Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/4bCY-8sz1wuuB70ZmC1ds46yxkQ.roa
File:                     4bCY-8sz1wuuB70ZmC1ds46yxkQ.roa (raw, json)
Hash identifier:          E6DQYwV/85BuETpt39OPQJl2pir2FDuOd0EQ0qfFaYA=
Subject key identifier:   E1:B0:98:FB:CB:33:D7:0B:AE:07:BD:19:98:2D:5D:B3:8E:B2:C6:44
Certificate issuer:       /CN=02c37210ed8a56ce0edd4574bf736b63245e5823
Certificate serial:       018CC3B72EA3EA24F89FFD184F5DAE98CF06
Authority key identifier: 02:C3:72:10:ED:8A:56:CE:0E:DD:45:74:BF:73:6B:63:24:5E:58:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AsNyEO2KVs4O3UV0v3NrYyReWCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/4bCY-8sz1wuuB70ZmC1ds46yxkQ.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207430
IP address blocks:        31.14.4.0/22 maxlen: 22
                          31.14.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/AsNyEO2KVs4O3UV0v3NrYyReWCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/AsNyEO2KVs4O3UV0v3NrYyReWCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AsNyEO2KVs4O3UV0v3NrYyReWCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2e:a3:ea:24:f8:9f:fd:18:4f:5d:ae:98:cf:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02c37210ed8a56ce0edd4574bf736b63245e5823
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b098fbcb33d70bae07bd19982d5db38eb2c644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9f:b6:46:ab:9f:30:d9:ae:0f:83:74:92:01:
                    0b:3c:e7:71:c6:b2:12:6c:7b:c8:82:36:4b:42:9c:
                    38:89:17:9b:4c:92:65:cc:21:66:2c:aa:6f:13:5b:
                    5a:35:b1:e1:64:a3:ec:bb:25:ac:bb:0f:02:42:b6:
                    d3:17:ec:30:0e:bd:d9:9c:a8:ec:b4:71:3c:fb:3c:
                    a4:69:f3:f9:27:32:9c:31:3b:85:b6:3a:d5:f7:5f:
                    b9:50:56:55:da:d1:59:15:22:a7:df:38:5e:f8:c1:
                    df:90:51:a2:a2:7a:da:ee:a1:c8:e8:7a:04:b3:d5:
                    c7:52:08:e5:55:84:e2:e7:73:87:42:b5:95:59:ed:
                    1f:fe:a7:d9:08:64:6e:3f:e8:ed:fd:01:f2:94:fa:
                    37:21:cb:0a:ea:8a:05:36:1b:ef:0d:a7:40:6b:b0:
                    9b:d3:9c:94:62:7c:a6:5a:67:15:a0:26:eb:18:f1:
                    ae:52:00:ae:e0:43:13:40:c6:e2:46:02:d5:9b:cc:
                    e3:d0:e6:58:bb:1c:77:43:2b:21:c9:40:02:41:8a:
                    35:21:72:e6:b1:0d:a1:c6:27:f4:7f:86:0d:ca:af:
                    20:46:06:f2:52:35:85:77:cd:94:90:3d:dc:62:e5:
                    7c:c3:2a:45:ae:27:41:bd:4d:24:99:28:f9:f0:fb:
                    ce:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B0:98:FB:CB:33:D7:0B:AE:07:BD:19:98:2D:5D:B3:8E:B2:C6:44
            X509v3 Authority Key Identifier:
