Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/cI0Z3sLe1xjrCwyg19NbzVWgf58.roa
File:                     cI0Z3sLe1xjrCwyg19NbzVWgf58.roa (raw, json)
Hash identifier:          RgqBJJ2OAbbh0xonFH0+36oQyNXiwKW4rTJMbCMMDzs=
Subject key identifier:   70:8D:19:DE:C2:DE:D7:18:EB:0B:0C:A0:D7:D3:5B:CD:55:A0:7F:9F
Certificate issuer:       /CN=0007534eb77caa836f8f118630164e0236e5fe86
Certificate serial:       019423D775307C178C01DCDAA43DC27F3778
Authority key identifier: 00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/cI0Z3sLe1xjrCwyg19NbzVWgf58.roa
Signing time:             Wed 01 Jan 2025 21:48:30 +0000
ROA not before:           Wed 01 Jan 2025 21:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197960
IP address blocks:        31.135.182.0/23 maxlen: 23
                          31.135.182.0/24 maxlen: 24
                          31.135.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:75:30:7c:17:8c:01:dc:da:a4:3d:c2:7f:37:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0007534eb77caa836f8f118630164e0236e5fe86
        Validity
            Not Before: Jan  1 21:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=708d19dec2ded718eb0b0ca0d7d35bcd55a07f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:85:b2:0d:61:e3:c9:3b:c0:4a:58:9f:40:70:
                    ca:b0:1b:05:21:00:f4:90:3e:d8:12:e1:dc:7c:4c:
                    ac:19:33:f9:ca:0b:6b:03:ec:3d:41:f1:24:a4:29:
                    8c:41:d9:a9:7c:3e:70:00:60:65:69:37:d5:24:bb:
                    ae:52:62:4d:99:0f:1f:4b:35:73:12:c1:5b:3a:e7:
                    6d:bb:e3:c9:54:9d:60:0e:20:6e:67:6e:7d:4a:58:
                    fd:b1:e8:33:5b:dd:2d:b7:83:ce:6e:62:bd:8f:89:
                    c8:3c:54:cc:3d:c1:dd:2a:32:56:98:6b:7c:ad:bc:
                    49:9e:d6:8d:1f:fd:59:07:06:a8:2b:42:27:1b:f8:
                    77:8f:e1:02:5e:89:4b:9e:87:34:e3:9e:b0:4a:52:
                    b6:c9:2e:ba:a3:88:a7:ff:14:39:63:e5:31:04:ed:
                    da:96:f8:4f:87:60:b2:84:26:a0:3f:a8:c8:2c:9f:
                    5c:10:2f:1f:a7:de:f7:76:3b:de:5d:69:c8:2e:df:
                    c0:31:17:87:64:a2:4e:ab:c1:6e:50:d6:fc:e9:47:
                    90:56:47:42:71:67:aa:28:f6:53:5a:c9:c1:b5:b8:
                    a3:40:70:71:a9:bf:8b:4c:4d:6b:c7:5b:f1:02:7a:
                    d2:f1:5c:8b:f1:e1:66:d4:5d:8f:dc:d8:d0:b2:04:
                    13:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8D:19:DE:C2:DE:D7:18:EB:0B:0C:A0:D7:D3:5B:CD:55:A0:7F:9F
            X509v3 Authority Key Identifier:
