Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/jGRmtzCDf_KD-HGTIOsnHPpyX5w.roa
File:                     jGRmtzCDf_KD-HGTIOsnHPpyX5w.roa (raw, json)
Hash identifier:          EqY6PURhcyvucct40WhgiwaWHlrhNpzZ82OpfYpSUJ0=
Subject key identifier:   8C:64:66:B7:30:83:7F:F2:83:F8:71:93:20:EB:27:1C:FA:72:5F:9C
Certificate issuer:       /CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
Certificate serial:       018CC26D33BD98815A22278C5933CDE4A358
Authority key identifier: 47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/jGRmtzCDf_KD-HGTIOsnHPpyX5w.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31020
IP address blocks:        31.186.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:33:bd:98:81:5a:22:27:8c:59:33:cd:e4:a3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c6466b730837ff283f8719320eb271cfa725f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5d:e4:b1:da:01:25:cf:cd:3b:17:72:9d:2b:
                    25:b9:66:e0:4c:81:f2:b3:8d:02:0f:66:e7:a6:5f:
                    9e:7a:28:e7:11:2a:1b:43:ef:9a:8e:42:c3:3f:27:
                    92:a9:a3:5f:40:ec:8e:08:e0:d5:00:72:d1:dd:7e:
                    1f:5b:e4:93:ff:da:d3:7c:5b:7d:67:74:e8:13:54:
                    4a:73:84:18:ce:36:03:74:36:4c:a6:02:6a:7e:a5:
                    6c:5f:cd:6d:42:00:65:ea:03:02:d5:df:b9:d0:79:
                    f4:15:0f:3a:dd:81:2e:71:f5:70:57:e9:0b:be:90:
                    dc:eb:3d:81:ee:20:a4:2e:2e:1e:90:fb:4f:0b:c3:
                    74:ad:19:99:9b:24:bf:47:5b:b4:9b:7f:a1:42:bd:
                    7a:33:97:f3:bc:5e:2f:78:6a:47:3d:d8:e1:bf:73:
                    2a:95:79:95:8d:df:1f:74:c8:f6:64:e6:ce:53:88:
                    a6:91:44:e1:24:91:cd:0e:2e:44:60:52:d2:70:21:
                    a6:83:80:31:3b:8b:2e:0a:85:f1:ff:d1:95:b4:d1:
                    1c:da:73:aa:b5:18:8d:b6:13:43:d1:da:15:4d:64:
                    57:e2:d2:c2:29:bd:32:ae:13:bd:cc:c7:97:1c:22:
                    12:2b:ad:eb:ed:86:49:58:d5:74:b8:49:8f:ab:fc:
                    02:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:64:66:B7:30:83:7F:F2:83:F8:71:93:20:EB:27:1C:FA:72:5F:9C
            X509v3 Authority Key Identifier:
                keyid:47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/jGRmtzCDf_KD-HGTIOsnHPpyX5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         97:45:6b:a5:d6:21:ff:71:eb:6b:36:9e:84:a9:6a:fa:ee:52:
         91:9b:8b:37:d5:77:8c:ca:dc:0c:02:fe:08:7c:a5:bd:4b:43:
         ae:bc:0c:72:cb:81:6d:bf:60:6a:7e:9e:48:75:ed:e2:2f:16:
         e6:c4:43:4c:ce:d3:75:fe:96:40:2e:e5:24:6f:17:c7:bd:3e:
         b8:6e:77:26:4c:6f:8f:01:bf:5e:54:c0:e2:c0:b4:7c:2d:5a:
         93:eb:a3:af:11:aa:a7:d7:54:78:df:7f:c3:ef:48:2b:bd:70:
         c6:1e:22:9f:62:eb:98:4f:df:f9:6a:54:90:2b:75:83:06:5d:
         e9:d4:05:cc:57:97:24:b7:dd:24:fa:c2:96:ed:0a:aa:ba:8b:
         10:65:59:95:b8:ef:92:90:2e:f6:73:aa:a9:1e:34:b3:55:79:
         8b:ca:68:2f:dd:f7:e5:cc:7d:db:e1:a8:85:f8:6a:81:60:39:
         a4:56:f9:2f:f9:b4:5e:91:b1:b9:53:45:1c:92:80:08:c8:3c:
         5e:82:ed:61:e7:11:e8:8f:69:43:89:a6:4b:b1:75:5e:8d:40:
         c8:4d:bb:ad:86:68:4d:8e:f1:9d:1c:19:6b:28:bf:61:66:34:
         a2:57:ed:64:c3:34:22:d6:7a:15:ba:06:9c:d9:12:22:c4:84:
         97:46:61:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTO9mIFaIieMWTPN5KNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3N2Y0YjZlYzQzNDcxNTdjNGQxM2VmMGU3YWJlMTI5MGEw
YmY1N2MwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzY0NjZiNzMwODM3ZmYyODNmODcxOTMyMGViMjcxY2ZhNzI1ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV3ksdoBJc/NOxdynSsluWbgTIHy
s40CD2bnpl+eeijnESobQ++ajkLDPyeSqaNfQOyOCODVAHLR3X4fW+ST/9rTfFt9
Z3ToE1RKc4QYzjYDdDZMpgJqfqVsX81tQgBl6gMC1d+50Hn0FQ863YEucfVwV+kL
vpDc6z2B7iCkLi4ekPtPC8N0rRmZmyS/R1u0m3+hQr16M5fzvF4veGpHPdjhv3Mq
lXmVjd8fdMj2ZObOU4imkUThJJHNDi5EYFLScCGmg4AxO4suCoXx/9GVtNEc2nOq
tRiNthND0doVTWRX4tLCKb0yrhO9zMeXHCISK63r7YZJWNV0uEmPq/wCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxkZrcwg3/yg/hxkyDrJxz6cl+cMB8GA1UdIwQY
MBaAFEd/S27ENHFXxNE+8Oer4SkKC/V8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzIt
ZDhiZDI1MGI2NGY5LzEvakdSbXR6Q0RmX0tELUhHVElPc25IUHB5WDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzItZDhiZDI1MGI2NGY5
LzEvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH7pYMA0G
CSqGSIb3DQEBCwUAA4IBAQCXRWul1iH/cetrNp6EqWr67lKRm4s31XeMytwMAv4I
fKW9S0OuvAxyy4Ftv2Bqfp5Ide3iLxbmxENMztN1/pZALuUkbxfHvT64bncmTG+P
Ab9eVMDiwLR8LVqT66OvEaqn11R433/D70grvXDGHiKfYuuYT9/5alSQK3WDBl3p
1AXMV5ckt90k+sKW7QqquosQZVmVuO+SkC72c6qpHjSzVXmLymgv3fflzH3b4aiF
+GqBYDmkVvkv+bRekbG5U0UckoAIyDxegu1h5xHoj2lDiaZLsXVejUDITbuthmhN
jvGdHBlrKL9hZjSiV+1kwzQi1noVugac2RIixISXRmEV
-----END CERTIFICATE-----