                keyid:02:C3:72:10:ED:8A:56:CE:0E:DD:45:74:BF:73:6B:63:24:5E:58:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AsNyEO2KVs4O3UV0v3NrYyReWCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/4bCY-8sz1wuuB70ZmC1ds46yxkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/372079-8901-4526-8d5a-c1f0eaeed8ce/1/AsNyEO2KVs4O3UV0v3NrYyReWCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:90:e1:0b:84:4f:09:5d:e8:d4:d8:e1:05:84:9a:9e:a8:42:
         4a:0b:d6:cd:4c:28:d0:3b:c6:9b:cb:97:26:cf:19:39:82:b5:
         a7:38:cd:e9:f4:92:41:f8:35:ee:5c:83:0f:77:aa:1e:29:67:
         0f:c3:09:f2:5c:59:94:df:fd:c9:94:e2:3b:67:a5:e3:7c:df:
         37:da:f5:cf:ed:d3:77:7a:68:f9:2d:71:6d:a7:ba:96:1e:25:
         f1:24:fd:6a:9e:7a:a1:aa:fa:6a:74:1c:86:c4:3c:8b:a8:ac:
         e1:3e:5a:ec:a3:87:6c:26:52:3a:1d:c9:32:56:74:79:9e:2e:
         6c:10:58:06:ac:e0:c6:39:62:f4:8b:e6:bf:b2:dd:cb:a4:9b:
         a0:fc:17:e3:43:86:21:58:65:4e:74:b7:d2:6e:1f:54:4b:5c:
         22:b5:c0:99:e6:6b:2c:f5:d6:3c:f5:0b:27:31:d1:f7:29:a8:
         ae:9d:e5:03:03:63:c2:b8:3b:3f:e3:cd:a3:ae:45:02:d7:e6:
         f1:a1:16:8b:f6:fb:8a:bf:1d:56:20:84:78:ba:28:33:ca:0a:
         29:b9:5a:05:17:90:cd:6a:c1:10:29:8e:21:b2:a4:94:9d:e1:
         b4:d3:f8:e9:c5:74:20:b2:cb:70:33:87:e4:60:28:13:23:9c:
         14:7a:9a:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDty6j6iT4n/0YT12umM8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYzM3MjEwZWQ4YTU2Y2UwZWRkNDU3NGJmNzM2YjYzMjQ1
ZTU4MjMwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIwOThmYmNiMzNkNzBiYWUwN2JkMTk5ODJkNWRiMzhlYjJjNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ+2RqufMNmuD4N0kgELPOdxxrIS
bHvIgjZLQpw4iRebTJJlzCFmLKpvE1taNbHhZKPsuyWsuw8CQrbTF+wwDr3ZnKjs
tHE8+zykafP5JzKcMTuFtjrV91+5UFZV2tFZFSKn3zhe+MHfkFGionra7qHI6HoE
s9XHUgjlVYTi53OHQrWVWe0f/qfZCGRuP+jt/QHylPo3IcsK6ooFNhvvDadAa7Cb
05yUYnymWmcVoCbrGPGuUgCu4EMTQMbiRgLVm8zj0OZYuxx3QyshyUACQYo1IXLm
sQ2hxif0f4YNyq8gRgbyUjWFd82UkD3cYuV8wypFridBvU0kmSj58PvOhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGwmPvLM9cLrge9GZgtXbOOssZEMB8GA1UdIwQY
MBaAFALDchDtilbODt1FdL9za2MkXlgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXNOeUVPMktWczRPM1VWMHYzTnJZeVJlV0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8zNzIwNzktODkwMS00NTI2LThkNWEt
YzFmMGVhZWVkOGNlLzEvNGJDWS04c3oxd3V1QjcwWm1DMWRzNDZ5eGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8zNzIwNzktODkwMS00NTI2LThkNWEtYzFmMGVhZWVkOGNl
LzEvQXNOeUVPMktWczRPM1VWMHYzTnJZeVJlV0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHw4EMA0G
CSqGSIb3DQEBCwUAA4IBAQCkkOELhE8JXejU2OEFhJqeqEJKC9bNTCjQO8aby5cm
zxk5grWnOM3p9JJB+DXuXIMPd6oeKWcPwwnyXFmU3/3JlOI7Z6XjfN832vXP7dN3
emj5LXFtp7qWHiXxJP1qnnqhqvpqdByGxDyLqKzhPlrso4dsJlI6HckyVnR5ni5s
EFgGrODGOWL0i+a/st3LpJug/BfjQ4YhWGVOdLfSbh9US1witcCZ5mss9dY89Qsn
MdH3KaiuneUDA2PCuDs/482jrkUC1+bxoRaL9vuKvx1WIIR4uigzygopuVoFF5DN
asEQKY4hsqSUneG00/jpxXQgsstwM4fkYCgTI5wUepq3
-----END CERTIFICATE-----