                keyid:00:07:53:4E:B7:7C:AA:83:6F:8F:11:86:30:16:4E:02:36:E5:FE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AAdTTrd8qoNvjxGGMBZOAjbl_oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/cI0Z3sLe1xjrCwyg19NbzVWgf58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/41e90c-61cc-470c-a388-6d1c9b153cf0/1/AAdTTrd8qoNvjxGGMBZOAjbl_oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:b5:14:9f:c5:e3:12:5b:49:7b:b3:bc:df:59:be:56:b7:16:
         e4:a8:69:34:f1:67:a5:b9:63:f6:aa:81:11:d3:95:ca:1a:ea:
         96:43:57:dc:45:b5:fd:42:8f:29:6e:f2:d0:69:30:a7:17:f9:
         0e:b1:b7:5d:b0:5a:f3:21:d0:b9:e8:a5:0f:5b:a5:6d:5d:e5:
         61:0b:e8:60:40:b6:cd:af:36:2a:ed:be:4d:72:b6:c7:5c:51:
         a6:11:ba:16:37:98:30:84:ef:be:00:6a:f4:17:a0:c1:7f:80:
         e9:76:6b:68:df:61:ef:aa:04:89:04:79:96:f4:c3:b9:e7:ae:
         06:9e:23:e3:70:eb:a0:ee:b8:96:75:d9:fa:6a:3e:3f:5f:88:
         42:c5:e9:93:3e:12:5e:48:5b:b4:26:68:2e:6d:e9:2e:f8:58:
         7e:ea:07:f7:2c:b7:72:5e:fc:dc:99:53:4c:38:1a:f2:27:bd:
         20:d9:6d:07:23:88:f7:e2:cf:7c:db:f3:4c:05:2b:bf:a6:bb:
         1a:82:11:1d:27:5a:cd:1a:d9:2b:25:df:a3:ec:12:b8:21:d2:
         00:86:21:c1:17:cb:fc:9c:a8:c6:0a:66:19:92:1a:55:fc:81:
         23:c5:e2:72:4c:6f:7c:d5:bc:c8:3a:e4:84:f2:56:02:5b:24:
         28:17:f5:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj13UwfBeMAdzapD3Cfzd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDc1MzRlYjc3Y2FhODM2ZjhmMTE4NjMwMTY0ZTAyMzZl
NWZlODYwHhcNMjUwMTAxMjE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDhkMTlkZWMyZGVkNzE4ZWIwYjBjYTBkN2QzNWJjZDU1YTA3ZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YWyDWHjyTvASlifQHDKsBsFIQD0
kD7YEuHcfEysGTP5ygtrA+w9QfEkpCmMQdmpfD5wAGBlaTfVJLuuUmJNmQ8fSzVz
EsFbOudtu+PJVJ1gDiBuZ259Slj9segzW90tt4PObmK9j4nIPFTMPcHdKjJWmGt8
rbxJntaNH/1ZBwaoK0InG/h3j+ECXolLnoc0456wSlK2yS66o4in/xQ5Y+UxBO3a
lvhPh2CyhCagP6jILJ9cEC8fp973djveXWnILt/AMReHZKJOq8FuUNb86UeQVkdC
cWeqKPZTWsnBtbijQHBxqb+LTE1rx1vxAnrS8VyL8eFm1F2P3NjQsgQT8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCNGd7C3tcY6wsMoNfTW81VoH+fMB8GA1UdIwQY
MBaAFAAHU063fKqDb48RhjAWTgI25f6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgt
NmQxYzliMTUzY2YwLzEvY0kwWjNzTGUxeGpyQ3d5ZzE5TmJ6VldnZjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80MWU5MGMtNjFjYy00NzBjLWEzODgtNmQxYzliMTUzY2Yw
LzEvQUFkVFRyZDhxb052anhHR01CWk9BamJsX29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4e2MA0G
CSqGSIb3DQEBCwUAA4IBAQBhtRSfxeMSW0l7s7zfWb5WtxbkqGk08WeluWP2qoER
05XKGuqWQ1fcRbX9Qo8pbvLQaTCnF/kOsbddsFrzIdC56KUPW6VtXeVhC+hgQLbN
rzYq7b5NcrbHXFGmEboWN5gwhO++AGr0F6DBf4Dpdmto32HvqgSJBHmW9MO5564G
niPjcOug7riWddn6aj4/X4hCxemTPhJeSFu0Jmgubeku+Fh+6gf3LLdyXvzcmVNM
OBryJ70g2W0HI4j34s982/NMBSu/prsaghEdJ1rNGtkrJd+j7BK4IdIAhiHBF8v8
nKjGCmYZkhpV/IEjxeJyTG981bzIOuSE8lYCWyQoF/Ur
-----END CERTIFICATE-----