Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/P8awl1-FBznnzvpNTr4DRMiIS0I.roa
File:                     P8awl1-FBznnzvpNTr4DRMiIS0I.roa (raw, json)
Hash identifier:          7oxXLgK4HMZatOjJ+KQ+qVSvO3gc/0/goIBoaIA0uAQ=
Subject key identifier:   3F:C6:B0:97:5F:85:07:39:E7:CE:FA:4D:4E:BE:03:44:C8:88:4B:42
Certificate issuer:       /CN=8fe02b7eedffc38ab5eab4416172e7d88e9ad1e2
Certificate serial:       01970C64A11F2301A45755FE040DF7363C87
Authority key identifier: 8F:E0:2B:7E:ED:FF:C3:8A:B5:EA:B4:41:61:72:E7:D8:8E:9A:D1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j-Arfu3_w4q16rRBYXLn2I6a0eI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/P8awl1-FBznnzvpNTr4DRMiIS0I.roa
Signing time:             Mon 26 May 2025 11:40:10 +0000
ROA not before:           Mon 26 May 2025 11:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58262
IP address blocks:        31.40.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/j-Arfu3_w4q16rRBYXLn2I6a0eI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/j-Arfu3_w4q16rRBYXLn2I6a0eI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j-Arfu3_w4q16rRBYXLn2I6a0eI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:64:a1:1f:23:01:a4:57:55:fe:04:0d:f7:36:3c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fe02b7eedffc38ab5eab4416172e7d88e9ad1e2
        Validity
            Not Before: May 26 11:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fc6b0975f850739e7cefa4d4ebe0344c8884b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f2:7f:a7:1b:a4:b4:81:4b:c2:5a:5f:e1:62:
                    5c:d2:ec:5c:66:89:04:48:ee:0f:d9:75:65:d6:a7:
                    32:cb:19:2c:a6:63:13:f6:8d:12:03:4c:17:70:a8:
                    bd:ff:f5:cd:de:fa:cf:41:44:0d:59:f9:77:9b:d5:
                    05:34:de:d3:ed:68:8a:4e:67:2e:ce:ea:ff:38:c9:
                    6b:1c:ba:51:40:92:47:e1:68:68:c7:55:a5:d2:ba:
                    01:e0:d0:21:95:88:af:6e:e3:f5:34:83:de:b9:3c:
                    53:0c:cc:38:93:dd:e0:ba:fd:94:b8:01:b8:00:20:
                    2d:c7:bf:9c:74:5c:6f:3d:82:30:eb:1d:8b:97:e1:
                    66:e6:72:5e:69:a2:13:c2:1a:b1:53:d3:b3:14:cb:
                    4a:3a:3c:ef:31:fd:45:e9:86:77:8f:65:76:64:03:
                    b1:8d:00:36:20:76:9b:b8:43:8b:11:65:46:62:10:
                    99:da:e9:4b:11:ce:b6:90:cb:2a:11:50:4d:d3:4e:
                    f0:46:66:1a:9d:b3:62:ab:a5:a2:61:c1:07:02:a2:
                    fc:c7:8b:70:e5:d8:bd:e3:af:1a:ea:13:b3:b3:74:
                    c0:f3:1d:46:33:df:ed:89:a2:e2:ee:fe:65:de:09:
                    96:75:92:fc:74:a6:cb:f2:28:4c:49:b0:99:45:f6:
                    f0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C6:B0:97:5F:85:07:39:E7:CE:FA:4D:4E:BE:03:44:C8:88:4B:42
            X509v3 Authority Key Identifier:
