Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8cyyVY2nZfzF3N9jXZK_s9HYBBs.roa
File:                     8cyyVY2nZfzF3N9jXZK_s9HYBBs.roa (raw, json)
Hash identifier:          tebdK6tXzCF6WZifkWS4mts0qeE5ps2iZNhqLEMSpYc=
Subject key identifier:   F1:CC:B2:55:8D:A7:65:FC:C5:DC:DF:63:5D:92:BF:B3:D1:D8:04:1B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FBCF840A4A0C87BDE85B44EDEE934
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8cyyVY2nZfzF3N9jXZK_s9HYBBs.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51685
IP address blocks:        31.148.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bc:f8:40:a4:a0:c8:7b:de:85:b4:4e:de:e9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1ccb2558da765fcc5dcdf635d92bfb3d1d8041b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ce:1a:0a:c8:6b:de:02:10:73:16:1e:3d:14:
                    a2:ff:95:a0:9d:45:6d:90:28:bf:ea:31:96:92:70:
                    e6:f9:26:ac:c5:59:d8:d2:5b:33:c4:c8:6e:4c:1b:
                    a9:64:a2:75:f6:61:b3:dc:ef:f8:48:c6:6d:f4:51:
                    d0:2b:f1:e8:cf:70:bd:90:ba:bc:58:00:07:db:7b:
                    f7:6b:04:55:fb:41:72:3a:94:22:d5:47:23:43:d9:
                    c1:6d:d2:99:fb:c8:2c:31:d6:66:6b:6e:3d:e0:42:
                    e2:65:56:4d:d1:13:84:cc:67:53:f9:cf:b6:f3:8f:
                    cb:83:16:f0:2c:4e:99:6c:78:29:c5:5c:ef:90:6a:
                    19:a6:b4:9c:08:6c:fd:74:b0:5f:4a:69:21:89:3b:
                    0b:1f:d5:26:db:69:75:03:0b:b5:c7:0d:ae:fe:d7:
                    74:1e:eb:40:98:66:0a:7e:20:56:45:b9:9c:99:c0:
                    1c:12:85:7d:28:47:b9:e2:17:91:23:fb:eb:68:94:
                    2d:39:fc:92:70:a6:52:0d:8e:24:ff:d2:fd:8f:4a:
                    57:27:b7:5e:9d:2a:31:d0:d3:e1:e6:89:01:c8:ec:
                    37:0a:5b:b7:e6:30:ce:6b:7b:78:3c:14:a1:82:22:
                    89:e8:e6:a4:b8:b3:c5:63:02:df:0e:cc:d2:d0:12:
                    c7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CC:B2:55:8D:A7:65:FC:C5:DC:DF:63:5D:92:BF:B3:D1:D8:04:1B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8cyyVY2nZfzF3N9jXZK_s9HYBBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:26:1f:51:4f:d4:ed:4e:bf:74:d8:3c:de:40:87:a6:32:72:
         07:12:8e:92:00:2a:c6:64:f1:1a:1f:fc:ff:dc:60:2e:96:9d:
         3c:11:e5:66:4b:17:d4:cc:b3:c4:cb:cd:21:0f:9e:ef:23:6c:
         cc:32:93:0a:54:39:bc:3c:06:f9:58:61:1c:3f:ae:a9:fa:aa:
         bd:8e:f3:72:52:d3:4d:cb:5d:b6:87:db:e5:6c:b4:1f:ad:f2:
         77:8f:57:45:42:e8:a0:25:75:f1:8c:9d:af:db:ad:b5:e6:8e:
         ad:27:1e:c4:4d:ed:51:c9:5c:f0:9a:fc:ed:5e:e0:cb:da:39:
         f0:1f:68:0b:4a:96:d2:90:ef:6e:f0:36:a8:0b:55:6b:92:0e:
         1c:39:98:81:43:9a:d9:6b:5f:50:b5:a2:3b:fa:2e:ff:a9:20:
         db:ca:28:9a:a7:0d:1e:23:5b:bd:e8:89:cf:8d:61:fb:e0:ac:
         29:99:ca:64:7d:10:74:fa:a6:1b:99:74:15:ab:aa:4a:d8:b9:
         7b:bb:f1:f5:4e:55:07:b3:ab:58:d9:57:6a:1c:1a:54:11:23:
         6d:5d:fe:63:7f:75:8e:ab:4c:79:29:c3:9e:a7:6f:ae:08:04:
         45:0c:ff:b1:f1:d0:8c:0c:d5:31:5a:35:89:1f:6b:53:ad:2f:
         98:ae:6a:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7z4QKSgyHvehbRO3uk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNjYjI1NThkYTc2NWZjYzVkY2RmNjM1ZDkyYmZiM2QxZDgwNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzc4aCshr3gIQcxYePRSi/5WgnUVt
kCi/6jGWknDm+SasxVnY0lszxMhuTBupZKJ19mGz3O/4SMZt9FHQK/Hoz3C9kLq8
WAAH23v3awRV+0FyOpQi1UcjQ9nBbdKZ+8gsMdZma2494ELiZVZN0ROEzGdT+c+2
84/LgxbwLE6ZbHgpxVzvkGoZprScCGz9dLBfSmkhiTsLH9Um22l1Awu1xw2u/td0
HutAmGYKfiBWRbmcmcAcEoV9KEe54heRI/vraJQtOfyScKZSDY4k/9L9j0pXJ7de
nSox0NPh5okByOw3Clu35jDOa3t4PBShgiKJ6OakuLPFYwLfDszS0BLHCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHMslWNp2X8xdzfY12Sv7PR2AQbMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOGN5eVZZMm5aZnpGM045alhaS19zOUhZQkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH5SIMA0G
CSqGSIb3DQEBCwUAA4IBAQCQJh9RT9TtTr902DzeQIemMnIHEo6SACrGZPEaH/z/
3GAulp08EeVmSxfUzLPEy80hD57vI2zMMpMKVDm8PAb5WGEcP66p+qq9jvNyUtNN
y122h9vlbLQfrfJ3j1dFQuigJXXxjJ2v26215o6tJx7ETe1RyVzwmvztXuDL2jnw
H2gLSpbSkO9u8DaoC1Vrkg4cOZiBQ5rZa19QtaI7+i7/qSDbyiiapw0eI1u96InP
jWH74KwpmcpkfRB0+qYbmXQVq6pK2Ll7u/H1TlUHs6tY2VdqHBpUESNtXf5jf3WO
q0x5KcOep2+uCARFDP+x8dCMDNUxWjWJH2tTrS+Yrmq+
-----END CERTIFICATE-----