Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/CKQJiW_Obz0BPYdJ9ju-U5ArGUQ.roa
File:                     CKQJiW_Obz0BPYdJ9ju-U5ArGUQ.roa (raw, json)
Hash identifier:          TzVHl0A9PDQHcOVGibTeXITOZ7VIyd+/unKvzfDV0ms=
Subject key identifier:   08:A4:09:89:6F:CE:6F:3D:01:3D:87:49:F6:3B:BE:53:90:2B:19:44
Certificate issuer:       /CN=a6f13d680ce480591bf8b37ddca0faeb3bbe744e
Certificate serial:       018E14309D7B4D4E0C83E4EC8E45987FEEDB
Authority key identifier: A6:F1:3D:68:0C:E4:80:59:1B:F8:B3:7D:DC:A0:FA:EB:3B:BE:74:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pvE9aAzkgFkb-LN93KD66zu-dE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/CKQJiW_Obz0BPYdJ9ju-U5ArGUQ.roa
Signing time:             Wed 06 Mar 2024 14:35:14 +0000
ROA not before:           Wed 06 Mar 2024 14:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        31.136.0.0/14 maxlen: 14

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/pvE9aAzkgFkb-LN93KD66zu-dE4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/pvE9aAzkgFkb-LN93KD66zu-dE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pvE9aAzkgFkb-LN93KD66zu-dE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:30:9d:7b:4d:4e:0c:83:e4:ec:8e:45:98:7f:ee:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6f13d680ce480591bf8b37ddca0faeb3bbe744e
        Validity
            Not Before: Mar  6 14:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08a409896fce6f3d013d8749f63bbe53902b1944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:26:b8:80:64:97:73:cb:f9:27:fd:2b:be:13:
                    7a:b7:69:c7:bd:24:28:9a:b4:12:9d:b9:8f:9e:40:
                    65:16:16:f2:f0:89:dc:7e:f0:cb:dc:ab:3d:cb:0c:
                    22:a4:fd:c4:b4:18:c9:d7:50:94:56:2c:fc:26:1e:
                    d9:6c:15:e5:ed:6c:57:63:14:07:16:18:02:c2:38:
                    59:09:09:31:22:a8:4f:18:e0:c2:d2:73:78:16:73:
                    b6:a0:12:54:7c:1f:d1:19:9f:57:4a:f0:96:8a:0a:
                    ad:69:3e:f5:84:c7:06:2a:99:6f:cc:6b:72:0a:82:
                    5a:a9:9e:52:85:47:8c:af:e2:cd:36:fa:e4:ac:de:
                    27:43:0f:52:47:a2:70:4f:7f:66:f6:7a:9a:3d:cb:
                    a7:2a:b2:59:55:a8:47:5f:f5:67:75:1e:24:fe:17:
                    ac:2a:d7:70:67:ba:3d:30:d7:b9:83:e4:ea:c6:9b:
                    bb:9e:b9:c3:c4:52:d6:88:9e:79:6c:62:d7:9d:ec:
                    f4:3e:3d:cf:38:da:47:b1:b0:ce:f8:d7:da:a7:44:
                    0e:62:31:69:6b:7a:d7:85:a5:68:1b:f8:d8:42:c3:
                    12:f7:de:4d:88:3e:fe:04:cb:bc:ad:5d:4d:75:d7:
                    45:66:00:76:f9:15:c0:c7:2b:a1:6d:ec:c8:93:a7:
                    78:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A4:09:89:6F:CE:6F:3D:01:3D:87:49:F6:3B:BE:53:90:2B:19:44
            X509v3 Authority Key Identifier:
