Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/dk0By2ENKJxkly_cTAxmHQ-VhzM.roa
File:                     dk0By2ENKJxkly_cTAxmHQ-VhzM.roa (raw, json)
Hash identifier:          7zDdk8H5140IthHEYe7nNbl/lgDbxTcIV1Ivh3MfuY8=
Subject key identifier:   76:4D:01:CB:61:0D:28:9C:64:97:2F:DC:4C:0C:66:1D:0F:95:87:33
Certificate issuer:       /CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
Certificate serial:       0193B9D19D8B7845EE5FDAA915526B500D8B
Authority key identifier: EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/dk0By2ENKJxkly_cTAxmHQ-VhzM.roa
Signing time:             Thu 12 Dec 2024 07:42:22 +0000
ROA not before:           Thu 12 Dec 2024 07:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        31.204.26.0/24 maxlen: 24
                          31.204.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b9:d1:9d:8b:78:45:ee:5f:da:a9:15:52:6b:50:0d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
        Validity
            Not Before: Dec 12 07:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=764d01cb610d289c64972fdc4c0c661d0f958733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8d:34:ad:59:de:34:64:a3:01:ec:52:2a:9c:
                    44:69:96:b4:0a:7b:35:7e:15:88:d9:a1:a6:c9:a5:
                    69:da:76:c2:81:38:7d:e1:9a:c9:2e:6d:ee:5c:08:
                    3e:cd:a8:c2:47:f6:f1:de:d0:2d:a0:9d:6a:7f:16:
                    b5:70:14:1d:24:b6:d9:ce:3c:31:d7:6e:73:96:e8:
                    7f:ad:3f:41:de:f4:7a:21:2b:ea:4f:bc:35:7e:58:
                    d9:80:b9:c4:f6:4d:83:12:63:88:e9:36:7d:b7:0e:
                    8a:78:5a:be:c7:99:10:55:61:bb:30:89:67:90:91:
                    70:df:ff:56:9a:b6:30:65:0a:20:27:a4:44:7c:79:
                    54:bd:ad:bb:30:03:00:85:dd:61:46:c3:55:11:3b:
                    a3:05:a8:e4:44:45:16:41:47:1e:e9:74:0f:e1:35:
                    34:91:71:4a:a2:08:62:5d:68:e7:8c:fc:bf:14:57:
                    79:36:85:9e:05:6e:22:d4:72:6f:a6:75:e1:1d:a5:
                    36:b9:84:5d:c6:d4:67:1b:17:db:35:3f:23:65:48:
                    fb:67:cd:54:0a:93:30:ed:2e:f9:03:d1:69:45:79:
                    36:86:0f:4b:88:5c:35:26:66:3f:25:34:fc:6f:a6:
                    4f:13:9a:b3:eb:89:38:21:c2:68:8c:5f:36:52:2c:
                    d0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:4D:01:CB:61:0D:28:9C:64:97:2F:DC:4C:0C:66:1D:0F:95:87:33
            X509v3 Authority Key Identifier:
                keyid:EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/dk0By2ENKJxkly_cTAxmHQ-VhzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.204.26.0/24
                  31.204.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e4:35:e4:24:b1:a2:62:0a:79:cd:c7:04:bf:56:cc:d5:32:
         93:57:9a:cf:b9:8b:00:3d:1f:4a:75:d3:db:e7:e7:5c:d3:ff:
         80:75:aa:ab:bb:57:ef:91:ff:c7:77:c0:31:79:a9:60:06:e2:
         4b:6f:1b:57:6a:d2:8a:bf:29:77:6e:5c:94:1e:6b:f6:4a:3b:
         be:af:38:fe:3e:aa:6e:8a:7a:f7:97:61:4d:99:f3:2f:5b:7d:
         39:26:0d:5a:20:54:9f:80:18:67:11:b3:b9:7b:28:73:77:2a:
         47:3b:07:22:cf:12:08:a5:30:09:95:f2:32:95:83:84:74:28:
         d9:2f:6d:b8:f7:7a:cc:df:1a:f3:19:b0:59:b9:02:cf:49:5d:
         cf:a6:8e:11:08:2e:99:9c:31:2a:8d:92:72:5b:55:9a:9f:65:
         8a:3a:70:0b:64:85:20:ec:08:5e:4f:07:d5:cb:cb:74:27:9f:
         7e:ff:02:d9:71:94:70:ac:a7:21:53:4d:77:84:36:72:fc:33:
         ee:77:be:bd:82:43:31:c7:be:f8:e3:5e:03:e8:74:0c:fe:6e:
         16:78:96:92:ce:b1:ff:f3:d5:07:b3:34:a8:85:50:8f:42:80:
         a2:81:58:6e:c8:84:38:0c:fc:e5:cd:07:80:ec:6c:cd:59:d9:
         8f:27:3c:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZO50Z2LeEXuX9qpFVJrUA2LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNzgzNThhNmE5N2QxOWIyZjVhZmZmMWNmYzc5M2ZiYjRl
YWZjOWQwHhcNMjQxMjEyMDc0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjRkMDFjYjYxMGQyODljNjQ5NzJmZGM0YzBjNjYxZDBmOTU4NzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr400rVneNGSjAexSKpxEaZa0Cns1
fhWI2aGmyaVp2nbCgTh94ZrJLm3uXAg+zajCR/bx3tAtoJ1qfxa1cBQdJLbZzjwx
125zluh/rT9B3vR6ISvqT7w1fljZgLnE9k2DEmOI6TZ9tw6KeFq+x5kQVWG7MIln
kJFw3/9WmrYwZQogJ6REfHlUva27MAMAhd1hRsNVETujBajkREUWQUce6XQP4TU0
kXFKoghiXWjnjPy/FFd5NoWeBW4i1HJvpnXhHaU2uYRdxtRnGxfbNT8jZUj7Z81U
CpMw7S75A9FpRXk2hg9LiFw1JmY/JTT8b6ZPE5qz64k4IcJojF82UizQGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHZNActhDSicZJcv3EwMZh0PlYczMB8GA1UdIwQY
MBaAFOt4NYpql9GbL1r/8c/Hk/u06vydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQt
NGE1ZWVkMWVlNWJjLzEvZGswQnkyRU5LSnhrbHlfY1RBeG1IUS1WaHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQtNGE1ZWVkMWVlNWJj
LzEvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH8waAwQA
H8wxMA0GCSqGSIb3DQEBCwUAA4IBAQBi5DXkJLGiYgp5zccEv1bM1TKTV5rPuYsA
PR9KddPb5+dc0/+Adaqru1fvkf/Hd8AxealgBuJLbxtXatKKvyl3blyUHmv2Sju+
rzj+Pqpuinr3l2FNmfMvW305Jg1aIFSfgBhnEbO5eyhzdypHOwcizxIIpTAJlfIy
lYOEdCjZL22493rM3xrzGbBZuQLPSV3Ppo4RCC6ZnDEqjZJyW1Wan2WKOnALZIUg
7AheTwfVy8t0J59+/wLZcZRwrKchU013hDZy/DPud769gkMxx774414D6HQM/m4W
eJaSzrH/89UHszSohVCPQoCigVhuyIQ4DPzlzQeA7GzNWdmPJzxJ
-----END CERTIFICATE-----