Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ImTUY-o3TC5IfXUaZFK2jen1TKg.roa
File:                     ImTUY-o3TC5IfXUaZFK2jen1TKg.roa (raw, json)
Hash identifier:          BRj6hsyqyAmbPGNI4/OIrY92qn5NNEhId5W6cKzji1U=
Subject key identifier:   22:64:D4:63:EA:37:4C:2E:48:7D:75:1A:64:52:B6:8D:E9:F5:4C:A8
Certificate issuer:       /CN=659375cfe748a9e413894f2e4f85fbd64fd1c776
Certificate serial:       01934E5BA9D5F8878319EB880811E3D48470
Authority key identifier: 65:93:75:CF:E7:48:A9:E4:13:89:4F:2E:4F:85:FB:D6:4F:D1:C7:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ImTUY-o3TC5IfXUaZFK2jen1TKg.roa
Signing time:             Thu 21 Nov 2024 10:54:10 +0000
ROA not before:           Thu 21 Nov 2024 10:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        31.22.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:5b:a9:d5:f8:87:83:19:eb:88:08:11:e3:d4:84:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659375cfe748a9e413894f2e4f85fbd64fd1c776
        Validity
            Not Before: Nov 21 10:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2264d463ea374c2e487d751a6452b68de9f54ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:89:01:db:55:31:cf:b8:2f:5c:9c:26:ea:89:
                    3e:fe:cc:42:4b:62:8e:4e:00:0f:a1:b1:4a:9a:60:
                    20:98:6d:f4:47:6b:3a:01:4a:20:aa:35:fd:15:bc:
                    40:63:3c:ea:2e:76:08:4a:a7:61:86:81:52:4f:40:
                    8b:27:4c:6f:b5:81:d6:1a:5f:c5:ba:6e:ce:51:e6:
                    30:a2:84:54:45:bd:42:ca:41:b9:33:27:7c:2e:86:
                    9b:93:a6:4f:7a:2c:c1:34:66:eb:2d:14:1f:de:db:
                    20:8c:cf:57:84:b9:83:3a:18:1a:37:cc:5a:81:f1:
                    d1:6f:ea:1e:1b:01:83:22:f4:bc:17:e2:3f:bd:f4:
                    0d:54:d7:df:37:ea:5b:af:0b:da:7e:e1:8c:44:1e:
                    78:89:aa:b3:03:b9:f4:f6:1b:56:3e:d3:11:f6:11:
                    4f:53:3e:dd:64:2e:41:46:2b:cf:9a:f8:33:b2:3c:
                    fc:2c:27:8a:13:33:79:52:43:10:d0:74:e6:aa:62:
                    86:ed:38:a9:c4:79:9c:8c:7f:46:e9:6b:7d:fd:42:
                    ce:3d:dc:0b:ed:13:28:fe:ec:b2:75:f8:4a:93:79:
                    65:56:80:30:f4:fb:89:33:93:68:6c:7c:87:72:6f:
                    40:90:dc:5f:68:a1:9b:13:96:90:43:bc:c8:a8:2d:
                    75:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:64:D4:63:EA:37:4C:2E:48:7D:75:1A:64:52:B6:8D:E9:F5:4C:A8
            X509v3 Authority Key Identifier:
                keyid:65:93:75:CF:E7:48:A9:E4:13:89:4F:2E:4F:85:FB:D6:4F:D1:C7:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ImTUY-o3TC5IfXUaZFK2jen1TKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:d1:92:06:84:4b:ed:d1:a3:4b:41:bb:95:6e:23:c2:8d:4d:
