Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/I1fJe3Pc2rRhGcthHzXHtQbZfV0.roa
File:                     I1fJe3Pc2rRhGcthHzXHtQbZfV0.roa (raw, json)
Hash identifier:          pTmiXolYnY1TgsTrOdz1Sb9mp3e8zbXuKgJKh4dmIZI=
Subject key identifier:   23:57:C9:7B:73:DC:DA:B4:61:19:CB:61:1F:35:C7:B5:06:D9:7D:5D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8F18BFFFAB278BC977164A8FA38F
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/I1fJe3Pc2rRhGcthHzXHtQbZfV0.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200670
IP address blocks:        85.31.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8f:18:bf:ff:ab:27:8b:c9:77:16:4a:8f:a3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2357c97b73dcdab46119cb611f35c7b506d97d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:99:d2:ec:26:c3:62:d3:28:7a:e0:a4:91:47:
                    bd:8c:71:1e:d5:53:0a:40:4d:17:b9:f3:1a:f5:cf:
                    5b:eb:6c:86:3f:af:e4:e8:41:16:ab:34:a7:5b:68:
                    76:b1:2f:c0:c7:6d:1c:57:b4:0f:e2:dd:f3:16:fe:
                    a9:e9:10:ed:a8:b7:91:63:3e:88:c5:40:00:2c:5b:
                    80:87:00:69:50:ae:c5:56:68:26:1d:4b:b2:46:4f:
                    53:d3:7b:1c:64:af:df:d8:1e:53:dd:30:94:c6:79:
                    69:af:c7:33:94:28:e1:68:d0:be:eb:36:a8:94:dd:
                    98:d9:50:f4:13:29:3e:33:38:fd:8a:43:82:e2:9a:
                    23:fd:bf:1b:e0:12:fb:6d:a2:7c:4f:8a:b7:80:07:
                    e2:8b:0a:df:7f:6b:ce:a3:f7:f0:ce:60:38:03:31:
                    69:42:e4:b6:f3:62:fc:f9:65:79:c5:9e:43:4c:a0:
                    97:f1:1c:25:22:f5:55:d6:30:ea:28:7b:67:73:b0:
                    ce:6d:13:13:8c:d7:bb:f7:22:44:0d:c3:3f:6d:27:
                    da:6f:44:a1:e2:a3:54:ab:cb:15:0b:e0:e0:f5:d7:
                    54:93:8d:cd:7b:49:e3:5c:78:9f:c1:66:a0:e4:6f:
                    66:03:4f:0e:6f:12:8b:58:9c:62:37:5e:9a:bb:2a:
                    9e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:57:C9:7B:73:DC:DA:B4:61:19:CB:61:1F:35:C7:B5:06:D9:7D:5D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/I1fJe3Pc2rRhGcthHzXHtQbZfV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:be:42:e2:73:08:4f:c5:99:df:89:e8:d0:ff:4d:07:85:03:
         f9:f0:a2:9f:54:de:5b:8a:7b:70:56:35:f0:c8:da:a5:6b:02:
         8c:23:27:0a:23:be:ce:aa:98:0c:36:55:87:19:64:da:06:22:
         6b:74:7c:a7:d5:70:e4:09:ff:2c:93:a2:2d:1f:55:20:74:82:
         2f:ce:00:b4:6c:98:6e:7c:06:ca:97:1a:36:8f:d3:d9:73:2a:
         4a:69:f1:d8:f1:c1:8e:4b:39:f1:59:03:b5:2a:f9:0d:56:52:
         40:97:ab:ac:8b:3a:2b:a5:56:99:9f:20:3d:87:44:60:84:1a:
         3c:7e:53:28:8d:73:2f:f8:86:bf:4f:e9:94:fb:6d:e9:cc:a6:
         a7:8c:c6:a6:b4:f4:54:79:2c:be:3b:70:80:bb:5e:08:6d:4c:
         d9:4e:12:03:b1:69:4e:53:37:51:43:9d:8d:79:e6:49:86:f0:
         4a:89:72:97:14:a9:bc:44:70:67:88:26:a7:c2:7b:07:50:de:
         84:fb:cf:b6:04:03:08:09:31:40:1e:31:f8:ca:ff:61:a4:f3:
         ec:40:dc:d6:ae:70:71:5e:da:59:69:ca:4b:f2:68:16:2e:79:
         93:4b:81:55:7f:91:37:98:51:81:5c:e1:3b:0f:ce:7c:9f:3c:
         79:17:a9:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS48Yv/+rJ4vJdxZKj6OPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU3Yzk3YjczZGNkYWI0NjExOWNiNjExZjM1YzdiNTA2ZDk3ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZnS7CbDYtMoeuCkkUe9jHEe1VMK
QE0XufMa9c9b62yGP6/k6EEWqzSnW2h2sS/Ax20cV7QP4t3zFv6p6RDtqLeRYz6I
xUAALFuAhwBpUK7FVmgmHUuyRk9T03scZK/f2B5T3TCUxnlpr8czlCjhaNC+6zao
lN2Y2VD0Eyk+Mzj9ikOC4poj/b8b4BL7baJ8T4q3gAfiiwrff2vOo/fwzmA4AzFp
QuS282L8+WV5xZ5DTKCX8RwlIvVV1jDqKHtnc7DObRMTjNe79yJEDcM/bSfab0Sh
4qNUq8sVC+Dg9ddUk43Ne0njXHifwWag5G9mA08ObxKLWJxiN16auyqe9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNXyXtz3Nq0YRnLYR81x7UG2X1dMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvSTFmSmUzUGMyclJoR2N0aEh6WEh0UWJaZlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/zMA0G
CSqGSIb3DQEBCwUAA4IBAQAsvkLicwhPxZnfiejQ/00HhQP58KKfVN5bintwVjXw
yNqlawKMIycKI77OqpgMNlWHGWTaBiJrdHyn1XDkCf8sk6ItH1UgdIIvzgC0bJhu
fAbKlxo2j9PZcypKafHY8cGOSznxWQO1KvkNVlJAl6usizorpVaZnyA9h0RghBo8
flMojXMv+Ia/T+mU+23pzKanjMamtPRUeSy+O3CAu14IbUzZThIDsWlOUzdRQ52N
eeZJhvBKiXKXFKm8RHBniCanwnsHUN6E+8+2BAMICTFAHjH4yv9hpPPsQNzWrnBx
XtpZacpL8mgWLnmTS4FVf5E3mFGBXOE7D858nzx5F6mb
-----END CERTIFICATE-----