Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/j30UoMDciFVRU4gyw3GZ8mVK27U.roa
File:                     j30UoMDciFVRU4gyw3GZ8mVK27U.roa (raw, json)
Hash identifier:          /6P33uwqZ5HWHJSsGgal3RXON+J2HbHy86jgRo4mKqg=
Subject key identifier:   8F:7D:14:A0:C0:DC:88:55:51:53:88:32:C3:71:99:F2:65:4A:DB:B5
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       018CC7273400C9714BEE85A04C5362C25AE0
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/j30UoMDciFVRU4gyw3GZ8mVK27U.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        31.130.240.0/23 maxlen: 24
                          178.212.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:34:00:c9:71:4b:ee:85:a0:4c:53:62:c2:5a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f7d14a0c0dc885551538832c37199f2654adbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:3f:34:f9:0b:35:a6:b4:4d:cf:36:67:27:
                    cd:9a:ba:f7:fc:72:7a:46:c5:fe:01:6a:e5:4c:2c:
                    1a:0f:e8:c6:ba:11:64:f0:af:66:e4:bf:0a:07:3f:
                    f9:48:b3:7c:47:ea:25:c0:4d:8b:ca:22:f5:5d:df:
                    3e:b2:0c:c8:2a:d4:71:e1:e9:df:d0:2b:f8:11:a3:
                    05:a8:45:1f:de:d0:86:96:73:9c:50:e8:c6:a2:15:
                    25:27:1d:7c:3e:11:e9:45:29:4e:ef:21:12:d4:67:
                    0b:83:76:65:79:33:36:59:8e:0d:b0:ca:2e:7a:2f:
                    13:4d:06:ce:80:09:a9:f8:2f:05:e6:f3:3a:26:3a:
                    67:8d:a6:b2:46:90:00:76:70:11:cc:5c:84:eb:00:
                    7c:8a:d9:f3:1e:45:f8:f3:17:d9:b7:2f:5a:0c:11:
                    4b:7c:33:16:09:49:bc:c0:99:2f:a0:54:0e:56:82:
                    af:ef:db:f4:c0:37:aa:4a:cb:0c:fa:7f:31:52:f4:
                    07:89:1d:7d:63:31:a6:93:97:e1:11:40:bf:2a:25:
                    46:2c:ce:e7:24:f3:3e:9e:8e:83:a1:9d:b7:7a:bf:
                    bf:98:51:23:72:af:25:78:01:8f:34:10:be:a6:39:
                    e6:62:25:fc:f1:ad:e9:19:5f:c8:92:8e:fe:3e:2c:
                    40:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7D:14:A0:C0:DC:88:55:51:53:88:32:C3:71:99:F2:65:4A:DB:B5
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/j30UoMDciFVRU4gyw3GZ8mVK27U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.240.0/23
                  178.212.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:9f:13:1f:d1:66:8d:1e:52:f4:6c:09:f7:29:3a:20:c6:c8:
         0e:bb:84:11:ba:44:9d:be:4a:b8:e4:64:de:3c:df:8f:1e:93:
         79:32:e7:22:54:86:ea:8e:ac:f1:85:c8:a9:ec:3a:bc:0e:b7:
         30:79:f5:e0:dd:c1:f9:39:fd:5c:61:c1:ef:3c:69:18:7a:c6:
         8a:89:dc:8f:f2:56:38:2b:db:1a:3c:91:74:53:da:f6:79:e7:
         f2:a3:c1:67:e3:17:b9:2d:72:40:2e:1f:cf:7d:be:09:58:c0:
         6e:0a:8f:e8:63:d4:e0:98:49:40:f3:d4:19:59:13:28:b3:4f:
         98:8f:13:bf:8e:b8:18:ad:e1:76:66:c3:b0:d6:99:f0:df:d0:
         ba:b0:1d:f5:ac:d4:fe:a3:60:69:ba:24:1f:4c:d1:7c:50:47:
         81:4a:a6:4d:4b:15:a1:57:7d:b0:74:d4:6e:5d:5c:cd:2f:3c:
         70:ff:d6:e2:b5:4e:b4:de:37:78:26:19:14:14:5e:4c:21:2c:
         b3:8e:f4:68:d8:ec:2d:ff:0e:35:2d:bc:81:5a:48:4c:70:e1:
         7c:ac:36:0a:3a:42:03:9c:26:38:89:6d:10:ee:2c:10:e5:dd:
         8c:55:79:ad:56:d4:ab:d9:73:7c:61:9e:69:e9:10:38:ac:e8:
         4a:80:5c:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzQAyXFL7oWgTFNiwlrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdkMTRhMGMwZGM4ODU1NTE1Mzg4MzJjMzcxOTlmMjY1NGFkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWQ/NPkLNaa0Tc82ZyfNmrr3/HJ6
RsX+AWrlTCwaD+jGuhFk8K9m5L8KBz/5SLN8R+olwE2LyiL1Xd8+sgzIKtRx4enf
0Cv4EaMFqEUf3tCGlnOcUOjGohUlJx18PhHpRSlO7yES1GcLg3ZleTM2WY4NsMou
ei8TTQbOgAmp+C8F5vM6JjpnjaayRpAAdnARzFyE6wB8itnzHkX48xfZty9aDBFL
fDMWCUm8wJkvoFQOVoKv79v0wDeqSssM+n8xUvQHiR19YzGmk5fhEUC/KiVGLM7n
JPM+no6DoZ23er+/mFEjcq8leAGPNBC+pjnmYiX88a3pGV/Iko7+PixAcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI99FKDA3IhVUVOIMsNxmfJlStu1MB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvajMwVW9NRGNpRlZSVTRneXczR1o4bVZLMjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH4LwAwQB
stQ4MA0GCSqGSIb3DQEBCwUAA4IBAQAanxMf0WaNHlL0bAn3KTogxsgOu4QRukSd
vkq45GTePN+PHpN5MuciVIbqjqzxhcip7Dq8DrcwefXg3cH5Of1cYcHvPGkYesaK
idyP8lY4K9saPJF0U9r2eefyo8Fn4xe5LXJALh/Pfb4JWMBuCo/oY9TgmElA89QZ
WRMos0+YjxO/jrgYreF2ZsOw1pnw39C6sB31rNT+o2BpuiQfTNF8UEeBSqZNSxWh
V32wdNRuXVzNLzxw/9bitU603jd4JhkUFF5MISyzjvRo2Owt/w41LbyBWkhMcOF8
rDYKOkIDnCY4iW0Q7iwQ5d2MVXmtVtSr2XN8YZ5p6RA4rOhKgFwR
-----END CERTIFICATE-----