Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/AuRHe5vVVyl2wDwWSwHP2F1_VZ8.roa
File:                     AuRHe5vVVyl2wDwWSwHP2F1_VZ8.roa (raw, json)
Hash identifier:          jJX9wzhTvrRBNBsTJsFUSMjD4OCQYLUJB7bEMZcJKEg=
Subject key identifier:   02:E4:47:7B:9B:D5:57:29:76:C0:3C:16:4B:01:CF:D8:5D:7F:55:9F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954860E293866CF0E9A980E91383EB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/AuRHe5vVVyl2wDwWSwHP2F1_VZ8.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39105
IP address blocks:        31.14.161.0/24 maxlen: 24
                          86.107.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:48:60:e2:93:86:6c:f0:e9:a9:80:e9:13:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02e4477b9bd5572976c03c164b01cfd85d7f559f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:61:2f:e4:d6:fd:d2:47:a5:b5:70:8d:1e:98:
                    50:c1:99:d5:41:15:db:e6:92:30:63:40:61:cc:85:
                    35:10:1c:00:12:b3:4c:e2:04:a3:f0:c0:12:2e:c7:
                    c1:fb:91:48:c5:22:e8:d2:1a:aa:49:ed:ae:81:61:
                    92:47:c5:19:c4:a6:bd:73:9d:c6:de:80:94:2c:45:
                    f5:4b:18:bb:91:20:f0:46:80:3b:81:5c:74:5d:7b:
                    01:20:b3:6d:af:81:e8:db:89:1c:3e:e6:b2:33:30:
                    cf:cb:62:a1:d6:c3:55:ac:88:ac:40:72:11:54:8e:
                    bc:88:c7:6f:5e:4b:1b:d1:42:ca:5d:e9:9a:67:3b:
                    41:12:30:5c:ed:0d:1c:ba:ed:f2:30:b9:a4:cc:fb:
                    b6:1e:92:d7:72:d5:10:75:da:a1:b2:80:d2:4f:72:
                    66:89:ff:f4:9f:d6:fb:34:e2:fc:f5:0a:78:43:58:
                    36:4e:7a:05:82:16:4b:2e:5d:c0:a2:32:86:ab:3e:
                    32:b7:d7:d2:2e:43:85:9e:ab:72:05:dd:21:87:50:
                    a1:af:56:83:85:38:f9:51:5a:91:16:1a:61:61:d7:
                    55:b2:8e:79:15:69:61:ad:90:77:d1:d7:51:06:84:
                    71:2a:1b:9f:41:c0:a1:32:e4:79:c9:b9:68:b3:9f:
                    83:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E4:47:7B:9B:D5:57:29:76:C0:3C:16:4B:01:CF:D8:5D:7F:55:9F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/AuRHe5vVVyl2wDwWSwHP2F1_VZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.161.0/24
                  86.107.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:b2:6d:c5:cd:e6:20:7b:34:5c:dd:37:cd:2a:86:26:87:11:
         82:2c:fd:e3:16:11:33:e1:79:36:33:79:c9:24:e0:4f:2f:88:
         01:14:55:f1:48:ab:86:8e:c0:04:6d:a4:72:06:ba:1d:d7:56:
         99:59:b2:62:6c:62:47:49:a6:2f:84:b8:e0:ea:95:e9:44:0d:
         c9:51:c6:29:d3:6b:c9:db:71:59:55:60:7c:f3:03:fb:16:21:
         12:d9:14:18:b5:94:38:7b:9c:81:bc:82:78:93:ee:c5:b9:31:
         e5:7c:22:c4:a0:6c:2e:4f:5d:50:7a:29:6c:ab:7c:f3:a3:60:
         fd:5a:2b:b5:04:c1:fc:b4:c9:19:ae:ce:6c:77:3c:c1:0f:33:
         d7:09:c9:f0:63:f7:5d:73:61:21:10:ed:ab:32:20:5c:7e:52:
         f3:86:68:c7:8d:8e:80:9c:e6:bb:21:cf:05:f0:39:b3:c8:a5:
         63:1d:54:e9:c1:c3:14:59:39:06:1c:c2:cd:14:4f:fb:06:6f:
         bd:73:7c:f4:8a:78:74:e4:91:75:47:06:a8:55:25:ad:99:43:
         08:fd:ca:80:a4:31:9d:78:73:d0:15:a6:57:f6:26:5a:29:a4:
         24:e9:3e:d0:ff:c9:3b:fb:1a:50:80:64:19:ea:aa:1b:34:69:
         a6:18:07:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlUhg4pOGbPDpqYDpE4PrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmU0NDc3YjliZDU1NzI5NzZjMDNjMTY0YjAxY2ZkODVkN2Y1NTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmEv5Nb90keltXCNHphQwZnVQRXb
5pIwY0BhzIU1EBwAErNM4gSj8MASLsfB+5FIxSLo0hqqSe2ugWGSR8UZxKa9c53G
3oCULEX1Sxi7kSDwRoA7gVx0XXsBILNtr4Ho24kcPuayMzDPy2Kh1sNVrIisQHIR
VI68iMdvXksb0ULKXemaZztBEjBc7Q0cuu3yMLmkzPu2HpLXctUQddqhsoDST3Jm
if/0n9b7NOL89Qp4Q1g2TnoFghZLLl3AojKGqz4yt9fSLkOFnqtyBd0hh1Chr1aD
hTj5UVqRFhphYddVso55FWlhrZB30ddRBoRxKhufQcChMuR5yblos5+DSQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFALkR3ub1VcpdsA8FksBz9hdf1WfMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0F1UkhlNXZWVnlsMndEd1dTd0hQMkYxX1ZaOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAfDqED
BABWa7AwDQYJKoZIhvcNAQELBQADggEBAM2ybcXN5iB7NFzdN80qhiaHEYIs/eMW
ETPheTYzeckk4E8viAEUVfFIq4aOwARtpHIGuh3XVplZsmJsYkdJpi+EuODqlelE
DclRxinTa8nbcVlVYHzzA/sWIRLZFBi1lDh7nIG8gniT7sW5MeV8IsSgbC5PXVB6
KWyrfPOjYP1aK7UEwfy0yRmuzmx3PMEPM9cJyfBj911zYSEQ7asyIFx+UvOGaMeN
joCc5rshzwXwObPIpWMdVOnBwxRZOQYcws0UT/sGb71zfPSKeHTkkXVHBqhVJa2Z
Qwj9yoCkMZ14c9AVplf2JloppCTpPtD/yTv7GlCAZBnqqhs0aaYYB1c=
-----END CERTIFICATE-----