Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/9jcxPazIo4nuJLzwGEzWMI2OInA.roa
File:                     9jcxPazIo4nuJLzwGEzWMI2OInA.roa (raw, json)
Hash identifier:          M8oGMIEuUrsT2GxfCTSE96wGnnJ7EGlJ/RFRqjPPIpo=
Subject key identifier:   F6:37:31:3D:AC:C8:A3:89:EE:24:BC:F0:18:4C:D6:30:8D:8E:22:70
Certificate issuer:       /CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
Certificate serial:       018CC802F276A85CAA3830513BD3DFCB0CBB
Authority key identifier: 35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/9jcxPazIo4nuJLzwGEzWMI2OInA.roa
Signing time:             Tue 02 Jan 2024 02:31:25 +0000
ROA not before:           Tue 02 Jan 2024 02:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197450
IP address blocks:        46.31.78.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f2:76:a8:5c:aa:38:30:51:3b:d3:df:cb:0c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
        Validity
            Not Before: Jan  2 02:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f637313dacc8a389ee24bcf0184cd6308d8e2270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:62:f1:63:a5:e3:ee:aa:f8:63:4f:bf:fb:6b:
                    d8:21:79:39:15:31:ad:bf:cf:bc:9b:4c:2c:19:76:
                    d2:83:5b:21:f5:2e:f7:f2:e8:bd:4c:4c:fe:45:54:
                    f1:9f:52:7e:e6:3c:b7:60:4d:7d:b6:15:9b:5e:f6:
                    94:7f:0f:8c:0a:3d:78:54:7e:a2:d2:dc:7f:5c:ad:
                    b1:ad:4c:0c:89:97:e7:aa:41:03:17:67:14:24:35:
                    2d:25:c1:b9:c8:4e:b2:22:62:d0:8c:75:35:dd:5c:
                    e2:f8:d9:be:e1:89:93:96:00:ed:97:7a:e6:0e:02:
                    14:c9:e4:a0:5b:0f:94:c1:ab:48:df:e1:7f:4d:2d:
                    68:2a:db:6e:24:ef:ee:a8:3f:8f:4f:44:44:87:b3:
                    8e:1d:1b:49:4e:12:3a:50:9a:05:c4:a0:28:a3:a1:
                    91:37:21:a3:62:05:2b:6a:02:96:b3:7d:35:74:78:
                    88:d9:12:07:4f:29:c2:18:fc:a7:22:d1:5b:c6:d9:
                    40:ea:a7:c8:fb:0b:36:55:94:c8:8b:9f:1a:eb:4a:
                    20:eb:43:d1:93:1b:59:4b:9e:c6:af:9b:ce:e4:20:
                    17:c3:91:17:16:d2:7c:04:66:90:af:f5:69:ef:df:
                    c4:2d:9e:f1:9e:eb:0b:f9:09:93:15:d9:c3:4b:72:
                    1c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:37:31:3D:AC:C8:A3:89:EE:24:BC:F0:18:4C:D6:30:8D:8E:22:70
            X509v3 Authority Key Identifier:
                keyid:35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/9jcxPazIo4nuJLzwGEzWMI2OInA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ea:dc:db:5d:e2:6d:5c:e9:d2:50:8a:fc:cf:47:01:fb:bc:
         5b:a9:e8:05:9e:e0:58:8e:c3:29:79:14:53:3f:f0:9e:a9:90:
         a1:d3:66:64:ea:6a:ba:9c:94:c6:02:aa:6b:aa:09:6c:c1:18:
         16:8c:b7:e5:46:b8:fd:03:20:8e:b0:1e:c8:c1:08:72:9b:52:
         2c:7d:a7:d5:48:11:87:0b:93:60:19:bf:05:5a:c2:62:9d:92:
         20:37:3c:15:68:1c:77:99:9c:7e:6f:a9:8c:ba:47:cd:0c:d3:
         8a:65:8b:9e:02:6c:27:02:3a:7c:ce:44:b1:9f:ea:f0:65:d4:
         6d:77:cd:f0:a0:67:17:f0:0c:4c:af:2a:55:69:1e:28:d8:b7:
         62:11:89:e7:10:df:e0:50:07:fb:f7:89:f6:00:4b:41:f5:b0:
         6a:c1:b0:3e:66:61:df:77:ad:52:a5:cc:f1:23:cb:35:0d:60:
         68:fc:b8:15:64:c7:81:89:81:1c:df:f5:5c:c0:63:2a:a1:6b:
         a9:a8:e3:59:cb:2d:6b:51:38:04:b1:c8:c9:f5:a0:3f:1e:70:
         93:e0:25:fc:4c:ef:6a:d0:02:4c:56:09:ad:d6:aa:2f:72:aa:
         e9:5b:12:28:30:3a:ec:c4:72:2a:38:c9:58:86:e2:9b:78:21:
         94:4d:5e:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvJ2qFyqODBRO9Pfywy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NTZlN2ZiNTc3MmY5NzllZGQ1ZTVjNWFhNjNlYjJiOWMw
ZGRjOGUwHhcNMjQwMTAyMDIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjM3MzEzZGFjYzhhMzg5ZWUyNGJjZjAxODRjZDYzMDhkOGUyMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGLxY6Xj7qr4Y0+/+2vYIXk5FTGt
v8+8m0wsGXbSg1sh9S738ui9TEz+RVTxn1J+5jy3YE19thWbXvaUfw+MCj14VH6i
0tx/XK2xrUwMiZfnqkEDF2cUJDUtJcG5yE6yImLQjHU13Vzi+Nm+4YmTlgDtl3rm
DgIUyeSgWw+UwatI3+F/TS1oKttuJO/uqD+PT0REh7OOHRtJThI6UJoFxKAoo6GR
NyGjYgUragKWs301dHiI2RIHTynCGPynItFbxtlA6qfI+ws2VZTIi58a60og60PR
kxtZS57Gr5vO5CAXw5EXFtJ8BGaQr/Vp79/ELZ7xnusL+QmTFdnDS3IcSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPY3MT2syKOJ7iS88BhM1jCNjiJwMB8GA1UdIwQY
MBaAFDVW5/tXcvl57dXlxapj6yucDdyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUt
NmJiMzBhODczMGVkLzEvOWpjeFBheklvNG51Skx6d0dFeldNSTJPSW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUtNmJiMzBhODczMGVk
LzEvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh9OMA0G
CSqGSIb3DQEBCwUAA4IBAQAo6tzbXeJtXOnSUIr8z0cB+7xbqegFnuBYjsMpeRRT
P/CeqZCh02Zk6mq6nJTGAqprqglswRgWjLflRrj9AyCOsB7IwQhym1IsfafVSBGH
C5NgGb8FWsJinZIgNzwVaBx3mZx+b6mMukfNDNOKZYueAmwnAjp8zkSxn+rwZdRt
d83woGcX8AxMrypVaR4o2LdiEYnnEN/gUAf794n2AEtB9bBqwbA+ZmHfd61Spczx
I8s1DWBo/LgVZMeBiYEc3/VcwGMqoWupqONZyy1rUTgEscjJ9aA/HnCT4CX8TO9q
0AJMVgmt1qovcqrpWxIoMDrsxHIqOMlYhuKbeCGUTV4R
-----END CERTIFICATE-----