Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/gEV9yh03rZdtxW5936s-qe7lkxY.roa
File:                     gEV9yh03rZdtxW5936s-qe7lkxY.roa (raw, json)
Hash identifier:          ztB5mmY9tjCdwV8WvFqM9/GcOCmzxqlymQ21H4Qt+jk=
Subject key identifier:   80:45:7D:CA:1D:37:AD:97:6D:C5:6E:7D:DF:AB:3E:A9:EE:E5:93:16
Certificate issuer:       /CN=473b09b8fdede6cab524fcaa3b31e616ba2e4896
Certificate serial:       018CC86F4E503A623AE727B6B95A426CB26D
Authority key identifier: 47:3B:09:B8:FD:ED:E6:CA:B5:24:FC:AA:3B:31:E6:16:BA:2E:48:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/gEV9yh03rZdtxW5936s-qe7lkxY.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49221
IP address blocks:        31.7.48.0/21 maxlen: 21
                          185.94.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4e:50:3a:62:3a:e7:27:b6:b9:5a:42:6c:b2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473b09b8fdede6cab524fcaa3b31e616ba2e4896
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80457dca1d37ad976dc56e7ddfab3ea9eee59316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:78:7c:bf:73:0d:f6:3a:94:c2:f6:27:54:c6:
                    3d:a1:32:83:b5:79:a7:93:d9:f8:0f:be:64:5e:63:
                    5e:7e:b7:65:6b:10:44:eb:a0:0f:0d:8d:2a:4f:70:
                    6b:3a:ef:ae:3d:1b:4c:14:86:ba:13:c5:a7:cb:88:
                    ba:9d:2a:ea:88:96:61:18:e2:c3:e6:00:4d:42:dc:
                    c9:0c:4f:25:31:a6:20:5f:b8:a3:99:d3:e8:ee:d7:
                    bb:8c:4c:46:c4:71:c1:b6:ef:11:44:72:df:57:d0:
                    e5:fd:1a:d9:0e:dc:e8:05:04:71:4f:03:fe:11:f7:
                    04:ae:d9:c8:ec:14:dc:57:d4:bf:84:17:24:ad:a6:
                    8b:d8:91:e3:e1:eb:70:d9:6b:60:ce:32:7d:1a:16:
                    7b:5f:6b:e4:7b:8b:66:fc:8d:37:17:c7:e1:7f:cf:
                    f4:81:30:02:f7:50:ef:c5:e9:55:dc:94:10:21:24:
                    6e:c2:95:ff:26:7d:88:b0:c8:ae:2c:e7:f9:c1:40:
                    cb:4c:21:cd:c0:b1:36:95:4d:30:be:d8:d1:2d:cf:
                    d1:34:9e:61:db:62:88:67:f3:ca:0c:70:67:47:5f:
                    b3:2d:e2:3f:59:b1:03:25:c6:3d:ba:92:90:9a:32:
                    04:a1:e2:ef:d5:da:3f:78:46:22:01:21:6b:d0:fd:
                    7f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:45:7D:CA:1D:37:AD:97:6D:C5:6E:7D:DF:AB:3E:A9:EE:E5:93:16
            X509v3 Authority Key Identifier:
                keyid:47:3B:09:B8:FD:ED:E6:CA:B5:24:FC:AA:3B:31:E6:16:BA:2E:48:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzsJuP3t5sq1JPyqOzHmFrouSJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/gEV9yh03rZdtxW5936s-qe7lkxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/c04674-e9ac-4547-bcda-258854e50cf8/1/RzsJuP3t5sq1JPyqOzHmFrouSJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.48.0/21
