Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/citk1A7LPcg5sYuvxyt7jmmQj3c.roa
File:                     citk1A7LPcg5sYuvxyt7jmmQj3c.roa (raw, json)
Hash identifier:          GJQy2gMFB+NYjhirzQ9eTfon2BidsNTMtMbFHzUbgIY=
Subject key identifier:   72:2B:64:D4:0E:CB:3D:C8:39:B1:8B:AF:C7:2B:7B:8E:69:90:8F:77
Certificate issuer:       /CN=fe5d698ecf66ae46ede1fc8230bfbe2096d5245b
Certificate serial:       018CC9BBFDF975BB4B1CC1B0CD7BBFA86133
Authority key identifier: FE:5D:69:8E:CF:66:AE:46:ED:E1:FC:82:30:BF:BE:20:96:D5:24:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_l1pjs9mrkbt4fyCML--IJbVJFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/citk1A7LPcg5sYuvxyt7jmmQj3c.roa
Signing time:             Tue 02 Jan 2024 10:33:09 +0000
ROA not before:           Tue 02 Jan 2024 10:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43444
IP address blocks:        31.134.0.0/22 maxlen: 22
                          31.134.4.0/22 maxlen: 22
                          31.134.8.0/22 maxlen: 22
                          31.134.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/_l1pjs9mrkbt4fyCML--IJbVJFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/_l1pjs9mrkbt4fyCML--IJbVJFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_l1pjs9mrkbt4fyCML--IJbVJFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fd:f9:75:bb:4b:1c:c1:b0:cd:7b:bf:a8:61:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe5d698ecf66ae46ede1fc8230bfbe2096d5245b
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=722b64d40ecb3dc839b18bafc72b7b8e69908f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0f:6f:6a:7c:2a:bc:14:8f:2b:de:62:a1:75:
                    8a:b1:12:cf:dd:86:a8:05:df:4d:a3:ab:4c:fc:14:
                    08:70:81:70:78:99:6e:a7:e7:a4:95:30:e4:ab:e4:
                    07:0e:e4:63:87:6b:a1:77:67:18:02:e8:3e:5f:bf:
                    25:3c:a9:50:ec:ba:1b:c0:4c:e2:bb:f0:e4:5e:a4:
                    49:2f:66:b5:c1:64:3d:87:65:7e:29:78:b8:90:fe:
                    62:75:e5:30:fd:5e:b2:f0:c8:41:68:e2:42:33:c9:
                    ee:0c:8d:18:c6:14:e5:00:c7:86:c8:2a:c8:6a:be:
                    64:f3:a1:a1:2a:78:e2:05:3f:01:e6:6e:e0:d1:22:
                    fe:b8:1b:da:0c:39:58:59:6c:4c:75:68:44:c7:37:
                    b2:74:d8:b9:30:f3:b7:0b:a9:70:78:11:56:d7:0e:
                    bc:92:ac:33:7f:b2:39:ee:07:03:1c:d0:65:55:e9:
                    e0:69:b1:43:41:d1:39:f0:d9:cf:65:9d:c2:f8:80:
                    d4:44:ea:5e:e4:24:e5:22:38:b6:77:07:b0:69:9d:
                    c4:c8:8c:d9:c1:45:ce:fc:f3:d7:05:46:db:1a:63:
                    50:a9:59:02:1a:75:97:61:31:a9:9f:36:8e:4d:04:
                    26:93:f0:29:09:84:9a:5a:22:d9:ee:76:5c:a2:91:
                    24:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:2B:64:D4:0E:CB:3D:C8:39:B1:8B:AF:C7:2B:7B:8E:69:90:8F:77
            X509v3 Authority Key Identifier:
