Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hQt2ip45EijPgbTA9Jb9BSccOS4.roa
File:                     hQt2ip45EijPgbTA9Jb9BSccOS4.roa (raw, json)
Hash identifier:          22mkOiLgqhXWTUMvFE0zsa/GCVY8ZpjOUzxlMHud4Ws=
Subject key identifier:   85:0B:76:8A:9E:39:12:28:CF:81:B4:C0:F4:96:FD:05:27:1C:39:2E
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       019276BF7636238A839D0152AAEE270DA148
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hQt2ip45EijPgbTA9Jb9BSccOS4.roa
Signing time:             Thu 10 Oct 2024 14:05:11 +0000
ROA not before:           Thu 10 Oct 2024 14:05:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214109
IP address blocks:        31.131.142.0/24 maxlen: 24
                          31.131.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:bf:76:36:23:8a:83:9d:01:52:aa:ee:27:0d:a1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Oct 10 14:05:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850b768a9e391228cf81b4c0f496fd05271c392e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:51:5e:af:04:59:30:8a:90:23:0c:c4:da:21:
                    74:8a:4c:f8:fd:7c:6d:cf:23:00:af:52:8a:a4:b5:
                    c8:25:20:74:fc:d2:3f:68:a6:51:33:9c:08:44:bd:
                    42:ea:24:9e:95:cc:43:f9:ee:5a:97:5a:84:6a:f8:
                    de:47:73:52:18:6c:d4:59:e0:80:05:f0:17:51:69:
                    64:56:10:7e:8a:17:c4:7a:7f:2d:0a:20:8c:02:16:
                    4f:80:fe:a3:ad:14:07:4e:25:5b:3d:18:fb:af:c7:
                    f2:22:7f:49:ff:fd:ce:4c:43:8c:a9:96:6f:3d:77:
                    c2:7e:0f:8b:96:5a:85:10:24:7b:cc:89:c5:00:8d:
                    21:08:dd:4a:10:f0:09:17:cb:6c:d2:de:75:08:31:
                    2a:72:b4:af:e6:41:ba:f1:08:97:7e:75:bb:20:ab:
                    4d:72:c9:e9:4d:fd:02:63:41:6d:fd:03:cb:3b:b6:
                    2e:e7:8b:78:f1:41:42:2b:e3:c4:be:f1:15:76:b1:
                    c5:1e:65:7f:23:67:b0:22:7d:f3:40:d0:a9:37:d0:
                    6e:a7:7e:8f:81:c9:ef:ac:6f:78:fa:a4:87:19:6b:
                    3f:04:f5:af:85:f2:61:a5:05:8a:e8:5a:70:b7:f6:
                    66:d2:d4:bc:52:2b:db:50:66:ac:4b:3f:e5:91:10:
                    b2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0B:76:8A:9E:39:12:28:CF:81:B4:C0:F4:96:FD:05:27:1C:39:2E
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hQt2ip45EijPgbTA9Jb9BSccOS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:33:5c:c9:53:9c:a5:d8:fc:d0:fd:20:08:79:40:5d:9c:a7:
         01:db:13:ba:4d:2a:17:b7:4e:3f:07:48:5b:40:37:3a:dd:53:
         31:33:b6:1d:d4:7f:fe:86:b7:7d:74:7b:8c:11:37:c4:82:06:
         57:68:77:d3:79:63:36:3e:e3:43:d9:94:fc:9b:40:74:52:95:
         e4:54:68:42:38:64:68:d6:87:58:5f:84:81:9b:22:4a:a0:97:
         e3:a0:ad:c0:5a:20:13:d7:92:e8:e3:c6:f3:2f:da:40:04:e3:
         b2:b7:95:97:17:4d:a3:e9:82:b3:db:5f:5e:f5:bf:be:74:d3:
         3b:e2:a1:c6:2e:e6:a1:67:90:a7:5c:52:e7:1a:43:3c:4f:b0:
         12:43:77:69:0c:c8:8b:f9:00:76:af:63:01:4b:13:9a:5d:ac:
         b0:cc:4f:37:1a:89:ea:bc:05:29:9c:ee:59:10:2d:97:be:00:
         90:ff:08:78:4b:fd:f4:5d:f7:63:90:a5:2b:7a:f2:43:8b:25:
         0e:d3:13:77:dc:81:f3:17:b5:13:72:2d:f3:f7:7e:34:0c:12:
         69:ba:f0:a1:67:42:90:86:58:91:56:e2:85:1b:46:f6:78:14:
         a8:ba:10:95:db:b9:d2:a1:6d:2d:04:22:c2:74:af:50:b8:9a:
         36:81:bd:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ2v3Y2I4qDnQFSqu4nDaFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQxMDEwMTQwNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBiNzY4YTllMzkxMjI4Y2Y4MWI0YzBmNDk2ZmQwNTI3MWMzOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVFerwRZMIqQIwzE2iF0ikz4/Xxt
zyMAr1KKpLXIJSB0/NI/aKZRM5wIRL1C6iSelcxD+e5al1qEavjeR3NSGGzUWeCA
BfAXUWlkVhB+ihfEen8tCiCMAhZPgP6jrRQHTiVbPRj7r8fyIn9J//3OTEOMqZZv
PXfCfg+LllqFECR7zInFAI0hCN1KEPAJF8ts0t51CDEqcrSv5kG68QiXfnW7IKtN
csnpTf0CY0Ft/QPLO7Yu54t48UFCK+PEvvEVdrHFHmV/I2ewIn3zQNCpN9Bup36P
gcnvrG94+qSHGWs/BPWvhfJhpQWK6Fpwt/Zm0tS8UivbUGasSz/lkRCyvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIULdoqeORIoz4G0wPSW/QUnHDkuMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvaFF0MmlwNDVFaWpQZ2JUQTlKYjlCU2NjT1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4OOMA0G
CSqGSIb3DQEBCwUAA4IBAQCTM1zJU5yl2PzQ/SAIeUBdnKcB2xO6TSoXt04/B0hb
QDc63VMxM7Yd1H/+hrd9dHuMETfEggZXaHfTeWM2PuND2ZT8m0B0UpXkVGhCOGRo
1odYX4SBmyJKoJfjoK3AWiAT15Lo48bzL9pABOOyt5WXF02j6YKz219e9b++dNM7
4qHGLuahZ5CnXFLnGkM8T7ASQ3dpDMiL+QB2r2MBSxOaXaywzE83GonqvAUpnO5Z
EC2XvgCQ/wh4S/30XfdjkKUrevJDiyUO0xN33IHzF7UTci3z9340DBJpuvChZ0KQ
hliRVuKFG0b2eBSouhCV27nSoW0tBCLCdK9QuJo2gb2X
-----END CERTIFICATE-----