Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/z_9A5BJtHieb1hmDzAdPohzbjN4.roa
File:                     z_9A5BJtHieb1hmDzAdPohzbjN4.roa (raw, json)
Hash identifier:          1sqE+vpsb609pxUHpQpZu26wQuhh91usG6g+FRRr5l4=
Subject key identifier:   CF:FF:40:E4:12:6D:1E:27:9B:D6:19:83:CC:07:4F:A2:1C:DB:8C:DE
Certificate issuer:       /CN=1792582aa0b18d6073592f121a6e563fec424672
Certificate serial:       018CC7941DF120053C00655B3110BDBBA1FB
Authority key identifier: 17:92:58:2A:A0:B1:8D:60:73:59:2F:12:1A:6E:56:3F:EC:42:46:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5JYKqCxjWBzWS8SGm5WP-xCRnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/z_9A5BJtHieb1hmDzAdPohzbjN4.roa
Signing time:             Tue 02 Jan 2024 00:30:22 +0000
ROA not before:           Tue 02 Jan 2024 00:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51631
IP address blocks:        185.94.31.0/24 maxlen: 24
                          2a13:2301::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/F5JYKqCxjWBzWS8SGm5WP-xCRnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/F5JYKqCxjWBzWS8SGm5WP-xCRnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5JYKqCxjWBzWS8SGm5WP-xCRnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1d:f1:20:05:3c:00:65:5b:31:10:bd:bb:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1792582aa0b18d6073592f121a6e563fec424672
        Validity
            Not Before: Jan  2 00:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfff40e4126d1e279bd61983cc074fa21cdb8cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:47:a3:3f:18:3a:03:b8:1b:4c:bd:40:8a:10:
                    23:d3:55:8b:bd:56:7b:25:1a:52:78:3d:a6:0b:15:
                    17:e0:5e:33:a9:e4:4a:64:ee:4e:77:7d:35:b5:e7:
                    8b:e9:f6:fa:9c:e5:c8:cb:45:bf:88:68:b9:d0:85:
                    f7:fd:e6:59:67:00:3a:bf:f8:2f:57:20:27:df:28:
                    2b:e4:79:10:12:ee:e6:ec:a1:da:49:65:f4:ec:ea:
                    48:e3:d8:8b:9d:09:c4:5a:0a:2f:0d:7c:73:7b:0e:
                    17:3d:fa:44:0f:21:ea:e1:32:02:83:7b:e0:a0:c6:
                    4d:9d:a8:e0:82:46:06:60:b6:82:eb:1d:3b:fe:18:
                    93:27:36:58:b6:d2:48:26:99:2c:50:09:8f:de:f9:
                    1d:96:b6:56:95:e3:98:58:1b:c4:b8:55:27:3c:74:
                    55:e7:db:a6:a0:e1:51:a1:32:b2:74:7f:49:4f:56:
                    eb:dc:1c:c1:6c:09:ac:bf:71:1c:40:6d:49:69:0d:
                    b3:93:aa:47:47:61:77:aa:17:da:35:80:0e:e9:f6:
                    5b:6d:47:ef:31:26:88:8a:f8:6c:3d:e1:75:7e:dc:
                    30:62:ab:9b:1e:61:6d:76:16:cd:7d:03:62:5b:04:
                    9c:ec:9f:d4:34:25:4e:fd:00:9c:b5:57:4a:10:e2:
                    16:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FF:40:E4:12:6D:1E:27:9B:D6:19:83:CC:07:4F:A2:1C:DB:8C:DE
            X509v3 Authority Key Identifier:
