Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/33hLGtTlOfBUBiCHtmMi_GE4T3o.roa
File:                     33hLGtTlOfBUBiCHtmMi_GE4T3o.roa (raw, json)
Hash identifier:          HYKkGn7up2kMwvN1mtbiZWOX32fMafQmlN4dT29qY4k=
Subject key identifier:   DF:78:4B:1A:D4:E5:39:F0:54:06:20:87:B6:63:22:FC:61:38:4F:7A
Certificate issuer:       /CN=92d9089a8e328d32d6de16d7da257b811b05239d
Certificate serial:       018E1417B3D1E27B72BD7CA942BB3328BE47
Authority key identifier: 92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/33hLGtTlOfBUBiCHtmMi_GE4T3o.roa
Signing time:             Wed 06 Mar 2024 14:08:01 +0000
ROA not before:           Wed 06 Mar 2024 14:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        31.14.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:17:b3:d1:e2:7b:72:bd:7c:a9:42:bb:33:28:be:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d9089a8e328d32d6de16d7da257b811b05239d
        Validity
            Not Before: Mar  6 14:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df784b1ad4e539f054062087b66322fc61384f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:b8:af:5f:e8:60:75:37:94:a2:d7:91:c5:
                    b1:5d:80:5f:df:7f:2c:0b:59:fb:5f:94:88:c1:b8:
                    e0:a0:b4:bc:12:3c:05:e1:ad:72:a4:ed:c8:35:cd:
                    0e:7c:d1:24:94:90:9c:fb:3d:50:d4:23:fd:1f:ef:
                    8f:00:bd:37:3d:9a:97:46:db:61:eb:6a:60:54:ce:
                    60:19:45:e6:a8:54:10:1d:ba:ff:6f:d1:f3:f9:bb:
                    57:a0:da:c3:6d:d6:95:bd:83:3a:7d:21:bb:3c:70:
                    db:37:68:7d:e2:5a:c6:0c:e8:65:3f:d2:71:08:19:
                    72:29:98:fa:9c:d4:48:fc:2c:52:f9:36:41:74:bd:
                    5f:a2:e2:e3:af:54:4a:24:5f:87:92:90:69:b6:73:
                    56:a3:f5:56:dc:5c:e7:f9:66:10:66:e1:9f:77:33:
                    ab:57:bd:61:1d:69:6f:30:be:63:1b:32:0b:47:d4:
                    d4:04:f0:4c:5a:0b:7c:b6:13:6b:ac:94:64:a7:75:
                    74:3c:17:84:74:d7:8c:c8:9d:32:d5:1f:f8:d9:92:
                    1e:d1:d0:f5:93:45:3f:96:0b:d9:4c:5c:05:7f:b3:
                    5f:37:91:d4:02:97:f3:1d:da:e7:a1:02:73:18:45:
                    a9:ea:9a:e1:41:21:dd:08:ea:8e:71:a1:43:cc:a0:
                    4e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:78:4B:1A:D4:E5:39:F0:54:06:20:87:B6:63:22:FC:61:38:4F:7A
            X509v3 Authority Key Identifier:
                keyid:92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/33hLGtTlOfBUBiCHtmMi_GE4T3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:e7:9d:e6:fa:8b:ff:e6:84:b6:80:a2:7f:5f:ba:90:e9:26:
         0d:2b:48:7a:02:53:fe:40:e3:2b:85:7f:49:c9:96:d3:4b:af:
         12:92:62:3b:b0:67:f0:03:92:6e:72:7f:07:d5:1f:8f:9b:4a:
         50:f3:10:60:d0:13:89:8f:30:0c:a9:9d:8b:c1:7c:b6:ae:66:
         d5:1b:7b:d6:50:39:8b:43:54:9d:63:30:67:c0:63:66:2d:de:
         6b:b2:41:b8:e6:81:c4:05:01:12:50:b9:37:9c:62:fe:62:66:
         79:73:cc:fe:19:c0:a8:5d:4a:2e:ec:ca:e2:57:8e:87:ee:de:
         fe:8b:69:b7:0f:40:ad:d3:b7:48:3d:0e:5d:bd:04:b5:6c:c3:
         01:cc:ee:5a:cb:5b:1a:d2:94:09:14:2f:04:54:75:79:9b:01:
         1d:07:c9:68:5a:ef:85:bb:17:94:82:20:ab:a5:ab:cc:33:69:
         88:e4:ca:88:fe:e7:51:b0:11:3f:ce:7a:15:de:7b:01:b6:ed:
         97:61:bc:e4:2b:c4:2c:27:07:c4:b9:5a:d5:59:07:c0:ba:0a:
         d0:63:fd:40:c9:30:8d:cf:a8:97:54:23:14:93:ec:23:f5:f1:
         3f:55:0d:91:53:89:b0:8c:43:da:ee:73:97:79:01:bd:e6:84:
         d5:71:06:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4UF7PR4ntyvXypQrszKL5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDkwODlhOGUzMjhkMzJkNmRlMTZkN2RhMjU3YjgxMWIw
NTIzOWQwHhcNMjQwMzA2MTQwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc4NGIxYWQ0ZTUzOWYwNTQwNjIwODdiNjYzMjJmYzYxMzg0ZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAS4r1/oYHU3lKLXkcWxXYBf338s
C1n7X5SIwbjgoLS8EjwF4a1ypO3INc0OfNEklJCc+z1Q1CP9H++PAL03PZqXRtth
62pgVM5gGUXmqFQQHbr/b9Hz+btXoNrDbdaVvYM6fSG7PHDbN2h94lrGDOhlP9Jx
CBlyKZj6nNRI/CxS+TZBdL1fouLjr1RKJF+HkpBptnNWo/VW3Fzn+WYQZuGfdzOr
V71hHWlvML5jGzILR9TUBPBMWgt8thNrrJRkp3V0PBeEdNeMyJ0y1R/42ZIe0dD1
k0U/lgvZTFwFf7NfN5HUApfzHdrnoQJzGEWp6prhQSHdCOqOcaFDzKBOoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN94SxrU5TnwVAYgh7ZjIvxhOE96MB8GA1UdIwQY
MBaAFJLZCJqOMo0y1t4W19ole4EbBSOdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2It
ZGYzYzA3ZjM0MTFlLzEvMzNoTEd0VGxPZkJVQmlDSHRtTWlfR0U0VDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2ItZGYzYzA3ZjM0MTFl
LzEva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw4fMA0G
CSqGSIb3DQEBCwUAA4IBAQA7553m+ov/5oS2gKJ/X7qQ6SYNK0h6AlP+QOMrhX9J
yZbTS68SkmI7sGfwA5Jucn8H1R+Pm0pQ8xBg0BOJjzAMqZ2LwXy2rmbVG3vWUDmL
Q1SdYzBnwGNmLd5rskG45oHEBQESULk3nGL+YmZ5c8z+GcCoXUou7MriV46H7t7+
i2m3D0Ct07dIPQ5dvQS1bMMBzO5ay1sa0pQJFC8EVHV5mwEdB8loWu+FuxeUgiCr
pavMM2mI5MqI/udRsBE/znoV3nsBtu2XYbzkK8QsJwfEuVrVWQfAugrQY/1AyTCN
z6iXVCMUk+wj9fE/VQ2RU4mwjEPa7nOXeQG95oTVcQbP
-----END CERTIFICATE-----