Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/ZlrmUhrtLorVtvD0mIUGxyJfKPg.roa
File:                     ZlrmUhrtLorVtvD0mIUGxyJfKPg.roa (raw, json)
Hash identifier:          WOC+lHF1/PAttfhb5B97cqRhsawBNxTxhW72ocGqYaU=
Subject key identifier:   66:5A:E6:52:1A:ED:2E:8A:D5:B6:F0:F4:98:85:06:C7:22:5F:28:F8
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       01934B03A4227D6C0DF2D2D6EEABCAA89EDC
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/ZlrmUhrtLorVtvD0mIUGxyJfKPg.roa
Signing time:             Wed 20 Nov 2024 19:19:10 +0000
ROA not before:           Wed 20 Nov 2024 19:19:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62425
IP address blocks:        31.133.88.0/24 maxlen: 24
                          31.133.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:03:a4:22:7d:6c:0d:f2:d2:d6:ee:ab:ca:a8:9e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Nov 20 19:19:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=665ae6521aed2e8ad5b6f0f4988506c7225f28f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:51:82:18:5d:5b:1f:d4:a3:0c:79:77:4a:f0:
                    e6:e3:d7:10:e9:4c:0d:b8:90:d5:91:79:84:ab:0f:
                    ce:75:df:3c:4f:8c:a2:41:ac:df:29:c3:63:f8:4f:
                    5b:da:f4:b7:44:8e:37:d3:a5:d5:17:f1:fc:fe:c9:
                    db:c8:c6:73:dd:c0:1e:df:6c:cc:c0:79:5e:56:18:
                    41:54:44:08:67:05:18:01:f8:83:2c:11:22:79:06:
                    6d:91:5f:28:f5:78:8e:ce:6d:76:71:92:18:92:e3:
                    02:9e:41:76:cf:d6:3c:eb:cd:4f:1e:61:c3:ff:7f:
                    61:7a:75:68:17:00:31:bc:7d:a4:44:47:0c:7c:c3:
                    b8:23:cf:57:04:fe:c3:5e:47:35:ce:30:82:00:4f:
                    19:8d:5e:4a:8f:14:10:c5:e7:48:f0:90:ca:2b:41:
                    80:f9:0d:ce:6e:36:4c:c5:d8:a9:ae:2b:bb:99:02:
                    04:b7:56:d2:60:86:a2:04:86:c9:e3:a0:de:c0:7d:
                    fe:ac:3b:d7:47:cb:20:51:46:e2:f9:26:db:88:8a:
                    c6:6e:16:97:85:38:7f:b6:76:ef:b4:0e:4c:3b:67:
                    a4:ee:ed:c1:5b:73:39:64:7e:ca:37:14:da:9a:44:
                    36:71:bf:e6:6b:d5:45:4a:25:d8:ad:97:e5:ac:6d:
                    d9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5A:E6:52:1A:ED:2E:8A:D5:B6:F0:F4:98:85:06:C7:22:5F:28:F8
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/ZlrmUhrtLorVtvD0mIUGxyJfKPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:e1:b3:38:29:f2:c0:da:64:90:51:a7:1b:40:fa:51:2e:25:
         95:df:aa:70:aa:00:ac:9f:e7:c8:05:ea:ad:1e:25:ee:ad:43:
         98:68:c8:d8:a0:9b:6c:ed:30:c7:b6:59:ea:da:2e:6c:82:ab:
         53:0d:e4:0a:72:c8:b0:e2:c9:47:a2:d1:74:97:0f:e0:0c:b4:
         88:95:b6:2a:3d:86:90:fb:7f:7e:22:b0:21:16:fc:50:97:60:
         b5:6b:21:d6:48:10:b5:d6:54:ef:34:8c:ca:b6:c1:43:26:69:
         99:09:f7:34:91:76:5c:8f:ae:a6:0a:32:0f:58:69:92:12:67:
         09:28:21:4e:b9:25:25:6b:64:81:ca:af:e3:be:f2:4f:21:d9:
         ca:fb:95:06:1c:bb:02:e6:ca:c8:76:a1:68:7f:92:86:6a:0c:
         19:ed:af:cc:0a:42:f1:f2:c4:b7:21:8c:c1:a6:39:60:1d:f4:
         7c:9f:9d:07:5e:af:e4:d9:58:6d:1f:20:f1:6a:f4:a7:eb:58:
         f9:b0:2c:02:28:71:8c:ae:2f:6e:00:1b:92:01:14:18:16:c0:
         53:70:37:4f:85:6b:d4:e4:9f:08:57:79:3f:16:5c:63:3f:b2:
         92:8c:ef:c2:47:19:ac:80:96:00:b1:57:22:f9:ba:7c:7f:61:
         54:e4:01:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNLA6QifWwN8tLW7qvKqJ7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjQxMTIwMTkxOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjVhZTY1MjFhZWQyZThhZDViNmYwZjQ5ODg1MDZjNzIyNWYyOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVGCGF1bH9SjDHl3SvDm49cQ6UwN
uJDVkXmEqw/Odd88T4yiQazfKcNj+E9b2vS3RI4306XVF/H8/snbyMZz3cAe32zM
wHleVhhBVEQIZwUYAfiDLBEieQZtkV8o9XiOzm12cZIYkuMCnkF2z9Y8681PHmHD
/39henVoFwAxvH2kREcMfMO4I89XBP7DXkc1zjCCAE8ZjV5KjxQQxedI8JDKK0GA
+Q3ObjZMxdipriu7mQIEt1bSYIaiBIbJ46DewH3+rDvXR8sgUUbi+SbbiIrGbhaX
hTh/tnbvtA5MO2ek7u3BW3M5ZH7KNxTamkQ2cb/ma9VFSiXYrZflrG3ZFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZa5lIa7S6K1bbw9JiFBsciXyj4MB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvWmxybVVocnRMb3JWdHZEMG1JVUd4eUpmS1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4VYMA0G
CSqGSIb3DQEBCwUAA4IBAQA54bM4KfLA2mSQUacbQPpRLiWV36pwqgCsn+fIBeqt
HiXurUOYaMjYoJts7TDHtlnq2i5sgqtTDeQKcsiw4slHotF0lw/gDLSIlbYqPYaQ
+39+IrAhFvxQl2C1ayHWSBC11lTvNIzKtsFDJmmZCfc0kXZcj66mCjIPWGmSEmcJ
KCFOuSUla2SByq/jvvJPIdnK+5UGHLsC5srIdqFof5KGagwZ7a/MCkLx8sS3IYzB
pjlgHfR8n50HXq/k2VhtHyDxavSn61j5sCwCKHGMri9uABuSARQYFsBTcDdPhWvU
5J8IV3k/FlxjP7KSjO/CRxmsgJYAsVci+bp8f2FU5AHG
-----END CERTIFICATE-----