Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/RKmdGADkx54SO9sVhuwlPCSt1RU.roa
File:                     RKmdGADkx54SO9sVhuwlPCSt1RU.roa (raw, json)
Hash identifier:          qeabw04+OLp8cmK2D9ghl/gw6lcJcFUl4YiVyp2wYXg=
Subject key identifier:   44:A9:9D:18:00:E4:C7:9E:12:3B:DB:15:86:EC:25:3C:24:AD:D5:15
Certificate issuer:       /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial:       018DC6784EFA17057549D5F27A84F323E029
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/RKmdGADkx54SO9sVhuwlPCSt1RU.roa
Signing time:             Tue 20 Feb 2024 12:23:09 +0000
ROA not before:           Tue 20 Feb 2024 12:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34661
IP address blocks:        31.42.124.0/22 maxlen: 22
                          193.110.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:78:4e:fa:17:05:75:49:d5:f2:7a:84:f3:23:e0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
        Validity
            Not Before: Feb 20 12:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44a99d1800e4c79e123bdb1586ec253c24add515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:06:3f:83:fc:cb:79:5e:a7:c1:77:79:3c:9b:
                    cf:4c:98:e7:5a:58:40:16:96:35:d2:eb:db:96:b3:
                    c8:46:7e:ed:4b:ff:8c:ac:97:a1:6e:56:c2:f2:9d:
                    93:7b:23:f5:72:f8:f2:32:f7:93:3c:2d:d1:03:5f:
                    51:44:e3:b4:6b:60:2e:c2:23:25:9f:d3:51:24:46:
                    c7:df:7a:71:dd:1e:1c:b0:ca:32:62:4f:0a:1b:ac:
                    9e:9a:39:55:50:2b:dd:18:32:cb:d8:fb:3c:66:04:
                    0d:00:df:42:93:f9:28:39:69:0a:74:e7:57:a2:b0:
                    3d:93:ae:a7:5e:88:cf:59:d4:4c:37:00:ae:01:0a:
                    0b:39:b9:ef:9d:39:d8:33:cc:6b:e7:e2:e9:40:2e:
                    21:94:62:fa:a6:2c:c1:9d:33:1a:11:29:bc:89:92:
                    56:00:ba:e9:e7:7b:44:89:cc:e7:6f:e2:8b:a3:97:
                    67:50:39:b0:cc:d3:82:66:38:0c:98:73:2e:23:72:
                    d5:4c:6e:9f:ad:fa:b7:dd:4a:9c:33:91:ca:2f:2e:
                    30:c2:0a:7a:48:41:59:ee:f4:77:5b:86:51:6c:06:
                    14:4e:39:f5:af:e3:c3:84:ce:f7:b0:be:4a:19:32:
                    e7:3c:1a:7c:a7:2e:88:1d:78:e6:ab:20:38:39:a1:
                    74:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A9:9D:18:00:E4:C7:9E:12:3B:DB:15:86:EC:25:3C:24:AD:D5:15
            X509v3 Authority Key Identifier:
                keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/RKmdGADkx54SO9sVhuwlPCSt1RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.124.0/22
                  193.110.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:ce:ed:33:34:f6:37:b7:f3:45:18:7b:d3:96:fc:ad:dd:65:
         1e:34:7e:8b:50:a5:43:31:77:83:90:5f:80:16:b9:c9:80:27:
         3b:c9:8e:41:b5:fb:be:5d:61:08:83:62:4c:5e:34:a6:00:ec:
         5b:2a:eb:eb:ac:95:2f:5b:2d:7c:a5:d1:d1:1f:9c:13:d4:0a:
         1a:e2:38:25:15:4c:46:64:f0:8c:3c:b0:80:47:09:32:bc:6b:
         aa:8a:2f:76:6b:8d:8b:0a:a0:a8:fc:db:5e:34:80:e5:bb:21:
         02:dd:c8:16:b0:11:b4:de:7f:f0:bd:f2:d9:6b:50:66:13:2d:
         3c:38:6d:35:26:a6:59:8d:8d:e6:fa:21:af:1c:5e:ef:7f:5f:
         f1:77:8a:c1:8a:59:88:2b:57:6b:69:60:72:15:6e:30:8c:9c:
         3b:f7:c3:28:22:fc:ef:0a:4b:65:25:9e:cf:13:31:30:9a:76:
         69:78:90:b6:05:71:1f:28:a0:51:cc:a5:c7:43:0c:2f:8a:50:
         33:49:39:95:30:cc:ed:04:b6:6b:1d:7c:52:0e:86:79:2b:7e:
         2c:ce:a2:cc:77:19:58:59:cc:7c:aa:f9:27:f4:b0:85:75:14:
         e9:5f:9b:44:0d:ad:f6:63:4e:4c:3e:01:0d:a9:c7:0d:e1:55:
         4c:c0:1e:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3GeE76FwV1SdXyeoTzI+ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwMjIwMTIyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE5OWQxODAwZTRjNzllMTIzYmRiMTU4NmVjMjUzYzI0YWRkNTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgY/g/zLeV6nwXd5PJvPTJjnWlhA
FpY10uvblrPIRn7tS/+MrJehblbC8p2TeyP1cvjyMveTPC3RA19RROO0a2AuwiMl
n9NRJEbH33px3R4csMoyYk8KG6yemjlVUCvdGDLL2Ps8ZgQNAN9Ck/koOWkKdOdX
orA9k66nXojPWdRMNwCuAQoLObnvnTnYM8xr5+LpQC4hlGL6pizBnTMaESm8iZJW
ALrp53tEicznb+KLo5dnUDmwzNOCZjgMmHMuI3LVTG6frfq33UqcM5HKLy4wwgp6
SEFZ7vR3W4ZRbAYUTjn1r+PDhM73sL5KGTLnPBp8py6IHXjmqyA4OaF0iwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFESpnRgA5MeeEjvbFYbsJTwkrdUVMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvUkttZEdBRGt4NTRTTzlzVmh1d2xQQ1N0MVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCHyp8AwQC
wW4UMA0GCSqGSIb3DQEBCwUAA4IBAQBXzu0zNPY3t/NFGHvTlvyt3WUeNH6LUKVD
MXeDkF+AFrnJgCc7yY5Btfu+XWEIg2JMXjSmAOxbKuvrrJUvWy18pdHRH5wT1Aoa
4jglFUxGZPCMPLCARwkyvGuqii92a42LCqCo/NteNIDluyEC3cgWsBG03n/wvfLZ
a1BmEy08OG01JqZZjY3m+iGvHF7vf1/xd4rBilmIK1draWByFW4wjJw798MoIvzv
CktlJZ7PEzEwmnZpeJC2BXEfKKBRzKXHQwwvilAzSTmVMMztBLZrHXxSDoZ5K34s
zqLMdxlYWcx8qvkn9LCFdRTpX5tEDa32Y05MPgENqccN4VVMwB7+
-----END CERTIFICATE-----