                keyid:17:92:58:2A:A0:B1:8D:60:73:59:2F:12:1A:6E:56:3F:EC:42:46:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5JYKqCxjWBzWS8SGm5WP-xCRnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/z_9A5BJtHieb1hmDzAdPohzbjN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/2d3607-be58-4a05-9d68-e84f3b4927ad/1/F5JYKqCxjWBzWS8SGm5WP-xCRnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.31.0/24
                IPv6:
                  2a13:2301::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:d7:cf:dd:c3:ce:b9:80:ae:b8:db:69:1f:56:40:c9:69:ae:
         9c:f6:28:d7:b0:25:51:60:b4:61:1a:8b:07:f8:24:d0:44:cc:
         10:e0:f7:13:73:0c:4c:75:22:7a:be:7e:54:e5:9a:bc:14:17:
         fc:9c:9f:bb:93:27:e5:a7:83:84:3b:cb:8b:17:84:6b:da:78:
         d1:37:f3:18:19:02:e1:10:67:ab:21:f2:16:da:87:68:45:cc:
         17:4d:7d:7e:1b:93:6d:5c:29:8f:31:89:a9:4d:47:0e:23:40:
         00:8c:7d:43:e4:24:97:73:a6:35:94:bb:1c:7b:2a:51:f1:9b:
         d2:72:4b:ca:73:6d:70:06:46:d6:39:79:51:26:a3:d0:22:3f:
         89:cd:2e:88:ad:66:48:39:2f:82:e0:93:8c:5a:9c:e1:d3:9a:
         79:d8:77:7c:87:e4:e3:72:d9:e4:a6:2c:32:ba:8d:fa:a8:49:
         5e:39:ad:0f:0e:00:35:33:a9:c1:64:3a:76:6a:55:9b:b2:fc:
         20:37:17:f9:4f:bb:75:8e:19:11:fe:61:d9:28:8c:8d:2a:38:
         ac:3d:b6:b2:21:f1:fb:1c:3d:c6:fb:2f:06:67:03:3b:f8:a4:
         82:6c:a8:38:f3:8f:96:16:b8:26:c8:c0:cb:f1:2c:5c:5a:d7:
         35:04:13:be
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlB3xIAU8AGVbMRC9u6H7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTI1ODJhYTBiMThkNjA3MzU5MmYxMjFhNmU1NjNmZWM0
MjQ2NzIwHhcNMjQwMTAyMDAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZmNDBlNDEyNmQxZTI3OWJkNjE5ODNjYzA3NGZhMjFjZGI4Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEejPxg6A7gbTL1AihAj01WLvVZ7
JRpSeD2mCxUX4F4zqeRKZO5Od301teeL6fb6nOXIy0W/iGi50IX3/eZZZwA6v/gv
VyAn3ygr5HkQEu7m7KHaSWX07OpI49iLnQnEWgovDXxzew4XPfpEDyHq4TICg3vg
oMZNnajggkYGYLaC6x07/hiTJzZYttJIJpksUAmP3vkdlrZWleOYWBvEuFUnPHRV
59umoOFRoTKydH9JT1br3BzBbAmsv3EcQG1JaQ2zk6pHR2F3qhfaNYAO6fZbbUfv
MSaIivhsPeF1ftwwYqubHmFtdhbNfQNiWwSc7J/UNCVO/QCctVdKEOIWvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM//QOQSbR4nm9YZg8wHT6Ic24zeMB8GA1UdIwQY
MBaAFBeSWCqgsY1gc1kvEhpuVj/sQkZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVKWUtxQ3hqV0J6V1M4U0dtNVdQLXhDUm5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8yZDM2MDctYmU1OC00YTA1LTlkNjgt
ZTg0ZjNiNDkyN2FkLzEvel85QTVCSnRIaWViMWhtRHpBZFBvaHpiak40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8yZDM2MDctYmU1OC00YTA1LTlkNjgtZTg0ZjNiNDkyN2Fk
LzEvRjVKWUtxQ3hqV0J6V1M4U0dtNVdQLXhDUm5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuV4fMA8E
AgACMAkDBwAqEyMBAAAwDQYJKoZIhvcNAQELBQADggEBAFbXz93DzrmArrjbaR9W
QMlprpz2KNewJVFgtGEaiwf4JNBEzBDg9xNzDEx1Inq+flTlmrwUF/ycn7uTJ+Wn
g4Q7y4sXhGvaeNE38xgZAuEQZ6sh8hbah2hFzBdNfX4bk21cKY8xialNRw4jQACM
fUPkJJdzpjWUuxx7KlHxm9JyS8pzbXAGRtY5eVEmo9AiP4nNLoitZkg5L4Lgk4xa
nOHTmnnYd3yH5ONy2eSmLDK6jfqoSV45rQ8OADUzqcFkOnZqVZuy/CA3F/lPu3WO
GRH+YdkojI0qOKw9trIh8fscPcb7LwZnAzv4pIJsqDjzj5YWuCbIwMvxLFxa1zUE
E74=
-----END CERTIFICATE-----