Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CHBJcj-N1HIS2MambWnbMXxuJl4.roa
File:                     CHBJcj-N1HIS2MambWnbMXxuJl4.roa (raw, json)
Hash identifier:          WaG7fBgmHmpqNUDdNZExx2pw+VwY1Z3ErUToTAKMvuU=
Subject key identifier:   08:70:49:72:3F:8D:D4:72:12:D8:C6:A6:6D:69:DB:31:7C:6E:26:5E
Certificate issuer:       /CN=0a42ae6e96180f03b7ca6d97427516e4c07f6e2b
Certificate serial:       018CC49384CF4AD5A9A7A6E54A820B59922B
Authority key identifier: 0A:42:AE:6E:96:18:0F:03:B7:CA:6D:97:42:75:16:E4:C0:7F:6E:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkKubpYYDwO3ym2XQnUW5MB_bis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CHBJcj-N1HIS2MambWnbMXxuJl4.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213121
IP address blocks:        31.7.92.0/22 maxlen: 22
                          93.157.184.0/24 maxlen: 24
                          2a0a:cf80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CkKubpYYDwO3ym2XQnUW5MB_bis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CkKubpYYDwO3ym2XQnUW5MB_bis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkKubpYYDwO3ym2XQnUW5MB_bis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:84:cf:4a:d5:a9:a7:a6:e5:4a:82:0b:59:92:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a42ae6e96180f03b7ca6d97427516e4c07f6e2b
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=087049723f8dd47212d8c6a66d69db317c6e265e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f8:2c:4c:ed:4b:b9:69:19:f2:a8:e0:20:34:
                    db:11:b9:45:a2:66:2e:89:10:02:b5:62:50:56:7c:
                    08:95:5c:8a:41:c0:60:e2:5b:22:46:22:40:28:26:
                    18:d6:2a:e0:01:a8:ba:42:23:ce:ee:ef:32:41:28:
                    a7:3a:df:bc:31:8e:b1:6c:43:9d:09:6b:83:ce:36:
                    4e:69:13:c2:26:b0:7c:b5:39:9a:a6:31:f4:68:cd:
                    b8:df:3a:08:c9:a9:ed:2e:31:54:4c:97:84:0c:2b:
                    bc:4b:1d:57:66:6c:de:74:a0:cf:31:3b:0b:20:2a:
                    1e:54:84:e6:01:15:65:9a:bd:02:cc:fd:e7:a1:40:
                    63:a3:16:e1:8b:b3:3a:1f:d2:c2:0f:aa:a6:67:c5:
                    23:1c:7d:91:dc:72:3c:11:64:c4:39:4d:fe:9e:dc:
                    a9:69:b7:6a:7b:dd:0f:f3:79:a1:c7:76:7f:f2:b4:
                    d9:e6:f3:44:b2:fd:d4:f0:d8:54:b8:61:47:b8:48:
                    5f:3f:09:72:41:29:aa:c3:7e:8e:bd:56:a2:60:52:
                    86:94:f4:ca:ad:1f:64:f3:05:8f:13:d1:db:fc:1c:
                    b7:03:7a:f6:39:08:84:2f:7f:4f:5c:87:8c:1e:86:
                    bd:5f:a1:54:e3:ba:97:5d:3d:70:d9:24:ac:ce:fa:
                    07:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:70:49:72:3F:8D:D4:72:12:D8:C6:A6:6D:69:DB:31:7C:6E:26:5E
            X509v3 Authority Key Identifier:
