Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/mHtunJsTbs2qTgrF6kxmVKYwdbU.roa
File:                     mHtunJsTbs2qTgrF6kxmVKYwdbU.roa (raw, json)
Hash identifier:          jNDm4nfXA+Xvzbi7XzMwIklCkx1aJ7TimEff8Lix7bI=
Subject key identifier:   98:7B:6E:9C:9B:13:6E:CD:AA:4E:0A:C5:EA:4C:66:54:A6:30:75:B5
Certificate issuer:       /CN=a939cc1621ee3010ae98e127bd254a7833fd2827
Certificate serial:       01912CF8BD5E78295B2998EAAA370B64DE00
Authority key identifier: A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/mHtunJsTbs2qTgrF6kxmVKYwdbU.roa
Signing time:             Wed 07 Aug 2024 13:13:04 +0000
ROA not before:           Wed 07 Aug 2024 13:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42489
IP address blocks:        31.133.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:f8:bd:5e:78:29:5b:29:98:ea:aa:37:0b:64:de:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a939cc1621ee3010ae98e127bd254a7833fd2827
        Validity
            Not Before: Aug  7 13:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=987b6e9c9b136ecdaa4e0ac5ea4c6654a63075b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:96:79:99:57:87:c7:91:ee:74:b9:b6:2f:66:
                    6f:5a:eb:6c:6b:cf:9e:ee:f9:10:69:22:d2:92:6f:
                    28:86:24:e4:aa:0b:ea:4c:9b:9a:cf:45:b3:68:b8:
                    c1:51:30:62:44:45:c0:4b:9b:89:7c:dd:ed:2e:66:
                    ea:c3:73:be:a6:3a:1c:69:09:35:12:f6:9d:2e:1a:
                    a2:5e:2a:d0:34:e7:f5:24:22:eb:94:a1:41:2a:3c:
                    e1:17:3a:c9:a9:3d:5c:0d:74:1c:f2:6f:b9:3e:cc:
                    1c:25:cc:04:51:cf:9e:ac:18:0b:44:73:9a:bc:4d:
                    56:6d:a6:ec:cb:ea:6e:0e:90:61:4d:78:1c:23:cd:
                    d3:82:88:a0:a2:d1:4b:e5:be:be:8c:50:28:fe:22:
                    28:9b:7a:c0:2f:51:53:ae:96:19:71:8c:f6:33:b9:
                    3c:7c:7e:15:4d:6c:5c:e6:31:b3:68:01:c9:c1:1d:
                    b3:b8:04:ee:7a:2c:a9:c6:33:f0:9b:bc:a9:30:ee:
                    f9:f5:b5:d7:72:ce:94:ce:58:e0:3f:a8:c1:50:e6:
                    76:bd:54:78:6f:db:8e:08:15:bc:bf:29:2f:58:16:
                    ca:83:a7:f1:d6:28:ff:35:ba:d0:a4:4e:7b:e4:20:
                    11:d6:ec:b4:d1:14:c3:0d:d4:1b:4a:86:a1:c0:2a:
                    30:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:7B:6E:9C:9B:13:6E:CD:AA:4E:0A:C5:EA:4C:66:54:A6:30:75:B5
            X509v3 Authority Key Identifier:
                keyid:A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/mHtunJsTbs2qTgrF6kxmVKYwdbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:c7:26:05:42:73:4f:c0:37:e8:80:88:2e:44:74:78:13:58:
         d2:bd:d2:6e:7d:da:1a:c1:4f:67:e5:31:56:79:85:d7:f6:ff:
         0e:23:8f:aa:77:e7:89:ab:de:25:b4:d7:4b:01:e2:e0:da:a3:
         fb:41:12:b3:a1:a5:03:57:2e:09:e6:11:97:92:e0:1a:b5:e6:
         c4:50:51:16:ad:09:b6:d1:d2:9a:d1:a9:0a:02:98:09:75:dc:
         6f:da:c8:a8:25:7a:0a:94:12:e2:c7:b6:39:fc:c3:6f:0a:4e:
         d4:b1:dd:c3:08:9e:1a:63:43:27:9a:9e:bb:c9:b8:54:0f:94:
         d3:c9:51:05:ac:f1:49:67:ef:48:46:91:43:83:8b:e0:26:0a:
         c9:b4:54:72:4f:3e:13:09:cc:98:36:c1:1d:f4:b6:20:e4:22:
         99:b4:fd:f9:f3:ad:54:61:9d:d0:50:23:f5:d4:42:70:c4:d2:
         80:0e:e6:cf:df:30:d6:ee:66:58:e0:7f:fd:0f:54:9c:fb:95:
         15:6e:5b:f7:fb:c0:71:48:72:82:05:86:2f:ad:0b:f7:e3:2b:
         4b:1b:99:18:f9:a8:71:eb:6d:5d:79:82:e2:73:65:cc:d3:e0:
         c4:55:2b:52:95:13:c7:84:60:3d:72:57:76:82:f8:9a:97:81:
         9b:f9:ad:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEs+L1eeClbKZjqqjcLZN4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzljYzE2MjFlZTMwMTBhZTk4ZTEyN2JkMjU0YTc4MzNm
ZDI4MjcwHhcNMjQwODA3MTMxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODdiNmU5YzliMTM2ZWNkYWE0ZTBhYzVlYTRjNjY1NGE2MzA3NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopZ5mVeHx5HudLm2L2ZvWutsa8+e
7vkQaSLSkm8ohiTkqgvqTJuaz0WzaLjBUTBiREXAS5uJfN3tLmbqw3O+pjocaQk1
EvadLhqiXirQNOf1JCLrlKFBKjzhFzrJqT1cDXQc8m+5PswcJcwEUc+erBgLRHOa
vE1Wbabsy+puDpBhTXgcI83TgoigotFL5b6+jFAo/iIom3rAL1FTrpYZcYz2M7k8
fH4VTWxc5jGzaAHJwR2zuATueiypxjPwm7ypMO759bXXcs6UzljgP6jBUOZ2vVR4
b9uOCBW8vykvWBbKg6fx1ij/NbrQpE575CAR1uy00RTDDdQbSoahwCowCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJh7bpybE27Nqk4KxepMZlSmMHW1MB8GA1UdIwQY
MBaAFKk5zBYh7jAQrpjhJ70lSngz/SgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYt
YjA2MTk0ZDEzYzZiLzEvbUh0dW5Kc1RiczJxVGdyRjZreG1WS1l3ZGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYtYjA2MTk0ZDEzYzZi
LzEvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4V0MA0G
CSqGSIb3DQEBCwUAA4IBAQCexyYFQnNPwDfogIguRHR4E1jSvdJufdoawU9n5TFW
eYXX9v8OI4+qd+eJq94ltNdLAeLg2qP7QRKzoaUDVy4J5hGXkuAatebEUFEWrQm2
0dKa0akKApgJddxv2sioJXoKlBLix7Y5/MNvCk7Usd3DCJ4aY0Mnmp67ybhUD5TT
yVEFrPFJZ+9IRpFDg4vgJgrJtFRyTz4TCcyYNsEd9LYg5CKZtP35861UYZ3QUCP1
1EJwxNKADubP3zDW7mZY4H/9D1Sc+5UVblv3+8BxSHKCBYYvrQv34ytLG5kY+ahx
621deYLic2XM0+DEVStSlRPHhGA9cld2gvial4Gb+a37
-----END CERTIFICATE-----