Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8IuoSP770zMsG-Q6gCUsoOXSUgY.roa
File:                     8IuoSP770zMsG-Q6gCUsoOXSUgY.roa (raw, json)
Hash identifier:          AhN4tV3zGX0DjILTDdx5d9ejr9+Zsbax28Y1fbnY6B0=
Subject key identifier:   F0:8B:A8:48:FE:FB:D3:33:2C:1B:E4:3A:80:25:2C:A0:E5:D2:52:06
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0195192EF61D53ED87985D7020503663743E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8IuoSP770zMsG-Q6gCUsoOXSUgY.roa
Signing time:             Tue 18 Feb 2025 13:11:02 +0000
ROA not before:           Tue 18 Feb 2025 13:11:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213332
IP address blocks:        31.210.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:2e:f6:1d:53:ed:87:98:5d:70:20:50:36:63:74:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 18 13:11:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f08ba848fefbd3332c1be43a80252ca0e5d25206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:a7:0e:21:39:08:87:f5:1b:bb:5c:7e:07:
                    5f:c0:24:b1:d1:0d:07:c7:88:4d:1a:18:07:e0:6a:
                    a7:91:e5:79:4e:11:58:c6:ba:82:1d:1d:1f:df:24:
                    ca:1a:dc:bc:af:b1:6b:f6:7b:7c:dc:24:82:b4:1d:
                    93:4b:0d:82:28:b4:b1:98:b5:e6:e4:5e:07:36:3d:
                    77:99:3c:67:89:27:19:72:4b:83:7e:f2:5e:7f:3a:
                    cc:cb:bb:61:2a:d8:e8:7c:d6:9b:e0:a7:89:52:97:
                    91:c9:73:cf:0f:c8:d4:fb:3e:63:9b:28:2c:f2:0e:
                    ae:64:7e:c7:5f:09:9e:15:95:ba:ca:3f:b7:99:da:
                    7b:e2:92:63:30:f3:bd:3c:1c:ac:ab:a5:17:8f:e5:
                    35:c0:8f:1f:d4:95:5a:1a:8e:80:39:93:51:43:18:
                    45:5d:5f:6e:18:4e:81:63:1e:9e:e1:48:d2:02:d9:
                    26:ca:5b:8e:5b:d7:c4:5e:db:16:1f:43:6b:9d:ec:
                    bd:23:e6:d3:c6:88:4b:99:a4:a4:f8:2f:e1:32:fb:
                    2a:ec:bf:b4:1e:a3:37:0b:97:9f:20:8f:8c:48:26:
                    82:c2:ae:b0:00:1b:22:be:3b:fa:1c:13:7a:e1:1a:
                    5a:dd:bc:dc:3f:cd:2f:ad:44:24:db:f2:a2:60:d0:
                    91:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:8B:A8:48:FE:FB:D3:33:2C:1B:E4:3A:80:25:2C:A0:E5:D2:52:06
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8IuoSP770zMsG-Q6gCUsoOXSUgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:85:23:0d:0a:48:cd:0c:5b:4f:46:bf:ea:3d:b5:4e:40:f0:
         23:02:cf:fb:09:d0:b8:5a:cc:7d:13:58:1b:35:f7:dc:8f:16:
         f5:72:2f:1b:52:2f:a4:07:a8:9f:73:47:86:1e:1f:4f:72:ae:
         53:05:1b:0d:3a:98:ef:5c:5b:4a:fa:19:eb:f9:c8:4d:34:6e:
         94:4f:82:4e:bb:97:47:5d:41:0f:f8:11:74:bf:f9:77:fb:0b:
         10:3d:21:74:3d:ee:4e:52:44:8a:fb:b5:a1:de:22:32:18:11:
         69:fc:e7:ec:27:b5:0a:04:88:7b:fa:a8:ca:2a:50:9f:1f:e6:
         01:45:38:a5:33:2b:7b:9f:ee:c2:17:1d:7e:72:c5:11:87:f9:
         5b:af:94:ba:a2:7a:81:7e:6e:d2:3d:4f:ec:94:bd:67:39:9e:
         9d:ca:ba:85:68:d2:5e:0c:c0:a7:09:a4:7d:3b:5d:8a:7c:29:
         e6:49:5b:2f:37:03:2c:7b:92:a5:2d:8b:26:29:2b:51:ae:1b:
         0d:da:31:a5:4d:fe:4f:8f:96:d5:7b:26:20:24:0c:73:f0:25:
         23:8c:1e:8a:6e:87:1e:db:bc:b4:02:f5:67:d0:34:91:2d:ae:
         19:1b:4d:11:93:6b:dc:75:74:e4:39:ca:df:07:50:e0:d3:ae:
         18:0e:ac:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZLvYdU+2HmF1wIFA2Y3Q+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMjE4MTMxMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDhiYTg0OGZlZmJkMzMzMmMxYmU0M2E4MDI1MmNhMGU1ZDI1MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaWnDiE5CIf1G7tcfgdfwCSx0Q0H
x4hNGhgH4GqnkeV5ThFYxrqCHR0f3yTKGty8r7Fr9nt83CSCtB2TSw2CKLSxmLXm
5F4HNj13mTxniScZckuDfvJefzrMy7thKtjofNab4KeJUpeRyXPPD8jU+z5jmygs
8g6uZH7HXwmeFZW6yj+3mdp74pJjMPO9PBysq6UXj+U1wI8f1JVaGo6AOZNRQxhF
XV9uGE6BYx6e4UjSAtkmyluOW9fEXtsWH0Nrney9I+bTxohLmaSk+C/hMvsq7L+0
HqM3C5efII+MSCaCwq6wABsivjv6HBN64Rpa3bzcP80vrUQk2/KiYNCRdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCLqEj++9MzLBvkOoAlLKDl0lIGMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvOEl1b1NQNzcwek1zRy1RNmdDVXNvT1hTVWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9IjMA0G
CSqGSIb3DQEBCwUAA4IBAQCWhSMNCkjNDFtPRr/qPbVOQPAjAs/7CdC4Wsx9E1gb
Nffcjxb1ci8bUi+kB6ifc0eGHh9Pcq5TBRsNOpjvXFtK+hnr+chNNG6UT4JOu5dH
XUEP+BF0v/l3+wsQPSF0Pe5OUkSK+7Wh3iIyGBFp/OfsJ7UKBIh7+qjKKlCfH+YB
RTilMyt7n+7CFx1+csURh/lbr5S6onqBfm7SPU/slL1nOZ6dyrqFaNJeDMCnCaR9
O12KfCnmSVsvNwMse5KlLYsmKStRrhsN2jGlTf5Pj5bVeyYgJAxz8CUjjB6Kboce
27y0AvVn0DSRLa4ZG00Rk2vcdXTkOcrfB1Dg064YDqy4
-----END CERTIFICATE-----