                keyid:0A:42:AE:6E:96:18:0F:03:B7:CA:6D:97:42:75:16:E4:C0:7F:6E:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkKubpYYDwO3ym2XQnUW5MB_bis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CHBJcj-N1HIS2MambWnbMXxuJl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/46c7e6-4006-40f0-adaa-b4192ac638c9/1/CkKubpYYDwO3ym2XQnUW5MB_bis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.92.0/22
                  93.157.184.0/24
                IPv6:
                  2a0a:cf80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:6f:16:61:e1:99:02:13:7a:8b:83:ac:81:b7:e3:9d:ca:f1:
         57:ca:d0:c5:4a:66:1f:47:b1:90:d6:9a:79:5d:84:11:cb:8a:
         72:e6:98:f7:b6:5e:67:ce:0d:6c:ea:c8:79:76:e7:0c:79:65:
         59:c8:76:4a:ba:f3:ef:fe:07:20:44:fe:ca:10:23:0e:83:d9:
         9a:1c:68:b4:ba:d2:30:06:28:e6:0e:fc:dd:69:26:10:eb:64:
         70:c1:8b:b0:f0:2c:f7:f3:f3:93:29:4b:85:48:98:d6:97:e8:
         ad:5a:b2:92:2d:a5:56:63:96:50:23:22:0e:c1:ac:6b:bd:cc:
         3c:3e:2b:a5:58:5d:1c:9e:00:83:dc:35:9b:39:cd:ae:e3:53:
         0a:01:40:55:7e:08:94:81:00:7f:c5:da:96:0e:0a:54:55:68:
         cf:04:d2:51:0b:32:d6:38:50:a3:6e:fb:bb:94:ee:3c:3a:f6:
         7d:e2:15:62:b3:85:f8:82:60:1f:29:36:bc:2d:cb:43:a1:91:
         09:48:36:49:6a:36:f0:bd:7d:fa:a1:7d:3e:ac:47:22:62:c1:
         1f:1d:dd:c2:66:4f:80:da:50:ad:60:15:f9:67:90:98:21:88:
         da:6a:ec:91:f8:f1:71:7c:a4:9f:28:ac:5e:f9:c0:56:35:fd:
         6e:1b:33:e5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk4TPStWpp6blSoILWZIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDJhZTZlOTYxODBmMDNiN2NhNmQ5NzQyNzUxNmU0YzA3
ZjZlMmIwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODcwNDk3MjNmOGRkNDcyMTJkOGM2YTY2ZDY5ZGIzMTdjNmUyNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvgsTO1LuWkZ8qjgIDTbEblFomYu
iRACtWJQVnwIlVyKQcBg4lsiRiJAKCYY1irgAai6QiPO7u8yQSinOt+8MY6xbEOd
CWuDzjZOaRPCJrB8tTmapjH0aM243zoIyantLjFUTJeEDCu8Sx1XZmzedKDPMTsL
ICoeVITmARVlmr0CzP3noUBjoxbhi7M6H9LCD6qmZ8UjHH2R3HI8EWTEOU3+ntyp
abdqe90P83mhx3Z/8rTZ5vNEsv3U8NhUuGFHuEhfPwlyQSmqw36OvVaiYFKGlPTK
rR9k8wWPE9Hb/By3A3r2OQiEL39PXIeMHoa9X6FU47qXXT1w2SSszvoHjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAhwSXI/jdRyEtjGpm1p2zF8biZeMB8GA1UdIwQY
MBaAFApCrm6WGA8Dt8ptl0J1FuTAf24rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tLdWJwWVlEd08zeW0yWFFuVVc1TUJfYmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NmM3ZTYtNDAwNi00MGYwLWFkYWEt
YjQxOTJhYzYzOGM5LzEvQ0hCSmNqLU4xSElTMk1hbWJXbmJNWHh1Smw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NmM3ZTYtNDAwNi00MGYwLWFkYWEtYjQxOTJhYzYzOGM5
LzEvQ2tLdWJwWVlEd08zeW0yWFFuVVc1TUJfYmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCHwdcAwQA
XZ24MA0EAgACMAcDBQMqCs+AMA0GCSqGSIb3DQEBCwUAA4IBAQA7bxZh4ZkCE3qL
g6yBt+OdyvFXytDFSmYfR7GQ1pp5XYQRy4py5pj3tl5nzg1s6sh5ducMeWVZyHZK
uvPv/gcgRP7KECMOg9maHGi0utIwBijmDvzdaSYQ62RwwYuw8Cz38/OTKUuFSJjW
l+itWrKSLaVWY5ZQIyIOwaxrvcw8PiulWF0cngCD3DWbOc2u41MKAUBVfgiUgQB/
xdqWDgpUVWjPBNJRCzLWOFCjbvu7lO48OvZ94hVis4X4gmAfKTa8LctDoZEJSDZJ
ajbwvX36oX0+rEciYsEfHd3CZk+A2lCtYBX5Z5CYIYjaauyR+PFxfKSfKKxe+cBW
Nf1uGzPl
-----END CERTIFICATE-----