Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/7d1EURLQOI6lffIk-Jzmw2qD6fQ.roa
File:                     7d1EURLQOI6lffIk-Jzmw2qD6fQ.roa (raw, json)
Hash identifier:          lNLrAo1luKzjTySvt8OygrFoAMrvEh0aY4g5NEH2k1E=
Subject key identifier:   ED:DD:44:51:12:D0:38:8E:A5:7D:F2:24:F8:9C:E6:C3:6A:83:E9:F4
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       0192C4264CD2B7D8DD536AEEE5DDFCA203FF
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/7d1EURLQOI6lffIk-Jzmw2qD6fQ.roa
Signing time:             Fri 25 Oct 2024 14:48:17 +0000
ROA not before:           Fri 25 Oct 2024 14:48:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15596
IP address blocks:        85.153.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c4:26:4c:d2:b7:d8:dd:53:6a:ee:e5:dd:fc:a2:03:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Oct 25 14:48:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eddd445112d0388ea57df224f89ce6c36a83e9f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:31:9e:7e:e5:18:b4:51:34:9c:64:0a:06:16:
                    c1:d7:61:f6:5e:de:85:2f:cc:14:60:18:b2:ea:38:
                    97:30:66:50:a7:8a:71:86:20:86:ec:64:85:27:5b:
                    4b:e4:e1:e2:2b:40:2f:fa:f0:93:f9:22:75:91:20:
                    ad:05:76:17:15:8a:c7:98:f7:54:23:e6:57:be:b3:
                    21:aa:e9:96:6a:21:47:e6:0e:77:4f:7f:65:53:91:
                    c7:5b:7c:88:0b:1b:b2:eb:8a:91:a0:a4:a3:bf:17:
                    74:07:40:f0:b8:cd:84:62:5f:5d:77:fd:65:77:89:
                    0a:ba:7f:5f:50:a4:43:37:3d:5e:40:e0:6d:e3:d7:
                    81:54:c8:ac:37:2b:0e:f8:3b:78:b9:56:89:8e:5f:
                    25:21:90:0e:2d:58:18:2d:e7:02:d3:86:f6:e5:ad:
                    d7:65:da:73:20:1b:4a:33:39:05:4d:24:0b:42:a4:
                    4d:b0:c9:ee:f4:3d:6c:5d:11:97:7a:9e:00:09:ab:
                    56:8c:9a:54:26:4e:d6:eb:90:1c:a6:ae:a8:75:c4:
                    8b:d2:30:de:83:16:3d:82:c4:ef:5f:20:43:31:42:
                    0d:13:a6:ac:dd:0a:21:c8:85:49:a4:66:79:b5:71:
                    1b:83:b0:c6:82:9b:25:9f:6b:1d:c0:12:52:62:8e:
                    f3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:DD:44:51:12:D0:38:8E:A5:7D:F2:24:F8:9C:E6:C3:6A:83:E9:F4
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/7d1EURLQOI6lffIk-Jzmw2qD6fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:45:45:b2:08:6d:69:96:55:5f:a2:81:d2:8b:6f:26:94:a6:
         60:e0:58:3f:40:38:d2:8a:6c:bc:36:57:16:18:0b:ba:de:73:
         46:50:36:cd:6d:cb:d6:04:54:80:2c:aa:46:0a:4a:af:6c:3a:
         23:1d:94:71:bc:25:7a:8a:8d:32:1d:bb:48:00:51:4a:da:72:
         8c:ae:71:fb:89:cd:75:6d:bd:e0:99:ca:28:1c:f4:aa:42:d0:
         a9:0f:76:3c:aa:64:83:c2:5a:08:96:5a:db:37:c3:aa:04:66:
         95:87:dc:c2:df:0d:e8:3e:0d:dd:54:1f:dd:42:60:43:04:83:
         53:7e:21:57:81:e6:06:1f:63:42:fd:01:05:ba:30:64:ec:6e:
         18:28:a1:2f:0f:1d:8f:6d:cb:80:b6:52:24:b3:83:0b:b0:e6:
         9e:06:26:d2:4a:3e:d8:06:d7:15:49:ac:a6:9e:31:e1:10:95:
         94:61:55:c3:fc:07:f6:54:08:01:58:66:21:92:9c:2b:65:5d:
         51:cc:bd:1d:b6:7b:a6:07:97:a6:51:d8:d7:91:7f:c1:c3:0e:
         fc:d1:55:5a:7d:3f:7e:c4:d2:fc:14:5c:af:29:6a:e4:16:c5:
         9a:4f:98:2e:af:e9:9b:9a:91:58:f2:bf:5c:e7:34:e1:d3:9b:
         d2:78:10:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLEJkzSt9jdU2ru5d38ogP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjQxMDI1MTQ0ODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGRkNDQ1MTEyZDAzODhlYTU3ZGYyMjRmODljZTZjMzZhODNlOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TGefuUYtFE0nGQKBhbB12H2Xt6F
L8wUYBiy6jiXMGZQp4pxhiCG7GSFJ1tL5OHiK0Av+vCT+SJ1kSCtBXYXFYrHmPdU
I+ZXvrMhqumWaiFH5g53T39lU5HHW3yICxuy64qRoKSjvxd0B0DwuM2EYl9dd/1l
d4kKun9fUKRDNz1eQOBt49eBVMisNysO+Dt4uVaJjl8lIZAOLVgYLecC04b25a3X
ZdpzIBtKMzkFTSQLQqRNsMnu9D1sXRGXep4ACatWjJpUJk7W65Acpq6odcSL0jDe
gxY9gsTvXyBDMUINE6as3QohyIVJpGZ5tXEbg7DGgpsln2sdwBJSYo7zAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3dRFES0DiOpX3yJPic5sNqg+n0MB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvN2QxRVVSTFFPSTZsZmZJay1Kem13MnFENmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVZlMMA0G
CSqGSIb3DQEBCwUAA4IBAQAVRUWyCG1pllVfooHSi28mlKZg4Fg/QDjSimy8NlcW
GAu63nNGUDbNbcvWBFSALKpGCkqvbDojHZRxvCV6io0yHbtIAFFK2nKMrnH7ic11
bb3gmcooHPSqQtCpD3Y8qmSDwloIllrbN8OqBGaVh9zC3w3oPg3dVB/dQmBDBINT
fiFXgeYGH2NC/QEFujBk7G4YKKEvDx2PbcuAtlIks4MLsOaeBibSSj7YBtcVSaym
njHhEJWUYVXD/Af2VAgBWGYhkpwrZV1RzL0dtnumB5emUdjXkX/Bww780VVafT9+
xNL8FFyvKWrkFsWaT5gur+mbmpFY8r9c5zTh05vSeBC5
-----END CERTIFICATE-----