         1a:6a:50:6e:9f:e1:47:a4:44:d5:ad:72:0b:3f:44:a5:50:ca:
         06:db:09:f2:5e:84:7c:9f:09:08:a1:75:d5:43:b2:21:93:ec:
         6f:d1:74:53:9d:a4:51:95:fb:33:28:66:ec:8a:45:d7:a2:a4:
         55:d0:68:92:c8:73:31:12:15:0d:c5:81:ec:3d:12:bd:52:1b:
         54:60:f1:67:b0:8d:9d:10:bb:53:18:3f:ef:57:19:1c:0b:96:
         64:de:a3:31:2f:df:a3:ac:01:1c:87:3d:4a:f3:1c:3c:40:52:
         5f:be:a4:8d:43:a6:59:48:df:18:4d:82:e1:5f:75:33:c2:a4:
         96:e6:1c:93:c7:21:64:95:01:e5:e2:48:c8:79:de:c9:c0:78:
         8b:08:3d:28:a1:5b:6c:03:7a:b8:8a:ba:ee:99:15:32:c5:2a:
         22:f1:1f:96:ae:f6:76:e5:69:86:1e:1e:af:b5:f6:cf:3a:12:
         f3:f0:5c:dd:84:32:9f:ba:d2:5f:86:44:dd:91:84:b0:7f:16:
         d7:6f:81:e1:59:97:10:8f:e8:bd:61:d5:2a:52:95:43:de:9d:
         14:8d:c6:42:b1:fe:1e:fa:94:a5:72:24:95:6b:a8:4e:03:f4:
         43:1a:85:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNOW6nV+IeDGeuICBHj1IRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OTM3NWNmZTc0OGE5ZTQxMzg5NGYyZTRmODVmYmQ2NGZk
MWM3NzYwHhcNMjQxMTIxMTA1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjY0ZDQ2M2VhMzc0YzJlNDg3ZDc1MWE2NDUyYjY4ZGU5ZjU0Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwokB21Uxz7gvXJwm6ok+/sxCS2KO
TgAPobFKmmAgmG30R2s6AUogqjX9FbxAYzzqLnYISqdhhoFST0CLJ0xvtYHWGl/F
um7OUeYwooRURb1CykG5Myd8Loabk6ZPeizBNGbrLRQf3tsgjM9XhLmDOhgaN8xa
gfHRb+oeGwGDIvS8F+I/vfQNVNffN+pbrwvafuGMRB54iaqzA7n09htWPtMR9hFP
Uz7dZC5BRivPmvgzsjz8LCeKEzN5UkMQ0HTmqmKG7TipxHmcjH9G6Wt9/ULOPdwL
7RMo/uyydfhKk3llVoAw9PuJM5NobHyHcm9AkNxfaKGbE5aQQ7zIqC11dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJk1GPqN0wuSH11GmRSto3p9UyoMB8GA1UdIwQY
MBaAFGWTdc/nSKnkE4lPLk+F+9ZP0cd2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlpOMXotZElxZVFUaVU4dVQ0WDcxa19SeDNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iNTc4MDAtMzllMS00MWQwLWJkNDEt
ZmU5ZWY4ZmYwY2MxLzEvSW1UVVktbzNUQzVJZlhVYVpGSzJqZW4xVEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iNTc4MDAtMzllMS00MWQwLWJkNDEtZmU5ZWY4ZmYwY2Mx
LzEvWlpOMXotZElxZVFUaVU4dVQ0WDcxa19SeDNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxZqMA0G
CSqGSIb3DQEBCwUAA4IBAQBp0ZIGhEvt0aNLQbuVbiPCjU0aalBun+FHpETVrXIL
P0SlUMoG2wnyXoR8nwkIoXXVQ7Ihk+xv0XRTnaRRlfszKGbsikXXoqRV0GiSyHMx
EhUNxYHsPRK9UhtUYPFnsI2dELtTGD/vVxkcC5Zk3qMxL9+jrAEchz1K8xw8QFJf
vqSNQ6ZZSN8YTYLhX3UzwqSW5hyTxyFklQHl4kjIed7JwHiLCD0ooVtsA3q4irru
mRUyxSoi8R+WrvZ25WmGHh6vtfbPOhLz8FzdhDKfutJfhkTdkYSwfxbXb4HhWZcQ
j+i9YdUqUpVD3p0UjcZCsf4e+pSlciSVa6hOA/RDGoU1
-----END CERTIFICATE-----