Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/T9enhqzdG5yQEOgWkABkrQAk6M8.roa
File:                     T9enhqzdG5yQEOgWkABkrQAk6M8.roa (raw, json)
Hash identifier:          SxiuxM/I8FF8zreMQuHoAzLYfdJRNYC8zGUE4C2+MUg=
Subject key identifier:   4F:D7:A7:86:AC:DD:1B:9C:90:10:E8:16:90:00:64:AD:00:24:E8:CF
Certificate issuer:       /CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Certificate serial:       019425FC6867D65581917E355A7A5F3F7B71
Authority key identifier: 44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/T9enhqzdG5yQEOgWkABkrQAk6M8.roa
Signing time:             Thu 02 Jan 2025 07:48:06 +0000
ROA not before:           Thu 02 Jan 2025 07:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56716
IP address blocks:        31.129.236.0/22 maxlen: 22
                          31.129.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:68:67:d6:55:81:91:7e:35:5a:7a:5f:3f:7b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
        Validity
            Not Before: Jan  2 07:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fd7a786acdd1b9c9010e816900064ad0024e8cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5f:7b:9f:51:0d:94:e1:a1:54:74:bf:3f:b8:
                    5d:13:f1:75:5a:fb:04:e6:2b:b7:91:cd:33:5c:2b:
                    03:d4:c0:cd:57:f9:3a:e2:03:45:63:81:9a:8e:ee:
                    72:b6:a4:46:58:f3:dc:e3:d4:a9:5d:44:cb:98:f7:
                    00:75:42:0a:ab:08:34:81:5d:70:69:ae:69:e3:d7:
                    82:88:f1:76:fd:ca:1d:00:3b:f8:19:fd:5e:53:42:
                    96:14:9d:20:52:df:0d:24:5b:47:c6:49:16:6d:a3:
                    27:dc:16:a1:06:9e:94:06:eb:09:f9:cc:83:90:dc:
                    8c:34:5e:78:8d:15:8a:69:e3:3a:d9:17:62:d6:94:
                    a0:3a:60:44:05:94:ff:5d:d8:e0:39:eb:42:b1:12:
                    7f:c6:b9:0d:f4:5b:a6:cd:10:e6:d4:52:3a:d7:9f:
                    e4:22:99:f3:82:30:87:8a:05:05:cf:d5:fa:5e:1e:
                    da:c8:0a:24:91:e1:6e:26:9f:5a:7c:ea:9f:c9:5c:
                    fb:91:a7:c4:d4:31:81:af:40:ac:01:33:4e:4b:7d:
                    68:5d:7d:ea:96:95:a5:42:51:42:51:2d:99:4a:15:
                    9b:54:ed:a8:76:14:79:fa:e4:a9:f8:19:3a:b3:f9:
                    86:0a:29:19:73:02:8a:ef:ed:38:d6:e2:c3:80:0d:
                    9b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D7:A7:86:AC:DD:1B:9C:90:10:E8:16:90:00:64:AD:00:24:E8:CF
            X509v3 Authority Key Identifier:
                keyid:44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/T9enhqzdG5yQEOgWkABkrQAk6M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.236.0-31.129.243.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:57:65:d3:87:e8:b3:3f:91:47:ad:9e:bd:21:8f:77:0d:e9:
         96:fe:8b:c6:44:4f:a5:9f:40:7c:3a:34:da:df:b3:44:6c:ff:
         7a:38:19:76:23:44:36:38:de:cc:cc:2b:b4:b0:18:8b:e8:60:
         03:87:e0:7b:e2:3c:f4:c2:ec:e1:f0:ef:83:a6:84:27:19:f5:
         4e:de:22:f6:75:4a:d5:42:da:f2:68:b8:db:ef:b1:62:36:85:
         52:9c:4f:b9:b6:9f:fa:d2:39:26:e0:7b:76:ad:58:19:0e:9c:
         c8:03:a9:f2:76:20:6a:8e:54:79:60:45:d3:05:3b:f1:04:d3:
         e0:12:dd:d8:49:78:2a:16:a6:5f:6e:ac:a9:27:bd:bd:1d:e3:
         5d:10:59:e2:18:f9:ac:f2:34:62:77:02:dd:1f:38:98:f0:ac:
         06:56:51:2f:ee:3a:60:63:23:ec:a9:89:de:61:fe:a1:af:55:
         f2:04:d7:18:36:62:4c:8d:d6:8a:4e:54:e4:d6:57:33:50:6b:
         3f:92:cf:ee:ea:16:81:da:c5:23:7b:71:60:77:89:5f:77:a2:
         e5:2e:1b:7f:39:b3:75:1b:49:bc:24:f6:66:e2:a8:7e:be:56:
         99:87:80:93:03:94:9a:e1:60:21:b0:d5:83:cd:3e:7f:58:8c:
         e5:6b:c7:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQl/Ghn1lWBkX41WnpfP3txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDRjN2MzYWQzNGI2OTc3ZmExOGEyMjM3Y2EzMDZiOWJl
ZTA4ZTAwHhcNMjUwMTAyMDc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQ3YTc4NmFjZGQxYjljOTAxMGU4MTY5MDAwNjRhZDAwMjRlOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0l97n1ENlOGhVHS/P7hdE/F1WvsE
5iu3kc0zXCsD1MDNV/k64gNFY4Gaju5ytqRGWPPc49SpXUTLmPcAdUIKqwg0gV1w
aa5p49eCiPF2/codADv4Gf1eU0KWFJ0gUt8NJFtHxkkWbaMn3BahBp6UBusJ+cyD
kNyMNF54jRWKaeM62Rdi1pSgOmBEBZT/XdjgOetCsRJ/xrkN9FumzRDm1FI615/k
IpnzgjCHigUFz9X6Xh7ayAokkeFuJp9afOqfyVz7kafE1DGBr0CsATNOS31oXX3q
lpWlQlFCUS2ZShWbVO2odhR5+uSp+Bk6s/mGCikZcwKK7+041uLDgA2bkQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE/Xp4as3RuckBDoFpAAZK0AJOjPMB8GA1UdIwQY
MBaAFEREx8OtNLaXf6GKIjfKMGub7gjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEt
ODYzYzliM2QzMmIwLzEvVDllbmhxemRHNXlRRU9nV2tBQmtyUUFrNk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEtODYzYzliM2QzMmIw
LzEvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIfgewD
BAIfgfAwDQYJKoZIhvcNAQELBQADggEBAJpXZdOH6LM/kUetnr0hj3cN6Zb+i8ZE
T6WfQHw6NNrfs0Rs/3o4GXYjRDY43szMK7SwGIvoYAOH4HviPPTC7OHw74OmhCcZ
9U7eIvZ1StVC2vJouNvvsWI2hVKcT7m2n/rSOSbge3atWBkOnMgDqfJ2IGqOVHlg
RdMFO/EE0+AS3dhJeCoWpl9urKknvb0d410QWeIY+azyNGJ3At0fOJjwrAZWUS/u
OmBjI+ypid5h/qGvVfIE1xg2YkyN1opOVOTWVzNQaz+Sz+7qFoHaxSN7cWB3iV93
ouUuG385s3UbSbwk9mbiqH6+VpmHgJMDlJrhYCGw1YPNPn9YjOVrx8E=
-----END CERTIFICATE-----