Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/eJrO2j5Cuvtoak_6mvsdb7c_Jgc.roa
File:                     eJrO2j5Cuvtoak_6mvsdb7c_Jgc.roa (raw, json)
Hash identifier:          JlYdHxpc0NRCdm1GwY/RXvh/xf8oEyPTg6wk1J1xXjc=
Subject key identifier:   78:9A:CE:DA:3E:42:BA:FB:68:6A:4F:FA:9A:FB:1D:6F:B7:3F:26:07
Certificate issuer:       /CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Certificate serial:       018CC424BF9FA5CEE693C1315D541D583474
Authority key identifier: 44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/eJrO2j5Cuvtoak_6mvsdb7c_Jgc.roa
Signing time:             Mon 01 Jan 2024 08:29:51 +0000
ROA not before:           Mon 01 Jan 2024 08:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197501
IP address blocks:        31.129.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:bf:9f:a5:ce:e6:93:c1:31:5d:54:1d:58:34:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
        Validity
            Not Before: Jan  1 08:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=789aceda3e42bafb686a4ffa9afb1d6fb73f2607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:e6:7f:9b:f0:f2:fb:d2:2c:6a:7d:a0:46:
                    e1:f6:40:00:07:b3:0f:c9:be:46:95:32:67:8e:89:
                    fa:6c:4d:6f:af:46:64:47:15:69:86:80:f4:5b:58:
                    34:3b:7a:2c:56:51:f5:01:f3:92:4a:46:4f:fc:09:
                    7b:12:12:56:9f:b8:fc:0f:89:1c:af:f2:d3:fa:aa:
                    ee:9a:6e:7f:4b:6a:60:92:98:ab:0a:f7:4b:1a:a1:
                    7b:3e:35:60:c4:7b:f5:ff:28:98:5a:6c:7e:86:4f:
                    dc:6c:3d:d9:2e:52:e3:97:dc:8f:45:50:ee:1e:81:
                    ca:d1:8a:99:d6:89:4d:f5:05:f7:74:b0:19:b7:9f:
                    40:bc:c7:ac:89:c0:a3:b9:61:64:62:1f:1a:f1:04:
                    f3:ce:9c:38:db:ae:66:7e:cc:28:6a:6a:4f:8e:34:
                    85:b6:6c:6e:5d:a1:9a:cc:75:8b:b3:87:09:fe:d3:
                    cb:a4:17:a6:48:25:c7:f4:fb:be:de:e0:ab:42:14:
                    fe:26:13:b7:56:63:64:92:87:6f:d3:ed:d2:c2:41:
                    ef:28:87:c8:a9:48:3a:4d:27:97:fa:6a:aa:67:25:
                    0b:0f:11:95:29:aa:6c:27:65:a0:96:ce:3e:14:41:
                    65:45:11:ff:61:b8:55:05:30:93:54:6a:2a:bf:02:
                    f7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9A:CE:DA:3E:42:BA:FB:68:6A:4F:FA:9A:FB:1D:6F:B7:3F:26:07
            X509v3 Authority Key Identifier:
                keyid:44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/eJrO2j5Cuvtoak_6mvsdb7c_Jgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:da:d7:0b:d5:00:e5:cb:a8:37:2f:a1:a2:44:97:78:68:4b:
         8c:51:31:97:f1:72:3b:84:9c:59:cc:22:cc:05:5d:9f:75:c0:
         1c:d8:78:63:2e:05:f5:aa:97:90:de:b2:97:84:89:11:5b:30:
         81:53:62:5f:8a:3a:23:9e:c3:99:92:3c:be:b5:d6:97:85:88:
         9f:41:df:f8:28:c9:c9:48:ed:b6:a2:a5:87:18:62:78:cc:71:
         06:0d:60:43:31:5c:0c:b0:8b:44:4a:1d:6c:08:7b:5b:1f:44:
         6c:e5:b8:b3:18:77:c0:ab:cb:89:e6:40:df:03:6e:21:21:6f:
         8b:e9:b7:dc:de:9a:c7:05:ba:40:46:14:8b:c8:62:bf:91:a7:
         0f:2c:8d:22:64:32:34:af:ef:09:21:99:65:af:9f:81:42:32:
         47:61:73:04:df:59:19:e1:e1:51:a7:82:07:9c:5b:71:b1:6d:
         c4:23:5c:cf:bf:83:bb:2b:6b:30:f8:2d:99:4f:c6:9f:d3:84:
         3d:b0:c9:b5:48:c6:15:2d:a3:fc:bc:d9:88:cd:18:b5:eb:40:
         62:17:ea:be:43:2c:4e:ed:24:50:60:69:8c:c3:cd:19:c4:79:
         86:13:ec:75:03:85:f7:7b:ea:69:bc:1d:cc:41:1f:7c:52:94:
         b9:6a:1d:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJL+fpc7mk8ExXVQdWDR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDRjN2MzYWQzNGI2OTc3ZmExOGEyMjM3Y2EzMDZiOWJl
ZTA4ZTAwHhcNMjQwMTAxMDgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODlhY2VkYTNlNDJiYWZiNjg2YTRmZmE5YWZiMWQ2ZmI3M2YyNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnATmf5vw8vvSLGp9oEbh9kAAB7MP
yb5GlTJnjon6bE1vr0ZkRxVphoD0W1g0O3osVlH1AfOSSkZP/Al7EhJWn7j8D4kc
r/LT+qrumm5/S2pgkpirCvdLGqF7PjVgxHv1/yiYWmx+hk/cbD3ZLlLjl9yPRVDu
HoHK0YqZ1olN9QX3dLAZt59AvMesicCjuWFkYh8a8QTzzpw4265mfswoampPjjSF
tmxuXaGazHWLs4cJ/tPLpBemSCXH9Pu+3uCrQhT+JhO3VmNkkodv0+3SwkHvKIfI
qUg6TSeX+mqqZyULDxGVKapsJ2Wgls4+FEFlRRH/YbhVBTCTVGoqvwL3WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiazto+Qrr7aGpP+pr7HW+3PyYHMB8GA1UdIwQY
MBaAFEREx8OtNLaXf6GKIjfKMGub7gjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEt
ODYzYzliM2QzMmIwLzEvZUpyTzJqNUN1dnRvYWtfNm12c2RiN2NfSmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEtODYzYzliM2QzMmIw
LzEvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4H3MA0G
CSqGSIb3DQEBCwUAA4IBAQAU2tcL1QDly6g3L6GiRJd4aEuMUTGX8XI7hJxZzCLM
BV2fdcAc2HhjLgX1qpeQ3rKXhIkRWzCBU2JfijojnsOZkjy+tdaXhYifQd/4KMnJ
SO22oqWHGGJ4zHEGDWBDMVwMsItESh1sCHtbH0Rs5bizGHfAq8uJ5kDfA24hIW+L
6bfc3prHBbpARhSLyGK/kacPLI0iZDI0r+8JIZllr5+BQjJHYXME31kZ4eFRp4IH
nFtxsW3EI1zPv4O7K2sw+C2ZT8af04Q9sMm1SMYVLaP8vNmIzRi160BiF+q+QyxO
7SRQYGmMw80ZxHmGE+x1A4X3e+ppvB3MQR98UpS5ah0f
-----END CERTIFICATE-----