                keyid:A6:F1:3D:68:0C:E4:80:59:1B:F8:B3:7D:DC:A0:FA:EB:3B:BE:74:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pvE9aAzkgFkb-LN93KD66zu-dE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/CKQJiW_Obz0BPYdJ9ju-U5ArGUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8d1b02-b0f9-4e0e-a457-30bdb48da521/1/pvE9aAzkgFkb-LN93KD66zu-dE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.136.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         80:8f:4a:51:91:d4:49:72:8c:27:c3:14:65:7f:2c:b8:f8:cc:
         c2:34:f3:1b:f1:59:e5:bc:a4:4e:48:51:24:cc:99:96:9f:c4:
         2a:5d:ae:58:b2:de:a0:4d:7a:6c:6c:fe:75:ce:42:53:42:eb:
         2f:b6:ef:2b:11:c7:ea:8c:e4:a9:74:68:2d:8b:7a:c0:ed:e0:
         a0:75:2e:43:cc:ea:c7:a5:1c:ce:9e:2e:77:97:ae:92:a6:e9:
         f0:79:46:20:be:63:9c:d8:4a:97:b8:c3:84:f0:e8:a9:76:5d:
         4e:88:5f:21:82:d8:9a:fc:63:1e:69:96:0e:b1:d0:6d:61:60:
         b4:42:45:5b:14:97:0e:1a:41:73:54:5a:19:c3:4f:dc:ae:82:
         ef:d9:45:e9:1a:c7:f4:2d:88:f0:6c:0d:a3:60:e1:5c:5f:bc:
         22:3b:9b:32:61:f8:d0:9c:8b:12:18:78:fb:98:b9:0d:57:04:
         9a:ed:82:11:7d:40:de:f7:a1:07:0a:bc:e2:61:d7:03:16:89:
         0f:40:47:ed:e9:82:f4:8f:72:1c:26:c4:4e:04:a2:bb:5b:a7:
         e5:a4:0f:15:45:44:6e:53:cd:9b:71:c9:43:88:f5:6b:f8:bb:
         55:c8:7a:30:aa:2d:c6:44:46:fa:ce:f9:9a:b8:0b:e7:fc:fe:
         db:26:10:87
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY4UMJ17TU4Mg+TsjkWYf+7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ZjEzZDY4MGNlNDgwNTkxYmY4YjM3ZGRjYTBmYWViM2Ji
ZTc0NGUwHhcNMjQwMzA2MTQzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE0MDk4OTZmY2U2ZjNkMDEzZDg3NDlmNjNiYmU1MzkwMmIxOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArya4gGSXc8v5J/0rvhN6t2nHvSQo
mrQSnbmPnkBlFhby8IncfvDL3Ks9ywwipP3EtBjJ11CUViz8Jh7ZbBXl7WxXYxQH
FhgCwjhZCQkxIqhPGODC0nN4FnO2oBJUfB/RGZ9XSvCWigqtaT71hMcGKplvzGty
CoJaqZ5ShUeMr+LNNvrkrN4nQw9SR6JwT39m9nqaPcunKrJZVahHX/VndR4k/hes
KtdwZ7o9MNe5g+Tqxpu7nrnDxFLWiJ55bGLXnez0Pj3PONpHsbDO+Nfap0QOYjFp
a3rXhaVoG/jYQsMS995NiD7+BMu8rV1NdddFZgB2+RXAxyuhbezIk6d4mQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAikCYlvzm89AT2HSfY7vlOQKxlEMB8GA1UdIwQY
MBaAFKbxPWgM5IBZG/izfdyg+us7vnROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHZFOWFBemtnRmtiLUxOOTNLRDY2enUtZEU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ZDFiMDItYjBmOS00ZTBlLWE0NTct
MzBiZGI0OGRhNTIxLzEvQ0tRSmlXX09iejBCUFlkSjlqdS1VNUFyR1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ZDFiMDItYjBmOS00ZTBlLWE0NTctMzBiZGI0OGRhNTIx
LzEvcHZFOWFBemtnRmtiLUxOOTNLRDY2enUtZEU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMCH4gwDQYJ
KoZIhvcNAQELBQADggEBAICPSlGR1ElyjCfDFGV/LLj4zMI08xvxWeW8pE5IUSTM
mZafxCpdrliy3qBNemxs/nXOQlNC6y+27ysRx+qM5Kl0aC2LesDt4KB1LkPM6sel
HM6eLneXrpKm6fB5RiC+Y5zYSpe4w4Tw6Kl2XU6IXyGC2Jr8Yx5plg6x0G1hYLRC
RVsUlw4aQXNUWhnDT9yugu/ZRekax/QtiPBsDaNg4VxfvCI7mzJh+NCcixIYePuY
uQ1XBJrtghF9QN73oQcKvOJh1wMWiQ9AR+3pgvSPchwmxE4Eortbp+WkDxVFRG5T
zZtxyUOI9Wv4u1XIejCqLcZERvrO+Zq4C+f8/tsmEIc=
-----END CERTIFICATE-----