                keyid:8F:E0:2B:7E:ED:FF:C3:8A:B5:EA:B4:41:61:72:E7:D8:8E:9A:D1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j-Arfu3_w4q16rRBYXLn2I6a0eI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/P8awl1-FBznnzvpNTr4DRMiIS0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d2c235-a1f5-4984-aadf-5146f13b71a1/1/j-Arfu3_w4q16rRBYXLn2I6a0eI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f5:f4:ef:be:2f:c5:63:5a:f5:01:86:9b:93:80:01:73:a8:
         90:77:89:7a:15:c3:c9:a3:e0:aa:74:8e:19:ff:1b:19:f5:78:
         91:3e:35:d8:34:17:49:9d:57:b4:ec:55:59:62:c3:cc:96:45:
         85:bd:dd:5e:03:43:e8:3e:88:33:9e:41:fd:9c:57:53:8e:63:
         7f:8e:5d:cc:9e:c5:69:ca:1e:ba:57:a4:28:50:85:dc:1e:63:
         9f:d2:c8:b5:f0:f9:0c:c9:84:eb:16:96:95:f8:86:0c:35:95:
         a8:9d:a4:a2:df:b4:b0:fa:53:8a:23:0e:c4:8f:61:59:a1:b4:
         72:72:ad:bd:01:db:0b:1c:c9:9e:2e:b6:35:98:9c:94:42:94:
         ec:a6:3b:00:97:e3:9b:34:c5:c3:f4:2d:ee:3a:c4:6b:c1:7d:
         69:13:2e:f5:54:61:35:29:69:28:68:10:8d:75:a3:a6:a0:15:
         e9:bc:bf:13:dc:4f:6a:8a:f6:b6:24:41:90:da:60:71:0e:58:
         83:78:88:9d:dd:81:b7:d1:f0:d0:65:9c:64:03:8f:ab:94:cb:
         e8:fe:4d:c8:75:11:f4:9c:f4:a2:7c:86:df:4a:7c:18:f1:c3:
         d9:35:d5:0b:d9:aa:8b:f5:22:1f:05:90:d1:78:7e:e4:7b:56:
         ee:fc:99:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMZKEfIwGkV1X+BA33NjyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZTAyYjdlZWRmZmMzOGFiNWVhYjQ0MTYxNzJlN2Q4OGU5
YWQxZTIwHhcNMjUwNTI2MTE0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmM2YjA5NzVmODUwNzM5ZTdjZWZhNGQ0ZWJlMDM0NGM4ODg0YjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfJ/pxuktIFLwlpf4WJc0uxcZokE
SO4P2XVl1qcyyxkspmMT9o0SA0wXcKi9//XN3vrPQUQNWfl3m9UFNN7T7WiKTmcu
zur/OMlrHLpRQJJH4Whox1Wl0roB4NAhlYivbuP1NIPeuTxTDMw4k93guv2UuAG4
ACAtx7+cdFxvPYIw6x2Ll+Fm5nJeaaITwhqxU9OzFMtKOjzvMf1F6YZ3j2V2ZAOx
jQA2IHabuEOLEWVGYhCZ2ulLEc62kMsqEVBN007wRmYanbNiq6WiYcEHAqL8x4tw
5di9468a6hOzs3TA8x1GM9/tiaLi7v5l3gmWdZL8dKbL8ihMSbCZRfbw0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/GsJdfhQc55876TU6+A0TIiEtCMB8GA1UdIwQY
MBaAFI/gK37t/8OKteq0QWFy59iOmtHiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvai1BcmZ1M193NHExNnJSQllYTG4ySTZhMGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kMmMyMzUtYTFmNS00OTg0LWFhZGYt
NTE0NmYxM2I3MWExLzEvUDhhd2wxLUZCem5uenZwTlRyNERSTWlJUzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kMmMyMzUtYTFmNS00OTg0LWFhZGYtNTE0NmYxM2I3MWEx
LzEvai1BcmZ1M193NHExNnJSQllYTG4ySTZhMGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHygEMA0G
CSqGSIb3DQEBCwUAA4IBAQAa9fTvvi/FY1r1AYabk4ABc6iQd4l6FcPJo+CqdI4Z
/xsZ9XiRPjXYNBdJnVe07FVZYsPMlkWFvd1eA0PoPogznkH9nFdTjmN/jl3MnsVp
yh66V6QoUIXcHmOf0si18PkMyYTrFpaV+IYMNZWonaSi37Sw+lOKIw7Ej2FZobRy
cq29AdsLHMmeLrY1mJyUQpTspjsAl+ObNMXD9C3uOsRrwX1pEy71VGE1KWkoaBCN
daOmoBXpvL8T3E9qiva2JEGQ2mBxDliDeIid3YG30fDQZZxkA4+rlMvo/k3IdRH0
nPSifIbfSnwY8cPZNdUL2aqL9SIfBZDReH7ke1bu/Jnq
-----END CERTIFICATE-----