Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/z80FgjYgFDVPOcE938goaNNpRwc.roa
File:                     z80FgjYgFDVPOcE938goaNNpRwc.roa (raw, json)
Hash identifier:          s6lt4elLYIBYduh/fs4MpMl5mEZxfa7OvdHtka/h7hI=
Subject key identifier:   CF:CD:05:82:36:20:14:35:4F:39:C1:3D:DF:C8:28:68:D3:69:47:07
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       018CC801B135AC657F67B7C32A7E89F14384
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/z80FgjYgFDVPOcE938goaNNpRwc.roa
Signing time:             Tue 02 Jan 2024 02:30:03 +0000
ROA not before:           Tue 02 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206810
IP address blocks:        31.40.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b1:35:ac:65:7f:67:b7:c3:2a:7e:89:f1:43:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  2 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfcd0582362014354f39c13ddfc82868d3694707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:e1:08:29:c8:1f:89:c3:30:78:7b:1c:b2:
                    90:a7:58:a8:b5:2f:27:c2:ed:4b:70:4a:ef:35:98:
                    f8:13:37:73:0d:e4:d6:8e:90:e8:d4:e6:69:a8:32:
                    1b:ea:3e:87:75:50:28:7e:d4:6b:af:ed:bc:01:49:
                    1f:d2:e8:24:7d:16:b5:b7:ba:9f:d0:61:53:9d:39:
                    eb:fa:09:ec:53:e0:3b:98:4d:37:c3:c8:2a:9f:46:
                    e9:25:ec:d8:fe:f0:9c:c7:39:47:f0:91:b9:d9:a4:
                    e4:4f:9a:c2:b6:49:de:60:0e:d5:d7:f8:b8:a7:67:
                    f2:0c:61:f4:35:7e:4b:18:7a:f9:a0:d0:6a:fa:07:
                    2f:f6:a4:a0:72:ce:49:a2:f1:11:70:11:88:71:cf:
                    d9:88:5a:0d:29:f4:a0:7e:f1:91:17:e8:57:7a:fb:
                    30:08:34:f9:62:1a:c2:0d:60:73:a1:e1:01:3a:b5:
                    ba:3c:b0:6d:7c:ad:19:a4:fe:61:15:cc:ec:53:e4:
                    88:8c:21:d7:42:b9:12:45:11:d1:72:45:f4:1b:68:
                    b6:ed:8b:16:5f:82:02:97:bf:de:dc:25:c2:cc:4a:
                    3b:7b:20:68:ad:53:82:ca:9b:9d:b1:b6:54:25:5f:
                    b5:99:06:88:8e:56:ec:0b:5c:b4:55:6a:df:4f:82:
                    66:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CD:05:82:36:20:14:35:4F:39:C1:3D:DF:C8:28:68:D3:69:47:07
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/z80FgjYgFDVPOcE938goaNNpRwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:36:f7:04:87:d7:a8:6a:88:26:93:b7:16:23:20:35:6b:c8:
         43:53:70:44:7e:bd:51:c8:e7:87:bc:1b:47:6b:e2:7c:d9:67:
         2d:56:34:a6:3d:1c:74:bf:53:0e:7f:64:60:4c:78:cb:13:d4:
         75:e4:23:6d:f9:2a:1c:5e:3c:a0:2d:48:bd:e6:e6:ae:9e:3f:
         ae:23:a7:94:0b:77:a1:32:31:4d:12:29:7d:1d:5f:b9:bc:00:
         30:5b:0e:b9:9c:5c:83:69:45:87:5b:0f:65:a9:a0:19:c4:59:
         b7:7d:e5:f2:1f:eb:10:54:1d:6b:bf:c1:c8:5c:00:67:46:e7:
         2a:51:7c:7d:bf:c7:73:b3:d5:df:c2:9d:06:49:b2:b6:b5:b9:
         3c:d7:8c:17:4f:71:2c:16:ad:18:c5:7b:42:00:c1:7d:6f:10:
         57:62:08:fa:be:72:f4:15:5e:fc:55:f9:de:6f:f9:8b:90:17:
         ff:d5:5c:00:f9:1d:c5:3b:d3:57:73:f5:aa:72:6c:e5:49:02:
         b6:07:62:84:07:38:f3:14:1d:25:95:5d:e5:0d:fc:27:42:ff:
         d6:c3:50:d1:d9:c2:ad:44:7e:15:7c:0e:1b:bf:8e:77:93:de:
         11:6b:22:62:a4:06:8b:78:62:6f:07:46:66:7f:eb:6a:a0:e5:
         3d:74:7b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbE1rGV/Z7fDKn6J8UOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjQwMTAyMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNkMDU4MjM2MjAxNDM1NGYzOWMxM2RkZmM4Mjg2OGQzNjk0NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWPhCCnIH4nDMHh7HLKQp1iotS8n
wu1LcErvNZj4EzdzDeTWjpDo1OZpqDIb6j6HdVAoftRrr+28AUkf0ugkfRa1t7qf
0GFTnTnr+gnsU+A7mE03w8gqn0bpJezY/vCcxzlH8JG52aTkT5rCtkneYA7V1/i4
p2fyDGH0NX5LGHr5oNBq+gcv9qSgcs5JovERcBGIcc/ZiFoNKfSgfvGRF+hXevsw
CDT5YhrCDWBzoeEBOrW6PLBtfK0ZpP5hFczsU+SIjCHXQrkSRRHRckX0G2i27YsW
X4ICl7/e3CXCzEo7eyBorVOCypudsbZUJV+1mQaIjlbsC1y0VWrfT4JmIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/NBYI2IBQ1TznBPd/IKGjTaUcHMB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvejgwRmdqWWdGRFZQT2NFOTM4Z29hTk5wUndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyidMA0G
CSqGSIb3DQEBCwUAA4IBAQCYNvcEh9eoaogmk7cWIyA1a8hDU3BEfr1RyOeHvBtH
a+J82WctVjSmPRx0v1MOf2RgTHjLE9R15CNt+SocXjygLUi95uaunj+uI6eUC3eh
MjFNEil9HV+5vAAwWw65nFyDaUWHWw9lqaAZxFm3feXyH+sQVB1rv8HIXABnRucq
UXx9v8dzs9Xfwp0GSbK2tbk814wXT3EsFq0YxXtCAMF9bxBXYgj6vnL0FV78Vfne
b/mLkBf/1VwA+R3FO9NXc/WqcmzlSQK2B2KEBzjzFB0llV3lDfwnQv/Ww1DR2cKt
RH4VfA4bv453k94RayJipAaLeGJvB0Zmf+tqoOU9dHv+
-----END CERTIFICATE-----