Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/N0fmsl61H2fdseJD22Bni4CrmHE.roa
File:                     N0fmsl61H2fdseJD22Bni4CrmHE.roa (raw, json)
Hash identifier:          +lSjE4F+rlb87s7ls6DsV7q3KLZDx4imlhUDSiVJv4s=
Subject key identifier:   37:47:E6:B2:5E:B5:1F:67:DD:B1:E2:43:DB:60:67:8B:80:AB:98:71
Certificate issuer:       /CN=0007534eb77caa836f8f118630164e0236e5fe86
Certificate serial:       018CC9B883D76B1DC45196EF138873638609
Authority key identifier: 00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/N0fmsl61H2fdseJD22Bni4CrmHE.roa
Signing time:             Tue 02 Jan 2024 10:29:21 +0000
ROA not before:           Tue 02 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197960
IP address blocks:        31.135.183.0/24 maxlen: 24
                          31.135.182.0/23 maxlen: 23
                          31.135.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:83:d7:6b:1d:c4:51:96:ef:13:88:73:63:86:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0007534eb77caa836f8f118630164e0236e5fe86
        Validity
            Not Before: Jan  2 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3747e6b25eb51f67ddb1e243db60678b80ab9871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:82:b7:f9:f9:53:fb:47:48:99:60:6a:35:a2:
                    0a:fd:db:c9:fd:79:7b:43:69:ab:94:ed:e7:30:ba:
                    f8:11:2e:a8:89:e5:d7:dd:37:e5:ce:5e:5d:96:2d:
                    b8:e7:9f:06:cc:6a:9c:16:3b:4a:a7:ed:9f:06:23:
                    22:73:e5:a2:b5:51:85:3d:c5:09:f6:e6:ad:63:be:
                    68:a6:ca:4d:80:2b:c2:ad:ad:9e:84:30:ac:dd:8f:
                    f9:ac:cb:c7:0e:cd:7f:d2:ef:3f:24:f5:40:1b:9a:
                    66:b8:88:7b:62:e2:da:9f:a3:c1:77:2a:fc:91:b9:
                    33:92:04:a6:20:89:3b:a8:47:2f:fc:7a:ee:11:62:
                    db:8d:c1:24:c9:f7:d3:88:04:94:f8:9a:84:2d:38:
                    d3:b1:d5:f1:c4:33:84:2e:46:89:be:1b:d7:3f:25:
                    c5:76:c4:13:31:98:43:ea:ba:64:da:0f:98:bb:60:
                    89:2b:47:16:10:40:d8:af:17:ce:96:88:5d:b7:bb:
                    f9:96:8d:48:40:56:a2:4f:ed:45:6c:17:ec:a2:25:
                    4b:ff:fa:19:f9:50:a1:5f:ca:a5:8c:09:6f:f5:bc:
                    b8:0e:8e:1d:d0:c7:7c:ff:80:75:9e:7d:18:f3:92:
                    ad:4c:af:36:94:39:b0:92:ee:cf:b1:2d:24:a6:50:
                    b3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:47:E6:B2:5E:B5:1F:67:DD:B1:E2:43:DB:60:67:8B:80:AB:98:71
            X509v3 Authority Key Identifier:
                keyid:00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/N0fmsl61H2fdseJD22Bni4CrmHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:71:63:3c:c7:fb:86:6b:84:a3:f9:90:63:59:9a:a1:f7:dc:
         7b:85:92:fc:c9:8c:5f:13:28:38:6e:34:17:3b:1e:91:cb:40:
         ae:ca:cf:37:10:f8:36:a7:af:7e:25:b1:42:26:24:ff:a8:7b:
         21:e0:66:d0:33:b5:0c:ff:e8:6b:94:16:85:d5:75:b2:e8:34:
         ec:02:a8:e0:5d:fd:5f:bf:ee:1d:b2:94:c7:82:bf:3d:31:b9:
         45:fd:bd:2e:c6:9e:97:6c:7b:a9:89:bc:f3:2d:5b:f4:04:4f:
         66:52:bf:09:04:a9:5f:34:36:84:8b:a2:d6:b3:08:7b:d7:f3:
         6e:d5:a0:e2:23:62:55:18:4a:ee:6f:0c:2a:93:6e:e3:56:30:
         f2:88:19:87:9a:62:ed:b6:f7:0e:a1:34:f5:24:af:27:9c:a1:
         99:97:ae:a5:2e:fa:36:90:43:cd:38:1c:64:85:9e:2a:5f:d9:
         93:71:ee:bb:3e:0d:21:09:bb:7e:1d:ce:9d:5c:08:0b:77:e6:
         4d:29:4f:1b:d6:49:ee:44:44:1f:1b:4e:fb:b6:58:88:4b:9b:
         9a:c1:e7:a8:48:c4:b2:b6:0c:c3:39:af:3d:63:69:d7:40:77:
         b9:83:2e:42:2f:69:dd:a8:1c:a7:1d:3d:8e:c4:d3:63:3e:c2:
         41:df:11:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuIPXax3EUZbvE4hzY4YJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDc1MzRlYjc3Y2FhODM2ZjhmMTE4NjMwMTY0ZTAyMzZl
NWZlODYwHhcNMjQwMTAyMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ3ZTZiMjVlYjUxZjY3ZGRiMWUyNDNkYjYwNjc4YjgwYWI5ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIK3+flT+0dImWBqNaIK/dvJ/Xl7
Q2mrlO3nMLr4ES6oieXX3Tflzl5dli24558GzGqcFjtKp+2fBiMic+WitVGFPcUJ
9uatY75opspNgCvCra2ehDCs3Y/5rMvHDs1/0u8/JPVAG5pmuIh7YuLan6PBdyr8
kbkzkgSmIIk7qEcv/HruEWLbjcEkyffTiASU+JqELTjTsdXxxDOELkaJvhvXPyXF
dsQTMZhD6rpk2g+Yu2CJK0cWEEDYrxfOlohdt7v5lo1IQFaiT+1FbBfsoiVL//oZ
+VChX8qljAlv9by4Do4d0Md8/4B1nn0Y85KtTK82lDmwku7PsS0kplCz+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdH5rJetR9n3bHiQ9tgZ4uAq5hxMB8GA1UdIwQY
MBaAFAAHU063fKqDb48RhjAWTgI25f6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgt
NmQxYzliMTUzY2YwLzEvTjBmbXNsNjFIMmZkc2VKRDIyQm5pNENybUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgtNmQxYzliMTUzY2Yw
LzEvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4e2MA0G
CSqGSIb3DQEBCwUAA4IBAQC8cWM8x/uGa4Sj+ZBjWZqh99x7hZL8yYxfEyg4bjQX
Ox6Ry0Cuys83EPg2p69+JbFCJiT/qHsh4GbQM7UM/+hrlBaF1XWy6DTsAqjgXf1f
v+4dspTHgr89MblF/b0uxp6XbHupibzzLVv0BE9mUr8JBKlfNDaEi6LWswh71/Nu
1aDiI2JVGErubwwqk27jVjDyiBmHmmLttvcOoTT1JK8nnKGZl66lLvo2kEPNOBxk
hZ4qX9mTce67Pg0hCbt+Hc6dXAgLd+ZNKU8b1knuREQfG077tliIS5uaweeoSMSy
tgzDOa89Y2nXQHe5gy5CL2ndqBynHT2OxNNjPsJB3xF0
-----END CERTIFICATE-----