Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/z1oyfJ-FfqA9-g9GdLXjhgBnRbM.roa
File:                     z1oyfJ-FfqA9-g9GdLXjhgBnRbM.roa (raw, json)
Hash identifier:          2LuBMOLGdtab6FPhJbtpfR2uzoEXTmQTfGRS8FBHa9I=
Subject key identifier:   CF:5A:32:7C:9F:85:7E:A0:3D:FA:0F:46:74:B5:E3:86:00:67:45:B3
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018F4D5796736537DB326CB9E91A9E0E8FDA
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/z1oyfJ-FfqA9-g9GdLXjhgBnRbM.roa
Signing time:             Mon 06 May 2024 09:58:56 +0000
ROA not before:           Mon 06 May 2024 09:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        81.31.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:57:96:73:65:37:db:32:6c:b9:e9:1a:9e:0e:8f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: May  6 09:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf5a327c9f857ea03dfa0f4674b5e386006745b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:01:94:bc:2b:df:68:e6:2a:72:4f:19:54:41:
                    b7:c8:98:1e:3c:e7:21:f9:5a:fb:b1:b1:53:37:e6:
                    7b:08:5f:36:f1:2c:1e:ee:f1:10:55:5c:28:1c:3d:
                    b1:8d:de:7f:ba:cb:6e:21:9e:80:d3:d4:d7:3c:d8:
                    6d:7a:a5:74:69:e8:ea:4e:f9:1f:fd:5b:3c:ec:16:
                    e2:de:03:0a:fa:42:ab:4a:72:e7:15:5b:db:45:b7:
                    48:78:09:23:20:84:cc:6d:61:91:aa:20:ec:66:1d:
                    a6:bf:42:b7:95:99:43:67:77:6a:d7:eb:4e:c0:6e:
                    10:74:31:3f:04:4b:e2:82:2c:06:84:23:ef:63:57:
                    2c:96:f7:5b:c3:a4:48:b7:23:50:db:6b:ab:33:31:
                    72:a3:99:8c:6b:3f:ff:1f:fe:4e:c1:08:78:0b:50:
                    e4:06:28:cb:ca:be:6d:67:ba:42:ac:29:42:22:16:
                    af:a1:7b:b1:a3:20:b2:61:c7:6f:1e:71:66:df:7b:
                    f3:8b:b2:5a:19:13:11:1d:84:c1:54:b2:16:cd:af:
                    c9:f7:3f:b7:35:51:f8:0d:9e:05:83:cb:60:d7:65:
                    55:9a:4f:58:34:b0:b2:a7:f1:8c:57:2f:15:17:e2:
                    a7:d8:9b:32:17:dd:f2:26:9c:0f:04:d9:b1:60:f3:
                    6c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5A:32:7C:9F:85:7E:A0:3D:FA:0F:46:74:B5:E3:86:00:67:45:B3
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/z1oyfJ-FfqA9-g9GdLXjhgBnRbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:cb:56:61:62:d3:2f:c8:fe:24:bf:d1:d7:30:49:d7:45:fa:
         18:5d:8a:d1:a9:7f:3b:49:77:9d:30:74:55:62:fb:66:f3:22:
         c3:99:ae:3f:5a:48:1e:56:58:c8:ff:d9:e6:2c:d0:42:c1:5e:
         31:00:b4:62:51:c7:5b:8d:82:24:ea:6d:c0:de:9b:af:1e:55:
         d8:7b:95:4b:46:45:90:f2:51:ba:cb:6d:50:d7:64:d5:04:52:
         cc:a0:f4:d6:84:77:f1:17:0f:68:5e:22:d4:9b:a6:83:fe:92:
         05:ad:79:76:91:5b:9b:c4:f7:06:fe:62:49:79:72:43:9b:23:
         5a:86:5d:c7:4c:f7:68:2f:9e:1a:bc:c2:a2:b6:d4:85:05:b0:
         c1:36:24:d7:73:9b:6e:bc:84:1d:25:1e:46:74:8d:b3:d8:95:
         3c:f6:8b:65:1d:ef:f0:cd:84:3e:88:e9:bb:e1:9f:e5:e6:2f:
         51:e9:fc:09:1f:cb:e7:dc:1c:64:6a:5a:ca:35:c0:38:f4:12:
         71:0c:1d:d1:0f:6e:dc:d4:1a:06:7e:7b:e7:3b:3b:18:57:49:
         66:fd:44:28:c2:dc:0a:d1:82:ab:4a:ac:f7:cc:c2:04:c8:8c:
         7d:61:ce:68:34:da:b3:e7:e5:85:69:d2:7e:57:21:64:dc:48:
         f7:41:a2:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9NV5ZzZTfbMmy56RqeDo/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwNTA2MDk1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVhMzI3YzlmODU3ZWEwM2RmYTBmNDY3NGI1ZTM4NjAwNjc0NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwGUvCvfaOYqck8ZVEG3yJgePOch
+Vr7sbFTN+Z7CF828Swe7vEQVVwoHD2xjd5/ustuIZ6A09TXPNhteqV0aejqTvkf
/Vs87Bbi3gMK+kKrSnLnFVvbRbdIeAkjIITMbWGRqiDsZh2mv0K3lZlDZ3dq1+tO
wG4QdDE/BEvigiwGhCPvY1cslvdbw6RItyNQ22urMzFyo5mMaz//H/5OwQh4C1Dk
BijLyr5tZ7pCrClCIhavoXuxoyCyYcdvHnFm33vzi7JaGRMRHYTBVLIWza/J9z+3
NVH4DZ4Fg8tg12VVmk9YNLCyp/GMVy8VF+Kn2JsyF93yJpwPBNmxYPNsaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9aMnyfhX6gPfoPRnS144YAZ0WzMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvejFveWZKLUZmcUE5LWc5R2RMWGpoZ0JuUmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/rMA0G
CSqGSIb3DQEBCwUAA4IBAQAWy1ZhYtMvyP4kv9HXMEnXRfoYXYrRqX87SXedMHRV
Yvtm8yLDma4/WkgeVljI/9nmLNBCwV4xALRiUcdbjYIk6m3A3puvHlXYe5VLRkWQ
8lG6y21Q12TVBFLMoPTWhHfxFw9oXiLUm6aD/pIFrXl2kVubxPcG/mJJeXJDmyNa
hl3HTPdoL54avMKittSFBbDBNiTXc5tuvIQdJR5GdI2z2JU89otlHe/wzYQ+iOm7
4Z/l5i9R6fwJH8vn3BxkalrKNcA49BJxDB3RD27c1BoGfnvnOzsYV0lm/UQowtwK
0YKrSqz3zMIEyIx9Yc5oNNqz5+WFadJ+VyFk3Ej3QaLZ
-----END CERTIFICATE-----