Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/f8NeW1qcH35QbN2JtCXSjgEjC88.roa
File:                     f8NeW1qcH35QbN2JtCXSjgEjC88.roa (raw, json)
Hash identifier:          yufaCR9Ze7WLxYKzFdvQOWA04CUIFHxftJ2y8pSoBxk=
Subject key identifier:   7F:C3:5E:5B:5A:9C:1F:7E:50:6C:DD:89:B4:25:D2:8E:01:23:0B:CF
Certificate issuer:       /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial:       018F3434D398E6D7DB0A8D9BBEDAEF429039
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/f8NeW1qcH35QbN2JtCXSjgEjC88.roa
Signing time:             Wed 01 May 2024 12:50:28 +0000
ROA not before:           Wed 01 May 2024 12:50:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15596
IP address blocks:        31.42.119.0/24 maxlen: 24
                          31.42.120.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:34:d3:98:e6:d7:db:0a:8d:9b:be:da:ef:42:90:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
        Validity
            Not Before: May  1 12:50:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fc35e5b5a9c1f7e506cdd89b425d28e01230bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ed:ff:6c:11:4e:0c:96:2a:ca:ad:1f:d1:f7:
                    a5:27:19:ab:9b:06:e3:6c:72:12:3c:8b:78:ad:ba:
                    63:63:68:f7:4a:98:0a:aa:86:53:1b:d9:33:28:f2:
                    4e:c4:ba:8c:59:56:33:80:bd:fb:f8:c0:08:45:a7:
                    0a:9b:1a:a1:6c:f4:4a:47:bf:cc:23:9a:0f:a6:73:
                    4e:da:6b:5d:f7:de:2d:cc:81:36:78:0b:0b:b7:e1:
                    81:27:5c:1d:3a:c2:12:16:7d:17:cc:81:63:1a:56:
                    c7:18:57:c6:26:76:54:35:e5:0e:ab:f6:f4:42:f0:
                    ef:cf:d0:ad:d3:f0:ab:0e:7b:88:bc:8b:59:29:12:
                    69:2b:44:b6:96:f7:ec:49:f2:93:de:8d:d3:68:28:
                    5b:7c:7b:a6:3f:c4:7c:56:af:ef:ad:e2:27:19:c5:
                    76:da:5b:b6:23:ac:f5:af:1e:19:db:46:05:ca:a0:
                    19:6a:50:74:2e:5c:26:41:6f:ac:67:89:c8:e7:30:
                    bf:57:23:2c:e8:5e:bb:70:94:15:e3:aa:a3:86:4c:
                    b3:fc:a9:a8:84:c3:59:0a:82:ef:0d:0f:4c:a6:f9:
                    8b:dc:68:c7:d3:da:00:42:84:67:01:aa:09:e4:e1:
                    85:c7:cf:29:fe:ae:97:19:1b:f2:62:bd:f1:17:00:
                    65:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C3:5E:5B:5A:9C:1F:7E:50:6C:DD:89:B4:25:D2:8E:01:23:0B:CF
            X509v3 Authority Key Identifier:
                keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/f8NeW1qcH35QbN2JtCXSjgEjC88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.119.0-31.42.123.255

    Signature Algorithm: sha256WithRSAEncryption
         0f:62:ba:ba:93:55:2b:cb:93:f8:2b:5c:ea:5e:ca:e6:c9:36:
         6c:b2:62:43:65:06:ec:1e:0d:db:26:c5:a7:ff:cc:0c:f0:ab:
         de:3c:0f:b0:f9:20:e7:28:ef:3a:85:54:94:39:4b:58:4d:72:
         d0:31:9a:6e:c6:3a:f9:bd:8a:13:13:59:5a:ce:80:af:42:55:
         2b:a1:08:e0:e5:5c:c8:35:cf:6f:86:23:bf:2d:8a:da:c3:10:
         4a:d7:6b:2c:ea:d7:f4:4c:85:ad:7a:be:ec:bc:95:87:53:95:
         27:37:2c:2c:26:6d:87:3e:73:68:13:f4:fc:fb:ef:15:f6:0d:
         c0:3e:5d:2d:10:28:70:43:85:7c:85:fe:76:03:3c:7f:ff:3b:
         e1:46:01:8c:86:61:b1:ae:d5:fb:ee:57:3f:e1:ce:1d:c2:59:
         b5:4a:44:a8:8c:5b:e1:0e:06:cb:97:f6:aa:eb:bd:ec:11:87:
         1f:0e:3d:40:9a:e4:28:30:3a:11:c7:3e:64:a3:a7:1e:90:0a:
         c8:74:6b:35:16:14:d5:ca:ce:46:7f:24:d8:83:43:9d:2f:1c:
         45:ce:62:c7:1e:cf:de:fe:dc:5e:fd:a7:1e:b7:40:8b:7d:5f:
         be:da:36:6d:38:f2:ca:1c:37:b0:5d:c0:f3:cb:d7:38:9e:cc:
         07:a8:6d:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY80NNOY5tfbCo2bvtrvQpA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwNTAxMTI1MDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmMzNWU1YjVhOWMxZjdlNTA2Y2RkODliNDI1ZDI4ZTAxMjMwYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u3/bBFODJYqyq0f0felJxmrmwbj
bHISPIt4rbpjY2j3SpgKqoZTG9kzKPJOxLqMWVYzgL37+MAIRacKmxqhbPRKR7/M
I5oPpnNO2mtd994tzIE2eAsLt+GBJ1wdOsISFn0XzIFjGlbHGFfGJnZUNeUOq/b0
QvDvz9Ct0/CrDnuIvItZKRJpK0S2lvfsSfKT3o3TaChbfHumP8R8Vq/vreInGcV2
2lu2I6z1rx4Z20YFyqAZalB0LlwmQW+sZ4nI5zC/VyMs6F67cJQV46qjhkyz/Kmo
hMNZCoLvDQ9MpvmL3GjH09oAQoRnAaoJ5OGFx88p/q6XGRvyYr3xFwBlnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH/DXltanB9+UGzdibQl0o4BIwvPMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvZjhOZVcxcWNIMzVRYk4ySnRDWFNqZ0VqQzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfKncD
BAIfKngwDQYJKoZIhvcNAQELBQADggEBAA9iurqTVSvLk/grXOpeyubJNmyyYkNl
BuweDdsmxaf/zAzwq948D7D5IOco7zqFVJQ5S1hNctAxmm7GOvm9ihMTWVrOgK9C
VSuhCODlXMg1z2+GI78titrDEErXayzq1/RMha16vuy8lYdTlSc3LCwmbYc+c2gT
9Pz77xX2DcA+XS0QKHBDhXyF/nYDPH//O+FGAYyGYbGu1fvuVz/hzh3CWbVKRKiM
W+EOBsuX9qrrvewRhx8OPUCa5CgwOhHHPmSjpx6QCsh0azUWFNXKzkZ/JNiDQ50v
HEXOYscez97+3F79px63QIt9X77aNm048socN7BdwPPL1ziezAeobTI=
-----END CERTIFICATE-----