Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/8jTFWj-7WyOXu8o8cufUTnRLUaQ.roa
File:                     8jTFWj-7WyOXu8o8cufUTnRLUaQ.roa (raw, json)
Hash identifier:          PbPCIIH3Xlp6nqyuBcw/Vs19JKQ/vM70lZ8V9TZAnmY=
Subject key identifier:   F2:34:C5:5A:3F:BB:5B:23:97:BB:CA:3C:72:E7:D4:4E:74:4B:51:A4
Certificate issuer:       /CN=0007534eb77caa836f8f118630164e0236e5fe86
Certificate serial:       018CC9B882986C1FF3A3B792639A0519A79F
Authority key identifier: 00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/8jTFWj-7WyOXu8o8cufUTnRLUaQ.roa
Signing time:             Tue 02 Jan 2024 10:29:21 +0000
ROA not before:           Tue 02 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41932
IP address blocks:        31.135.180.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:82:98:6c:1f:f3:a3:b7:92:63:9a:05:19:a7:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0007534eb77caa836f8f118630164e0236e5fe86
        Validity
            Not Before: Jan  2 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f234c55a3fbb5b2397bbca3c72e7d44e744b51a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a2:b0:18:10:92:0e:07:d2:dc:11:a8:da:22:
                    12:73:b2:f4:db:46:da:9e:15:56:20:f4:5b:02:22:
                    68:e2:40:6d:b6:1e:0d:94:9f:54:22:2f:80:81:85:
                    4c:4e:72:31:8d:d3:85:17:51:c2:a3:36:21:12:fb:
                    cb:9e:67:77:44:ac:b1:14:2e:f7:38:d7:e0:9d:d6:
                    05:a8:ee:57:0b:b4:c5:7f:6b:38:bd:8c:23:c4:09:
                    3f:10:88:b0:cb:25:0c:6f:3e:b9:2e:a1:fd:a6:d9:
                    fe:5d:88:03:2c:a8:c8:59:bb:c1:c6:8f:41:35:11:
                    bd:bd:e3:13:c7:3e:fa:7d:5e:a8:c6:94:eb:98:64:
                    f8:56:e0:98:5c:49:ca:c6:e0:7c:e5:83:9b:c2:d2:
                    3e:04:8b:3b:f2:50:d9:fa:fa:3b:52:c0:45:b2:bd:
                    93:e0:56:80:a3:55:ec:37:36:20:20:53:87:b7:39:
                    75:9f:e3:ef:ac:7b:58:d5:c7:09:66:8f:53:aa:64:
                    20:92:ba:da:4d:bb:39:34:4b:03:16:26:67:4c:98:
                    bd:d8:1d:00:f9:34:2f:ca:f8:97:45:11:3e:01:e4:
                    be:4a:7e:40:4d:02:7f:c8:04:0a:41:87:ad:11:de:
                    24:b8:74:27:61:e3:75:7e:0e:b7:54:a9:dc:d9:5f:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:34:C5:5A:3F:BB:5B:23:97:BB:CA:3C:72:E7:D4:4E:74:4B:51:A4
            X509v3 Authority Key Identifier:
                keyid:00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/8jTFWj-7WyOXu8o8cufUTnRLUaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:2c:c7:d1:31:63:3a:fa:7c:4c:7a:e6:ae:1a:12:21:fa:f1:
         a7:66:10:b9:a5:3d:07:fd:01:9b:ce:fa:03:1d:b3:4f:6f:7e:
         ec:b5:e5:39:78:87:a9:1d:3e:61:a8:f0:64:6b:aa:b0:0f:92:
         c0:3b:f0:99:eb:c6:42:53:22:73:10:76:e3:b4:d4:bb:bc:e5:
         85:9d:af:ec:f3:cc:c5:df:62:38:53:d2:23:78:4e:8b:80:e3:
         60:a1:7f:c3:39:fb:b8:3b:6a:6a:24:9c:5e:a5:cb:67:7e:c7:
         43:6a:7e:10:78:6c:0d:d7:08:fe:10:f0:66:7f:5e:51:82:1e:
         88:cc:5b:8c:fa:7c:fa:36:ca:f5:c8:2d:e8:82:20:04:95:c4:
         f4:6a:dd:a8:09:f5:c1:25:54:e4:9d:69:ba:cf:f5:f9:87:ed:
         e7:d5:35:ea:0c:f7:1a:5b:8f:e2:6c:05:3f:b1:30:b4:db:42:
         7d:93:35:1b:f1:cf:79:ca:cb:5c:b0:9d:34:89:fe:97:b0:f1:
         0c:27:f1:10:0f:c4:9e:80:29:a6:e5:1d:8b:92:36:c6:44:8a:
         a6:af:64:5c:4c:fb:ed:8e:8f:fd:46:1f:c7:5f:5d:1b:4b:f8:
         bd:b4:ae:7f:a8:9a:00:76:f2:c3:9a:05:e5:22:7f:9f:b2:a6:
         99:be:e9:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuIKYbB/zo7eSY5oFGaefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDc1MzRlYjc3Y2FhODM2ZjhmMTE4NjMwMTY0ZTAyMzZl
NWZlODYwHhcNMjQwMTAyMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjM0YzU1YTNmYmI1YjIzOTdiYmNhM2M3MmU3ZDQ0ZTc0NGI1MWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKKwGBCSDgfS3BGo2iISc7L020ba
nhVWIPRbAiJo4kBtth4NlJ9UIi+AgYVMTnIxjdOFF1HCozYhEvvLnmd3RKyxFC73
ONfgndYFqO5XC7TFf2s4vYwjxAk/EIiwyyUMbz65LqH9ptn+XYgDLKjIWbvBxo9B
NRG9veMTxz76fV6oxpTrmGT4VuCYXEnKxuB85YObwtI+BIs78lDZ+vo7UsBFsr2T
4FaAo1XsNzYgIFOHtzl1n+PvrHtY1ccJZo9TqmQgkrraTbs5NEsDFiZnTJi92B0A
+TQvyviXRRE+AeS+Sn5ATQJ/yAQKQYetEd4kuHQnYeN1fg63VKnc2V9f1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI0xVo/u1sjl7vKPHLn1E50S1GkMB8GA1UdIwQY
MBaAFAAHU063fKqDb48RhjAWTgI25f6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgt
NmQxYzliMTUzY2YwLzEvOGpURldqLTdXeU9YdThvOGN1ZlVUblJMVWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgtNmQxYzliMTUzY2Yw
LzEvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4e0MA0G
CSqGSIb3DQEBCwUAA4IBAQBiLMfRMWM6+nxMeuauGhIh+vGnZhC5pT0H/QGbzvoD
HbNPb37steU5eIepHT5hqPBka6qwD5LAO/CZ68ZCUyJzEHbjtNS7vOWFna/s88zF
32I4U9IjeE6LgONgoX/DOfu4O2pqJJxepctnfsdDan4QeGwN1wj+EPBmf15Rgh6I
zFuM+nz6Nsr1yC3ogiAElcT0at2oCfXBJVTknWm6z/X5h+3n1TXqDPcaW4/ibAU/
sTC020J9kzUb8c95ystcsJ00if6XsPEMJ/EQD8SegCmm5R2LkjbGRIqmr2RcTPvt
jo/9Rh/HX10bS/i9tK5/qJoAdvLDmgXlIn+fsqaZvul1
-----END CERTIFICATE-----