Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/cNZFORuYvUhzGIR57-c5eqMSyzY.roa
File:                     cNZFORuYvUhzGIR57-c5eqMSyzY.roa (raw, json)
Hash identifier:          FvuCKPP8mbnZTXRa7oafYpdKuEYx8KFnC0y+dzc3T2w=
Subject key identifier:   70:D6:45:39:1B:98:BD:48:73:18:84:79:EF:E7:39:7A:A3:12:CB:36
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018F96C37B5E9ED10EAA43AFC5A11892D0CB
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/cNZFORuYvUhzGIR57-c5eqMSyzY.roa
Signing time:             Mon 20 May 2024 16:09:04 +0000
ROA not before:           Mon 20 May 2024 16:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        31.193.240.0/22 maxlen: 24
                          31.193.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:c3:7b:5e:9e:d1:0e:aa:43:af:c5:a1:18:92:d0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: May 20 16:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70d645391b98bd4873188479efe7397aa312cb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:74:03:fa:d7:ef:3e:63:de:0b:f0:67:9b:
                    8e:69:b4:5a:63:0f:6c:a8:85:e3:e9:6e:60:7e:78:
                    23:97:0c:a2:01:74:ab:ad:d0:24:de:02:cc:d6:9d:
                    ce:7d:a3:c2:44:0c:3b:4a:30:0d:e4:f2:f8:4f:2f:
                    17:cc:e4:e9:0c:01:43:4b:db:61:8c:d3:0d:9f:a3:
                    ff:b1:4e:db:90:d6:5f:9b:1e:57:1d:7e:d9:5c:65:
                    b2:05:70:51:39:1f:b1:a4:fb:4d:4b:06:f2:59:06:
                    5f:0d:d7:24:6b:b4:61:7b:9e:d1:83:05:5b:3c:23:
                    e5:e3:be:03:c2:37:36:c9:47:8e:69:e9:23:2c:6b:
                    e0:ea:3c:0f:74:b3:be:23:8b:b4:26:e7:c8:65:56:
                    43:93:43:79:c2:dc:5f:ad:5a:15:83:4f:87:34:c9:
                    59:66:c4:3d:13:87:f3:f8:b2:a6:60:3c:dd:15:bf:
                    0c:fa:07:b1:93:57:44:68:90:79:3a:1a:dd:d2:c6:
                    ad:61:72:d9:85:0d:12:33:7b:b3:3c:d7:90:80:f6:
                    d7:4a:5f:3e:62:98:32:88:21:dd:46:17:67:e2:37:
                    1f:40:cf:7a:22:fa:93:79:41:97:ed:75:5d:0e:9b:
                    cf:d2:13:9c:b2:bb:0f:09:40:55:60:39:10:32:1f:
                    ad:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D6:45:39:1B:98:BD:48:73:18:84:79:EF:E7:39:7A:A3:12:CB:36
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/cNZFORuYvUhzGIR57-c5eqMSyzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:75:ab:47:4e:a9:a9:db:a3:fe:88:dc:c3:a5:ee:27:97:c6:
         e0:bd:44:f4:b2:40:45:e3:31:70:12:bf:0b:85:55:1b:40:8d:
         53:b3:fd:05:8f:44:de:66:db:90:04:3c:a4:53:d2:4c:29:5f:
         e0:d9:3d:1e:3e:0d:7c:52:73:1f:f3:98:ce:65:71:69:ca:8e:
         0f:1f:eb:91:d8:e2:b3:f0:63:a3:3d:c5:7a:82:1d:91:ef:6d:
         cc:2e:9f:be:fd:f2:b4:c3:25:8a:fe:cd:d4:9b:79:3e:5a:c1:
         70:8a:ad:a3:d0:16:d3:3e:55:69:1d:01:21:bb:a5:90:40:09:
         9d:3d:18:84:2b:94:ea:3d:b9:dc:67:61:b2:a8:09:21:94:6d:
         c7:90:8a:fd:22:64:13:5e:68:ac:6d:33:84:d7:bd:8c:8a:b9:
         01:7e:19:96:3b:c1:45:0e:e0:b9:6a:0c:87:d4:55:0b:0a:ab:
         f4:52:23:48:ab:b2:db:48:f4:8e:f9:de:f4:97:a4:60:b2:e9:
         68:48:44:8c:02:27:bd:7c:1b:0b:b7:c7:a1:41:37:ff:6d:08:
         48:7d:e3:1c:4c:9f:3c:cc:57:b4:e4:a2:bb:3e:80:4c:a5:94:
         18:c7:6f:28:87:ef:c2:66:0e:e5:9d:7f:38:54:e9:2e:c8:9d:
         d0:fb:f7:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+Ww3tentEOqkOvxaEYktDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwNTIwMTYwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ2NDUzOTFiOThiZDQ4NzMxODg0NzllZmU3Mzk3YWEzMTJjYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXx0A/rX7z5j3gvwZ5uOabRaYw9s
qIXj6W5gfngjlwyiAXSrrdAk3gLM1p3OfaPCRAw7SjAN5PL4Ty8XzOTpDAFDS9th
jNMNn6P/sU7bkNZfmx5XHX7ZXGWyBXBROR+xpPtNSwbyWQZfDdcka7Rhe57RgwVb
PCPl474Dwjc2yUeOaekjLGvg6jwPdLO+I4u0JufIZVZDk0N5wtxfrVoVg0+HNMlZ
ZsQ9E4fz+LKmYDzdFb8M+gexk1dEaJB5Ohrd0satYXLZhQ0SM3uzPNeQgPbXSl8+
YpgyiCHdRhdn4jcfQM96IvqTeUGX7XVdDpvP0hOcsrsPCUBVYDkQMh+tRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDWRTkbmL1IcxiEee/nOXqjEss2MB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvY05aRk9SdVl2VWh6R0lSNTctYzVlcU1TeXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH8HwMA0G
CSqGSIb3DQEBCwUAA4IBAQAjdatHTqmp26P+iNzDpe4nl8bgvUT0skBF4zFwEr8L
hVUbQI1Ts/0Fj0TeZtuQBDykU9JMKV/g2T0ePg18UnMf85jOZXFpyo4PH+uR2OKz
8GOjPcV6gh2R723MLp++/fK0wyWK/s3Um3k+WsFwiq2j0BbTPlVpHQEhu6WQQAmd
PRiEK5TqPbncZ2GyqAkhlG3HkIr9ImQTXmisbTOE172MirkBfhmWO8FFDuC5agyH
1FULCqv0UiNIq7LbSPSO+d70l6RgsuloSESMAie9fBsLt8ehQTf/bQhIfeMcTJ88
zFe05KK7PoBMpZQYx28oh+/CZg7lnX84VOkuyJ3Q+/fe
-----END CERTIFICATE-----