Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/hneEI4ylnkf5Lg-F5FZKM5VGZO4.roa
File:                     hneEI4ylnkf5Lg-F5FZKM5VGZO4.roa (raw, json)
Hash identifier:          iPrad/Wwp8wvgQGfsVqLfjhf2gFZgXnmdDxqimD724Y=
Subject key identifier:   86:77:84:23:8C:A5:9E:47:F9:2E:0F:85:E4:56:4A:33:95:46:64:EE
Certificate issuer:       /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial:       018EBF65EFA7C10F8FEDF34FFAE54EA5442A
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/hneEI4ylnkf5Lg-F5FZKM5VGZO4.roa
Signing time:             Mon 08 Apr 2024 20:28:32 +0000
ROA not before:           Mon 08 Apr 2024 20:28:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15855
IP address blocks:        31.1.0.0/16 maxlen: 16
                          31.2.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bf:65:ef:a7:c1:0f:8f:ed:f3:4f:fa:e5:4e:a5:44:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
        Validity
            Not Before: Apr  8 20:28:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=867784238ca59e47f92e0f85e4564a33954664ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:da:22:9c:4a:86:94:5f:06:a1:ea:8d:af:db:
                    66:ac:c7:62:d6:e4:90:53:30:51:21:65:03:b6:83:
                    39:64:11:e1:9f:2b:59:aa:bc:a6:c1:5f:ee:8a:23:
                    46:fb:c7:de:9a:ff:05:dd:b0:32:92:ee:6c:71:22:
                    ed:8b:a7:d9:13:1b:e0:2f:ce:79:1b:5a:20:bb:6b:
                    ac:3b:cc:10:1c:07:e5:ca:df:1e:09:ee:29:1c:5d:
                    24:db:21:ac:bf:79:cf:63:02:e5:95:f6:bb:9c:f9:
                    7f:51:57:e0:91:1c:c5:0a:83:5e:71:74:66:ab:7c:
                    35:f6:63:f8:ab:3c:ae:7f:aa:38:c0:89:cb:f4:46:
                    4c:60:30:e1:bf:3c:81:4f:40:e3:a4:d8:93:cd:9e:
                    3b:16:68:6d:a6:f7:ef:54:4d:e7:21:e0:47:d2:2a:
                    bb:18:ab:2a:20:e1:bc:9a:fd:e9:65:2e:fb:23:03:
                    77:3d:6b:ce:8c:22:4e:24:30:15:0c:05:14:8c:c7:
                    30:f4:73:18:67:fe:b6:7e:da:42:76:a5:89:de:53:
                    e1:b1:4d:64:4b:37:df:bf:71:2e:9f:86:43:b5:d1:
                    5a:41:03:e6:ab:22:fc:c7:91:96:53:02:37:03:56:
                    26:99:68:ca:70:fe:3d:d3:f1:be:e5:0b:de:00:bd:
                    4e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:77:84:23:8C:A5:9E:47:F9:2E:0F:85:E4:56:4A:33:95:46:64:EE
            X509v3 Authority Key Identifier:
                keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/hneEI4ylnkf5Lg-F5FZKM5VGZO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.1.0.0-31.2.127.255

    Signature Algorithm: sha256WithRSAEncryption
         90:1b:c6:b7:61:33:43:e4:63:52:a6:8e:b4:8e:3e:4d:3e:04:
         8c:e3:ed:23:bc:bf:4b:e4:8c:34:00:b2:79:7c:8f:fb:27:5b:
         be:e6:03:f2:c5:b7:3a:e3:1d:5c:82:a5:55:26:78:a1:51:f2:
         b7:a1:31:9a:f2:0c:1e:4c:80:71:ef:8d:ca:f9:b9:4b:6d:25:
         d2:a2:0d:22:31:4e:84:5d:7a:b2:ba:d8:ee:86:40:c9:0c:0f:
         89:42:6c:d8:e3:cb:d6:4d:c7:36:20:ef:a1:1a:24:1b:9a:34:
         6e:2b:1e:4a:ee:0d:31:59:9b:39:b0:f5:86:e7:09:e0:66:5b:
         4a:e1:8d:b3:f1:81:09:4c:6f:91:d2:55:2a:2e:0e:58:49:90:
         38:dc:43:a5:6b:55:c9:77:ae:20:b7:84:0b:d4:c8:70:1c:b4:
         f3:9d:55:28:eb:ed:18:3a:5a:cd:4e:bf:0a:b4:3a:69:5e:38:
         2b:55:46:2a:31:2a:5c:e3:43:82:51:50:fb:d8:6f:17:91:89:
         67:15:40:50:66:a2:4a:45:04:b5:06:28:73:3a:50:f7:61:bb:
         a6:29:4c:11:d4:c1:2a:3d:87:76:56:d7:ef:a7:b7:41:cb:b7:
         6a:36:66:c6:fc:d8:49:6f:01:c2:7c:a5:69:e0:36:e2:11:81:
         16:66:e7:f5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY6/Ze+nwQ+P7fNP+uVOpUQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjQwNDA4MjAyODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc3ODQyMzhjYTU5ZTQ3ZjkyZTBmODVlNDU2NGEzMzk1NDY2NGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytoinEqGlF8GoeqNr9tmrMdi1uSQ
UzBRIWUDtoM5ZBHhnytZqrymwV/uiiNG+8femv8F3bAyku5scSLti6fZExvgL855
G1ogu2usO8wQHAflyt8eCe4pHF0k2yGsv3nPYwLllfa7nPl/UVfgkRzFCoNecXRm
q3w19mP4qzyuf6o4wInL9EZMYDDhvzyBT0DjpNiTzZ47FmhtpvfvVE3nIeBH0iq7
GKsqIOG8mv3pZS77IwN3PWvOjCJOJDAVDAUUjMcw9HMYZ/62ftpCdqWJ3lPhsU1k
Szffv3Eun4ZDtdFaQQPmqyL8x5GWUwI3A1YmmWjKcP490/G+5QveAL1OTQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIZ3hCOMpZ5H+S4PheRWSjOVRmTuMB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvaG5lRUk0eWxua2Y1TGctRjVGWktNNVZHWk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwAfAQME
Bx8CADANBgkqhkiG9w0BAQsFAAOCAQEAkBvGt2EzQ+RjUqaOtI4+TT4EjOPtI7y/
S+SMNACyeXyP+ydbvuYD8sW3OuMdXIKlVSZ4oVHyt6ExmvIMHkyAce+Nyvm5S20l
0qINIjFOhF16srrY7oZAyQwPiUJs2OPL1k3HNiDvoRokG5o0biseSu4NMVmbObD1
hucJ4GZbSuGNs/GBCUxvkdJVKi4OWEmQONxDpWtVyXeuILeEC9TIcBy0851VKOvt
GDpazU6/CrQ6aV44K1VGKjEqXONDglFQ+9hvF5GJZxVAUGaiSkUEtQYoczpQ92G7
pilMEdTBKj2HdlbX76e3Qcu3ajZmxvzYSW8BwnylaeA24hGBFmbn9Q==
-----END CERTIFICATE-----