Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/AOrjExiwLfzj1mFRT1dia8p2r94.roa
File:                     AOrjExiwLfzj1mFRT1dia8p2r94.roa (raw, json)
Hash identifier:          IAVwHi+ohENMWLgoQSIVPsMoIwSsdIooD6gtqff9Q44=
Subject key identifier:   00:EA:E3:13:18:B0:2D:FC:E3:D6:61:51:4F:57:62:6B:CA:76:AF:DE
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       018CC725B05348F1E6F4677C8C76FC3D2C5A
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/AOrjExiwLfzj1mFRT1dia8p2r94.roa
Signing time:             Mon 01 Jan 2024 22:29:45 +0000
ROA not before:           Mon 01 Jan 2024 22:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36231
IP address blocks:        31.222.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b0:53:48:f1:e6:f4:67:7c:8c:76:fc:3d:2c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jan  1 22:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00eae31318b02dfce3d661514f57626bca76afde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7d:82:e5:b7:d4:9a:26:c5:50:4d:3f:b4:ad:
                    64:06:5a:f7:ab:0a:b2:f8:67:0e:6f:53:c2:e8:8d:
                    e2:d3:75:09:39:6c:86:a2:6c:11:1f:dc:d0:31:01:
                    c0:a2:79:31:f2:8d:49:aa:f6:c2:c6:8b:0c:36:a2:
                    4f:a9:02:f7:c4:0e:52:9b:b1:93:63:a4:35:54:13:
                    4c:9d:3c:56:a6:f9:1c:b5:d6:81:f9:96:eb:b1:7a:
                    13:7c:d7:cd:8e:4f:62:69:01:82:57:82:5c:30:10:
                    aa:d8:88:40:97:14:68:b3:7a:bb:82:d3:6f:48:36:
                    2b:2d:ff:d9:a3:2d:c3:35:8f:66:2c:1f:ba:bc:b3:
                    2c:b5:43:17:86:ba:7c:02:91:56:ce:74:af:04:60:
                    65:0f:07:24:c9:29:d2:5e:2f:93:50:9d:da:88:2a:
                    4c:a9:b2:ee:4c:1f:a2:a0:0c:1f:fb:18:33:28:1e:
                    68:18:3c:3e:f9:6b:8e:45:0f:7e:74:89:1f:1e:93:
                    d8:39:27:c8:67:43:5a:f3:99:8b:5f:df:15:84:42:
                    73:8b:5c:5c:ec:50:f7:a9:c6:f3:38:3a:a0:74:00:
                    53:15:4c:3d:05:de:06:c6:63:d1:96:f6:65:2c:90:
                    a7:22:e1:0e:19:db:14:54:9b:c9:60:b5:dc:8c:80:
                    0c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:EA:E3:13:18:B0:2D:FC:E3:D6:61:51:4F:57:62:6B:CA:76:AF:DE
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/AOrjExiwLfzj1mFRT1dia8p2r94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:0e:0e:89:7b:da:84:04:0e:f8:d0:0a:0c:1a:e2:8c:2c:bd:
         0b:6c:e8:71:70:bc:5d:2f:a2:c1:b4:22:a6:ba:40:ee:f2:5f:
         ea:16:d4:c2:c6:0b:01:fd:19:50:f8:b4:fa:18:e4:38:52:83:
         8e:69:04:87:d5:2d:23:cd:f9:87:11:b0:07:9f:e8:60:1b:da:
         66:01:ef:bb:43:58:01:c0:56:61:0c:be:a5:cd:f9:b0:5c:7b:
         59:2a:36:05:60:6c:52:44:90:42:35:7a:c4:8a:7a:4b:81:01:
         30:0f:0e:49:12:1c:53:72:61:a3:c1:58:b6:01:1f:27:e8:34:
         6d:db:38:88:26:40:1e:11:ea:69:cd:f8:8d:b0:84:d9:7e:51:
         e5:18:08:f4:72:1a:ad:9f:9c:ea:fc:46:86:11:52:87:c3:4d:
         c5:f5:41:ba:95:1d:40:c1:95:56:0d:ba:d5:4c:bd:60:9f:93:
         93:79:87:e1:c1:a5:d4:4e:b3:b3:cb:de:43:fd:de:ec:c0:7d:
         9d:57:7f:83:68:5c:60:f6:6d:e9:ec:c1:8f:f7:53:4e:40:a8:
         0a:ce:ad:d3:ea:d2:bb:92:72:6c:96:5b:66:e7:f2:14:57:f3:
         00:ec:ed:68:41:c4:db:72:5d:b6:a9:ab:51:8d:8d:95:d1:a4:
         43:e4:55:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbBTSPHm9Gd8jHb8PSxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjQwMTAxMjIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGVhZTMxMzE4YjAyZGZjZTNkNjYxNTE0ZjU3NjI2YmNhNzZhZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn2C5bfUmibFUE0/tK1kBlr3qwqy
+GcOb1PC6I3i03UJOWyGomwRH9zQMQHAonkx8o1JqvbCxosMNqJPqQL3xA5Sm7GT
Y6Q1VBNMnTxWpvkctdaB+ZbrsXoTfNfNjk9iaQGCV4JcMBCq2IhAlxRos3q7gtNv
SDYrLf/Zoy3DNY9mLB+6vLMstUMXhrp8ApFWznSvBGBlDwckySnSXi+TUJ3aiCpM
qbLuTB+ioAwf+xgzKB5oGDw++WuORQ9+dIkfHpPYOSfIZ0Na85mLX98VhEJzi1xc
7FD3qcbzODqgdABTFUw9Bd4GxmPRlvZlLJCnIuEOGdsUVJvJYLXcjIAMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADq4xMYsC3849ZhUU9XYmvKdq/eMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvQU9yakV4aXdMZnpqMW1GUlQxZGlhOHAycjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH97IMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Dg6Je9qEBA740AoMGuKMLL0LbOhxcLxdL6LBtCKm
ukDu8l/qFtTCxgsB/RlQ+LT6GOQ4UoOOaQSH1S0jzfmHEbAHn+hgG9pmAe+7Q1gB
wFZhDL6lzfmwXHtZKjYFYGxSRJBCNXrEinpLgQEwDw5JEhxTcmGjwVi2AR8n6DRt
2ziIJkAeEeppzfiNsITZflHlGAj0chqtn5zq/EaGEVKHw03F9UG6lR1AwZVWDbrV
TL1gn5OTeYfhwaXUTrOzy95D/d7swH2dV3+DaFxg9m3p7MGP91NOQKgKzq3T6tK7
knJslltm5/IUV/MA7O1oQcTbcl22qatRjY2V0aRD5FWs
-----END CERTIFICATE-----