Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/8IFZpZ86opCdpmgkqJgHN-W1re4.roa
File:                     8IFZpZ86opCdpmgkqJgHN-W1re4.roa (raw, json)
Hash identifier:          2uDs1c4kKRZDToaQqxvPuujfL7SplKZzwB6MfGoNq+Q=
Subject key identifier:   F0:81:59:A5:9F:3A:A2:90:9D:A6:68:24:A8:98:07:37:E5:B5:AD:EE
Certificate issuer:       /CN=4081f85602b1168925d83eb3ca61609f357956a6
Certificate serial:       0194221F84EEB819B2B925EB6A7B74CDB70A
Authority key identifier: 40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/8IFZpZ86opCdpmgkqJgHN-W1re4.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56749
IP address blocks:        31.130.182.0/24 maxlen: 24
                          31.130.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:84:ee:b8:19:b2:b9:25:eb:6a:7b:74:cd:b7:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4081f85602b1168925d83eb3ca61609f357956a6
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f08159a59f3aa2909da66824a8980737e5b5adee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:2c:c0:26:e0:e3:f4:e0:90:bc:46:ab:5e:
                    7e:87:9e:e0:58:8d:e7:9c:fa:22:bd:72:a1:02:7d:
                    71:ea:c7:40:c3:c0:28:f8:27:e4:e8:1e:95:fa:6f:
                    15:88:82:dc:56:46:c7:ee:34:90:7d:79:de:d0:f3:
                    9d:50:1f:c4:3c:16:13:6b:0c:29:3b:ed:e4:6e:1e:
                    45:a8:76:bb:3d:a7:2f:ae:28:56:ac:1b:93:a0:a2:
                    8d:30:24:e2:39:7d:95:58:79:8e:45:3b:99:5c:d8:
                    c6:53:86:e5:6b:64:2a:02:49:d8:24:ce:2f:74:47:
                    2c:0c:29:b4:0a:ef:f5:44:6e:f9:03:29:6b:5a:07:
                    69:d8:5b:1c:df:18:d4:f9:e1:4b:4b:ed:92:ee:85:
                    d7:f3:48:78:47:42:f9:a7:5f:19:87:aa:2d:a8:bb:
                    25:e1:72:a1:a9:ed:43:d6:f4:53:d7:d0:1d:46:38:
                    01:e0:c3:8a:27:16:48:05:10:af:d7:25:d7:5b:2e:
                    56:a1:ae:a3:a1:e1:37:be:2c:4a:af:05:7b:b3:08:
                    bb:e0:06:2a:79:7d:b5:c6:65:53:d8:9a:36:eb:95:
                    21:2f:35:8a:0d:72:a2:d2:d7:8b:b5:ae:59:db:19:
                    ee:55:3e:b2:60:81:bd:7c:a0:6c:c5:3c:a1:2a:e6:
                    59:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:81:59:A5:9F:3A:A2:90:9D:A6:68:24:A8:98:07:37:E5:B5:AD:EE
            X509v3 Authority Key Identifier:
                keyid:40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/8IFZpZ86opCdpmgkqJgHN-W1re4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:fd:b3:ee:f2:2a:be:57:88:36:cd:01:35:df:51:48:dc:8b:
         03:0d:1e:78:15:eb:3b:5f:bb:02:23:29:53:dd:e8:9e:90:2b:
         fa:8a:04:40:4a:d6:9b:26:11:7c:af:65:b6:e4:a4:f9:c5:a8:
         19:d5:7d:ad:05:fa:a1:9a:a0:0e:24:7a:89:07:ea:2b:dd:27:
         6b:1b:45:49:72:61:5c:6b:3c:3a:53:50:3e:e3:68:f7:7f:4d:
         2f:14:1b:30:3c:17:6c:ef:50:a4:f9:53:be:a0:89:96:38:dd:
         56:57:09:1f:02:2f:be:1b:69:fc:34:bf:ae:51:94:d4:58:6d:
         71:ac:e5:2c:ab:50:24:58:3e:9b:cd:9f:1d:f8:87:a3:c3:5d:
         52:05:e3:26:8b:7e:b1:92:3e:af:b0:de:8c:7d:3d:5a:cb:c9:
         ef:03:94:7c:3e:ed:ac:d0:6c:e7:d5:d6:9f:87:68:cc:2d:f9:
         b6:42:c4:14:7b:d1:c1:f4:81:a3:4b:56:a4:85:41:f0:e7:df:
         74:52:91:bc:ff:5e:48:16:4c:19:10:2c:6d:1a:35:45:b5:bb:
         36:2a:af:34:73:c8:04:34:45:13:df:fc:cd:b4:86:fc:e4:0f:
         ff:87:9e:67:d9:6b:f8:8e:18:61:0d:d9:f1:47:c8:98:6c:b3:
         6e:d5:b4:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4TuuBmyuSXrant0zbcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODFmODU2MDJiMTE2ODkyNWQ4M2ViM2NhNjE2MDlmMzU3
OTU2YTYwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDgxNTlhNTlmM2FhMjkwOWRhNjY4MjRhODk4MDczN2U1YjVhZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE0swCbg4/TgkLxGq15+h57gWI3n
nPoivXKhAn1x6sdAw8Ao+Cfk6B6V+m8ViILcVkbH7jSQfXne0POdUB/EPBYTawwp
O+3kbh5FqHa7PacvrihWrBuToKKNMCTiOX2VWHmORTuZXNjGU4bla2QqAknYJM4v
dEcsDCm0Cu/1RG75AylrWgdp2Fsc3xjU+eFLS+2S7oXX80h4R0L5p18Zh6otqLsl
4XKhqe1D1vRT19AdRjgB4MOKJxZIBRCv1yXXWy5Woa6joeE3vixKrwV7swi74AYq
eX21xmVT2Jo265UhLzWKDXKi0teLta5Z2xnuVT6yYIG9fKBsxTyhKuZZTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCBWaWfOqKQnaZoJKiYBzflta3uMB8GA1UdIwQY
MBaAFECB+FYCsRaJJdg+s8phYJ81eVamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUt
YzAzZjNmZGRkNGFjLzEvOElGWnBaODZvcENkcG1na3FKZ0hOLVcxcmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUtYzAzZjNmZGRkNGFj
LzEvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4K2MA0G
CSqGSIb3DQEBCwUAA4IBAQCA/bPu8iq+V4g2zQE131FI3IsDDR54Fes7X7sCIylT
3eiekCv6igRAStabJhF8r2W25KT5xagZ1X2tBfqhmqAOJHqJB+or3SdrG0VJcmFc
azw6U1A+42j3f00vFBswPBds71Ck+VO+oImWON1WVwkfAi++G2n8NL+uUZTUWG1x
rOUsq1AkWD6bzZ8d+Iejw11SBeMmi36xkj6vsN6MfT1ay8nvA5R8Pu2s0Gzn1daf
h2jMLfm2QsQUe9HB9IGjS1akhUHw5990UpG8/15IFkwZECxtGjVFtbs2Kq80c8gE
NEUT3/zNtIb85A//h55n2Wv4jhhhDdnxR8iYbLNu1bTm
-----END CERTIFICATE-----