Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2BGtctFKlKO_PyzTWAJGOwUcqSk.roa
File:                     2BGtctFKlKO_PyzTWAJGOwUcqSk.roa (raw, json)
Hash identifier:          ZpDsbf/3qFH5SetXserYtMDaQeFyFnayB04mtTgy+2k=
Subject key identifier:   D8:11:AD:72:D1:4A:94:A3:BF:3F:2C:D3:58:02:46:3B:05:1C:A9:29
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       018CC64A07E39C5DF6F87858273F4E51E328
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2BGtctFKlKO_PyzTWAJGOwUcqSk.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        31.133.84.0/22 maxlen: 22
                          176.103.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:07:e3:9c:5d:f6:f8:78:58:27:3f:4e:51:e3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d811ad72d14a94a3bf3f2cd35802463b051ca929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:99:68:19:fe:b2:05:ac:59:e4:34:4d:11:7e:
                    b0:89:ea:85:27:70:81:81:19:3e:95:02:f2:ef:3b:
                    aa:78:4e:be:b1:13:a4:74:5b:af:01:45:c4:ed:4a:
                    80:cf:88:65:7e:47:a4:2c:00:4a:55:d9:dd:ff:d5:
                    b2:ba:5a:89:0f:6a:86:d6:c6:5e:39:0f:c9:1c:6c:
                    e3:e2:76:f2:c6:ff:9a:ec:cc:14:52:e3:cb:85:82:
                    58:56:9a:86:67:13:bd:d7:91:2a:04:79:eb:c6:58:
                    94:5e:ea:15:f0:61:6d:d6:46:dc:23:f9:aa:4b:34:
                    b0:18:b0:42:89:a8:7c:f7:b1:a9:e9:65:84:8d:72:
                    32:1f:4e:db:d8:d0:13:f1:d9:91:70:4b:ca:3e:54:
                    59:5c:8d:f9:7f:d9:e5:71:fd:d8:eb:c3:2f:03:ea:
                    47:f1:53:eb:a4:22:5b:6e:40:43:ed:90:6f:01:08:
                    b1:cd:69:d8:dc:fa:65:e6:6c:78:a7:98:5a:7b:f7:
                    21:c8:c0:21:6c:32:58:37:5a:1c:2e:67:96:4a:ca:
                    78:bc:c7:6c:45:2b:b4:9c:14:9f:82:0e:63:f1:35:
                    c6:17:fb:40:ef:b6:78:66:5e:50:34:1d:b9:33:aa:
                    20:8d:ae:3e:a8:67:f8:52:70:cb:c0:56:3f:3b:91:
                    2a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:11:AD:72:D1:4A:94:A3:BF:3F:2C:D3:58:02:46:3B:05:1C:A9:29
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2BGtctFKlKO_PyzTWAJGOwUcqSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.84.0/22
                  176.103.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:19:1f:78:32:22:ca:48:51:49:5d:90:70:18:3a:82:16:03:
         3c:fb:57:a9:1f:4f:44:1e:a6:c3:43:a4:19:74:da:d0:11:ab:
         14:d1:be:bd:3f:af:db:33:a1:47:ef:d3:b1:17:c6:11:64:46:
         00:73:f9:97:8f:e0:b1:e5:9c:80:a8:f7:44:cf:b7:b6:3c:c8:
         da:9d:93:56:02:12:8c:6b:d6:da:4b:ab:a1:02:95:da:46:b5:
         ec:ce:c3:6a:b0:3f:4c:e7:64:18:96:4c:7b:9e:28:d1:97:fc:
         14:43:88:9b:d7:45:a5:3b:6a:ae:3f:f0:b8:bb:9d:cb:44:eb:
         44:e5:cd:73:ab:ec:11:4a:36:3c:4f:b2:c8:f6:2d:54:c3:84:
         30:57:c7:ed:56:8e:56:30:16:36:7d:30:9f:1c:33:ab:c3:dd:
         aa:10:58:6e:b9:28:3f:3b:33:6e:dc:6a:b1:1a:c1:79:3a:46:
         21:ad:f2:da:e8:4f:c1:88:55:c1:8d:05:4f:4a:4b:1e:0b:f2:
         de:14:5f:98:5f:23:95:62:9d:14:6a:34:2f:6f:a1:51:08:7a:
         aa:63:f6:7b:c6:57:93:2d:3c:f2:c9:7e:25:e3:b8:60:50:63:
         57:55:ec:2b:41:59:c0:91:3b:51:d1:7d:e0:4e:ff:6e:b5:63:
         7c:01:bd:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSgfjnF32+HhYJz9OUeMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODExYWQ3MmQxNGE5NGEzYmYzZjJjZDM1ODAyNDYzYjA1MWNhOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZloGf6yBaxZ5DRNEX6wieqFJ3CB
gRk+lQLy7zuqeE6+sROkdFuvAUXE7UqAz4hlfkekLABKVdnd/9WyulqJD2qG1sZe
OQ/JHGzj4nbyxv+a7MwUUuPLhYJYVpqGZxO915EqBHnrxliUXuoV8GFt1kbcI/mq
SzSwGLBCiah897Gp6WWEjXIyH07b2NAT8dmRcEvKPlRZXI35f9nlcf3Y68MvA+pH
8VPrpCJbbkBD7ZBvAQixzWnY3Ppl5mx4p5hae/chyMAhbDJYN1ocLmeWSsp4vMds
RSu0nBSfgg5j8TXGF/tA77Z4Zl5QNB25M6ogja4+qGf4UnDLwFY/O5EqdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNgRrXLRSpSjvz8s01gCRjsFHKkpMB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvMkJHdGN0RktsS09fUHl6VFdBSkdPd1VjcVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCH4VUAwQC
sGfsMA0GCSqGSIb3DQEBCwUAA4IBAQCMGR94MiLKSFFJXZBwGDqCFgM8+1epH09E
HqbDQ6QZdNrQEasU0b69P6/bM6FH79OxF8YRZEYAc/mXj+Cx5ZyAqPdEz7e2PMja
nZNWAhKMa9baS6uhApXaRrXszsNqsD9M52QYlkx7nijRl/wUQ4ib10WlO2quP/C4
u53LROtE5c1zq+wRSjY8T7LI9i1Uw4QwV8ftVo5WMBY2fTCfHDOrw92qEFhuuSg/
OzNu3GqxGsF5OkYhrfLa6E/BiFXBjQVPSkseC/LeFF+YXyOVYp0UajQvb6FRCHqq
Y/Z7xleTLTzyyX4l47hgUGNXVewrQVnAkTtR0X3gTv9utWN8Ab3m
-----END CERTIFICATE-----