                keyid:FE:5D:69:8E:CF:66:AE:46:ED:E1:FC:82:30:BF:BE:20:96:D5:24:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_l1pjs9mrkbt4fyCML--IJbVJFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/citk1A7LPcg5sYuvxyt7jmmQj3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/381b58-7c96-4360-9965-ecf233f8ce82/1/_l1pjs9mrkbt4fyCML--IJbVJFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ac:67:58:57:92:c0:e7:de:13:11:a9:32:ee:f0:0d:54:45:76:
         35:3a:2b:42:78:b8:98:f9:5a:9a:73:84:b2:8e:f2:22:74:9f:
         84:e7:62:fd:87:33:d8:7b:e1:69:a5:39:1f:f3:4d:e1:71:36:
         34:87:a5:02:f5:2c:b9:3b:3e:70:f3:ae:fe:3f:14:6c:f5:c4:
         ba:18:f9:03:83:69:28:b9:98:d5:fb:20:2a:06:c1:7a:2a:91:
         c5:38:e4:bb:d4:f1:0d:bd:e9:c2:64:47:bb:7b:93:d8:8c:e0:
         12:f1:c7:a6:70:86:40:7d:d9:4a:7e:75:fa:c9:d0:a9:ee:15:
         ba:2e:ec:98:4c:ee:56:f4:72:95:91:0f:9e:9f:ce:6f:94:ce:
         5f:84:c8:f2:05:05:2e:01:23:2c:ee:25:7b:f1:c2:11:1c:4b:
         34:87:98:07:49:7c:62:8e:66:a5:2c:60:ee:d5:94:32:fe:9c:
         e4:e5:e5:f7:29:61:aa:2f:4b:0a:ed:fa:f1:c3:63:cc:2d:08:
         1b:0b:b3:d5:30:51:4a:f7:1d:07:b2:7f:75:76:15:bd:9f:80:
         e8:a2:1e:98:e0:fe:8d:ff:94:11:3b:f7:24:9b:d6:4c:ff:45:
         b5:2b:98:53:aa:c1:53:82:0a:cb:19:e8:dc:37:2b:50:00:d7:
         e5:34:b9:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/35dbtLHMGwzXu/qGEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNWQ2OThlY2Y2NmFlNDZlZGUxZmM4MjMwYmZiZTIwOTZk
NTI0NWIwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjJiNjRkNDBlY2IzZGM4MzliMThiYWZjNzJiN2I4ZTY5OTA4Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ9vanwqvBSPK95ioXWKsRLP3Yao
Bd9No6tM/BQIcIFweJlup+eklTDkq+QHDuRjh2uhd2cYAug+X78lPKlQ7LobwEzi
u/DkXqRJL2a1wWQ9h2V+KXi4kP5ideUw/V6y8MhBaOJCM8nuDI0YxhTlAMeGyCrI
ar5k86GhKnjiBT8B5m7g0SL+uBvaDDlYWWxMdWhExzeydNi5MPO3C6lweBFW1w68
kqwzf7I57gcDHNBlVengabFDQdE58NnPZZ3C+IDUROpe5CTlIji2dwewaZ3EyIzZ
wUXO/PPXBUbbGmNQqVkCGnWXYTGpnzaOTQQmk/ApCYSaWiLZ7nZcopEkQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIrZNQOyz3IObGLr8cre45pkI93MB8GA1UdIwQY
MBaAFP5daY7PZq5G7eH8gjC/viCW1SRbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2wxcGpzOW1ya2J0NGZ5Q01MLS1JSmJWSkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8zODFiNTgtN2M5Ni00MzYwLTk5NjUt
ZWNmMjMzZjhjZTgyLzEvY2l0azFBN0xQY2c1c1l1dnh5dDdqbW1RajNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8zODFiNTgtN2M5Ni00MzYwLTk5NjUtZWNmMjMzZjhjZTgy
LzEvX2wxcGpzOW1ya2J0NGZ5Q01MLS1JSmJWSkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH4YAMA0G
CSqGSIb3DQEBCwUAA4IBAQCsZ1hXksDn3hMRqTLu8A1URXY1OitCeLiY+Vqac4Sy
jvIidJ+E52L9hzPYe+FppTkf803hcTY0h6UC9Sy5Oz5w867+PxRs9cS6GPkDg2ko
uZjV+yAqBsF6KpHFOOS71PENvenCZEe7e5PYjOAS8cemcIZAfdlKfnX6ydCp7hW6
LuyYTO5W9HKVkQ+en85vlM5fhMjyBQUuASMs7iV78cIRHEs0h5gHSXxijmalLGDu
1ZQy/pzk5eX3KWGqL0sK7frxw2PMLQgbC7PVMFFK9x0Hsn91dhW9n4Dooh6Y4P6N
/5QRO/ckm9ZM/0W1K5hTqsFTggrLGejcNytQANflNLnX
-----END CERTIFICATE-----