXt4wsvwqw+uxiMmZmcwzVt1+TSE=
Subject key identifier:   14:9B:9C:53:66:A7:92:8F:73:FA:A3:E7:A0:16:D4:25:F1:FE:BC:C4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B92A65289382065BE7F1C8AEBA7E8
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FJucU2anko9z-qPnoBbUJfH-vMQ.roa
Signing time:             Mon 01 Jan 2024 18:31:30 +0000
ROA not before:           Mon 01 Jan 2024 18:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202385
IP address blocks:        85.31.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:92:a6:52:89:38:20:65:be:7f:1c:8a:eb:a7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=149b9c5366a7928f73faa3e7a016d425f1febcc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e0:02:38:99:a0:c4:92:15:05:fc:06:cc:41:
                    a4:c2:bd:82:f5:ca:c1:f2:40:9f:84:58:b5:53:6c:
                    85:ab:c1:2a:03:0f:d5:62:ff:6b:e0:dd:71:5f:e4:
                    1f:29:34:fb:4e:86:fe:5b:f2:92:8e:d2:69:f3:7a:
                    99:22:af:8b:d6:cd:d0:a5:ce:a2:b6:34:bb:4d:af:
                    b3:53:b8:c8:f2:49:50:df:a6:e4:8e:38:0a:86:75:
                    33:31:60:9c:88:0f:2c:94:40:bf:90:e2:ee:fa:92:
                    8a:ac:64:fa:2c:78:96:8b:10:15:b9:09:97:48:34:
                    2e:6e:f4:60:b0:45:47:10:96:d7:a1:a6:30:c9:0c:
                    0a:0c:31:48:21:36:65:df:38:23:d5:6b:b7:54:a7:
                    f9:e5:21:f7:df:a5:f4:3a:45:f4:6f:f3:84:0e:3e:
                    24:25:3e:c9:30:31:2e:d7:9e:33:2a:77:5c:65:4d:
                    c7:06:3e:04:7b:ee:71:51:a3:22:d5:ce:f9:fe:5a:
                    7f:62:de:b1:bd:e1:b7:01:63:74:37:86:90:c1:cf:
                    fa:70:34:de:c4:1f:eb:0b:bc:1b:6a:1f:35:d7:12:
                    66:d2:07:40:82:56:d3:c1:37:d5:a7:37:89:1e:bf:
                    a1:54:8e:aa:5a:c2:e3:38:e6:dc:e7:5f:33:7f:ca:
                    d5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:9B:9C:53:66:A7:92:8F:73:FA:A3:E7:A0:16:D4:25:F1:FE:BC:C4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FJucU2anko9z-qPnoBbUJfH-vMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:2f:a6:00:8f:d8:c9:b7:4c:ce:ce:b0:88:f0:ea:52:52:d8:
         8c:80:c9:81:bd:13:ad:67:6c:21:9d:93:88:c5:3b:58:42:65:
         8c:e6:16:92:fb:f3:9e:f4:c0:ba:bf:ce:30:6c:b1:a8:e4:8e:
         4b:52:6d:b0:9c:ad:fa:43:f3:7a:2f:46:11:cf:08:62:fb:14:
         fe:be:ca:6c:ef:30:8a:2d:02:33:d1:c9:10:a5:5b:0d:68:46:
         da:45:0c:7a:70:0d:6c:63:69:8d:c4:e9:eb:5a:0a:48:b8:a5:
         0a:59:92:02:e3:fe:5e:8d:89:c9:19:cc:f7:e4:c7:41:92:4a:
         98:02:e0:0f:eb:7f:ea:1d:d5:f0:db:ad:2d:d8:50:52:35:c8:
         61:66:47:61:9c:11:c4:de:06:f2:df:7b:53:2a:d8:8b:e0:f1:
         ce:97:fa:ce:c4:a0:85:a4:21:e3:88:b8:a3:9d:b6:84:f0:af:
         b4:40:15:6c:be:5e:a2:99:5d:5c:d0:9b:64:6c:7e:65:c5:4d:
         67:8c:91:9f:e6:41:03:14:80:d8:f5:9d:47:91:ac:37:73:6c:
         b7:74:28:6b:d3:2f:d6:f1:7f:77:e3:90:f7:37:7e:2f:76:cf:
         67:7b:0e:b1:ad:06:5c:82:da:51:2d:80:a5:07:9a:61:bb:d9:
         1a:14:41:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5KmUok4IGW+fxyK66foMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDliOWM1MzY2YTc5MjhmNzNmYWEzZTdhMDE2ZDQyNWYxZmViY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5eACOJmgxJIVBfwGzEGkwr2C9crB
8kCfhFi1U2yFq8EqAw/VYv9r4N1xX+QfKTT7Tob+W/KSjtJp83qZIq+L1s3Qpc6i
tjS7Ta+zU7jI8klQ36bkjjgKhnUzMWCciA8slEC/kOLu+pKKrGT6LHiWixAVuQmX
SDQubvRgsEVHEJbXoaYwyQwKDDFIITZl3zgj1Wu3VKf55SH336X0OkX0b/OEDj4k
JT7JMDEu154zKndcZU3HBj4Ee+5xUaMi1c75/lp/Yt6xveG3AWN0N4aQwc/6cDTe
xB/rC7wbah811xJm0gdAglbTwTfVpzeJHr+hVI6qWsLjOObc518zf8rV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSbnFNmp5KPc/qj56AW1CXx/rzEMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvRkp1Y1UyYW5rbzl6LXFQbm9CYlVKZkgtdk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/wMA0G
CSqGSIb3DQEBCwUAA4IBAQBmL6YAj9jJt0zOzrCI8OpSUtiMgMmBvROtZ2whnZOI
xTtYQmWM5haS+/Oe9MC6v84wbLGo5I5LUm2wnK36Q/N6L0YRzwhi+xT+vsps7zCK
LQIz0ckQpVsNaEbaRQx6cA1sY2mNxOnrWgpIuKUKWZIC4/5ejYnJGcz35MdBkkqY
AuAP63/qHdXw260t2FBSNchhZkdhnBHE3gby33tTKtiL4PHOl/rOxKCFpCHjiLij
nbaE8K+0QBVsvl6imV1c0JtkbH5lxU1njJGf5kEDFIDY9Z1Hkaw3c2y3dChr0y/W
8X9345D3N34vds9new6xrQZcgtpRLYClB5phu9kaFEES
-----END CERTIFICATE-----