                  185.94.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:9c:fe:c3:b5:bd:88:fe:30:fb:3a:5e:ea:59:c8:bb:94:bb:
         da:31:9d:0b:a2:6b:e9:b4:73:68:25:3a:59:ea:2f:a7:a1:67:
         0c:21:86:87:2e:4d:03:ed:27:a7:c6:f4:9d:5c:8b:3c:0a:55:
         32:f7:06:f3:5e:0c:52:2e:51:26:1a:14:34:19:d0:7e:8e:8a:
         f8:aa:80:34:2b:15:f2:eb:ab:e4:75:8d:f5:0b:0a:3e:dd:34:
         6a:96:5d:0b:93:d0:45:25:a8:45:77:23:26:5d:89:12:89:b1:
         e8:76:4f:40:32:49:d5:39:60:69:08:61:97:1a:f1:67:1f:84:
         e5:1c:fc:b1:38:44:ab:da:5c:f5:06:ab:d3:b8:35:53:66:e6:
         4f:67:80:25:6c:e4:71:c8:d2:12:1a:0b:a7:e1:05:bd:7d:a4:
         0f:d8:03:e0:c6:23:b9:78:62:ee:7f:a6:16:db:60:76:6d:c7:
         83:df:38:2b:6c:41:eb:a7:0e:90:8b:a4:1f:a1:de:ac:ef:2c:
         bd:a3:0f:d3:37:dd:0c:11:4b:4b:4e:26:0f:3c:cd:ce:7a:21:
         30:de:9b:5e:47:9f:f7:be:0e:8f:96:34:dc:3d:0b:6c:a5:30:
         0d:8b:94:5f:54:95:d8:00:a0:e4:17:b4:7e:bc:a9:ab:02:32:
         5b:97:3f:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb05QOmI65ye2uVpCbLJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3M2IwOWI4ZmRlZGU2Y2FiNTI0ZmNhYTNiMzFlNjE2YmEy
ZTQ4OTYwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDQ1N2RjYTFkMzdhZDk3NmRjNTZlN2RkZmFiM2VhOWVlZTU5MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXh8v3MN9jqUwvYnVMY9oTKDtXmn
k9n4D75kXmNefrdlaxBE66APDY0qT3BrOu+uPRtMFIa6E8Wny4i6nSrqiJZhGOLD
5gBNQtzJDE8lMaYgX7ijmdPo7te7jExGxHHBtu8RRHLfV9Dl/RrZDtzoBQRxTwP+
EfcErtnI7BTcV9S/hBckraaL2JHj4etw2WtgzjJ9GhZ7X2vke4tm/I03F8fhf8/0
gTAC91DvxelV3JQQISRuwpX/Jn2IsMiuLOf5wUDLTCHNwLE2lU0wvtjRLc/RNJ5h
22KIZ/PKDHBnR1+zLeI/WbEDJcY9upKQmjIEoeLv1do/eEYiASFr0P1/pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIBFfcodN62XbcVufd+rPqnu5ZMWMB8GA1UdIwQY
MBaAFEc7Cbj97ebKtST8qjsx5ha6LkiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpzSnVQM3Q1c3ExSlB5cU96SG1Gcm91U0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9jMDQ2NzQtZTlhYy00NTQ3LWJjZGEt
MjU4ODU0ZTUwY2Y4LzEvZ0VWOXloMDNyWmR0eFc1OTM2cy1xZTdsa3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9jMDQ2NzQtZTlhYy00NTQ3LWJjZGEtMjU4ODU0ZTUwY2Y4
LzEvUnpzSnVQM3Q1c3ExSlB5cU96SG1Gcm91U0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHwcwAwQC
uV7IMA0GCSqGSIb3DQEBCwUAA4IBAQCgnP7Dtb2I/jD7Ol7qWci7lLvaMZ0Lomvp
tHNoJTpZ6i+noWcMIYaHLk0D7SenxvSdXIs8ClUy9wbzXgxSLlEmGhQ0GdB+jor4
qoA0KxXy66vkdY31Cwo+3TRqll0Lk9BFJahFdyMmXYkSibHodk9AMknVOWBpCGGX
GvFnH4TlHPyxOESr2lz1BqvTuDVTZuZPZ4AlbORxyNISGgun4QW9faQP2APgxiO5
eGLuf6YW22B2bceD3zgrbEHrpw6Qi6Qfod6s7yy9ow/TN90MEUtLTiYPPM3OeiEw
3pteR5/3vg6PljTcPQtspTANi5RfVJXYAKDkF7R+vKmrAjJblz8M
-----END CERTIFICATE-----