Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/Lip4-3yfZWofIAHoNkWBp5iK9-8.roa
File:                     Lip4-3yfZWofIAHoNkWBp5iK9-8.roa (raw, json)
Hash identifier:          2JrvwxJWjKYKZ59keQxCZX9LUbL314wfx32W++D+URw=
Subject key identifier:   2E:2A:78:FB:7C:9F:65:6A:1F:20:01:E8:36:45:81:A7:98:8A:F7:EF
Certificate issuer:       /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial:       018EBC3DDB2A6EEFF133D401BD4954653FE6
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/Lip4-3yfZWofIAHoNkWBp5iK9-8.roa
Signing time:             Mon 08 Apr 2024 05:45:54 +0000
ROA not before:           Mon 08 Apr 2024 05:45:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9002
IP address blocks:        31.128.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:3d:db:2a:6e:ef:f1:33:d4:01:bd:49:54:65:3f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
        Validity
            Not Before: Apr  8 05:45:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e2a78fb7c9f656a1f2001e8364581a7988af7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a5:bb:6f:cf:6c:2e:2a:6b:83:5a:bc:48:5d:
                    53:53:83:8a:7c:f4:fa:dc:4e:a1:cb:56:e2:13:17:
                    f3:e3:c6:75:1e:ec:60:81:5d:ba:8e:0e:26:f2:90:
                    96:bc:89:f4:b8:be:1b:79:5e:3f:9a:8b:e0:37:d7:
                    07:16:d2:8e:b5:45:6b:32:50:26:3a:63:0c:a4:89:
                    b6:9d:6c:09:b5:25:bd:2c:2b:fa:ed:cc:0c:d5:6b:
                    2f:a5:36:b3:5b:4e:1f:a0:aa:b0:30:b3:d2:43:f1:
                    59:c3:8b:15:e6:7d:c6:aa:1f:2b:db:ab:c1:df:8e:
                    8f:38:b1:8a:14:6d:f3:39:47:35:34:a6:9a:af:3c:
                    e8:a3:da:ad:70:af:bd:4d:ba:b1:bd:db:22:90:30:
                    7a:8b:d4:6f:bc:42:18:05:62:43:d5:c3:2d:07:e8:
                    29:2d:a3:e8:6f:a9:2c:66:88:af:25:ed:5e:4b:6c:
                    c6:6d:ab:7f:5a:98:12:29:af:8a:fe:10:c2:bc:5a:
                    9a:94:4c:ba:35:a3:af:72:c6:96:88:c4:48:1d:43:
                    79:42:05:cb:93:13:64:42:61:a3:ce:a3:87:9f:93:
                    08:af:5d:a0:a4:eb:68:fd:f8:a3:ed:b2:14:32:25:
                    a1:f6:a2:74:3b:0a:92:ee:cd:0a:ef:7e:21:2d:80:
                    99:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:2A:78:FB:7C:9F:65:6A:1F:20:01:E8:36:45:81:A7:98:8A:F7:EF
            X509v3 Authority Key Identifier:
                keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/Lip4-3yfZWofIAHoNkWBp5iK9-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:1c:70:e7:f7:38:b7:26:44:44:fe:d6:ca:ad:58:53:d0:ff:
         6a:b8:1c:8a:b2:9b:ab:38:09:13:23:99:46:99:5b:37:d2:e9:
         43:87:05:9a:e7:18:e4:4d:cb:bb:f3:71:db:f4:04:82:67:6d:
         03:bf:0a:ea:5f:26:fb:3b:3d:5f:7c:20:5e:06:6c:e6:b6:06:
         d7:0a:95:b8:e3:b8:81:e7:bc:f3:4d:2f:8e:ed:6d:3d:ec:f3:
         da:e8:94:3e:20:e8:72:cf:44:1e:54:48:35:63:c2:8c:5c:46:
         d7:5c:0e:12:69:29:05:12:61:ce:e2:ff:21:24:79:ff:06:3f:
         61:ce:bf:e8:95:eb:59:34:00:ae:43:91:07:f7:0b:ff:07:fc:
         12:e2:41:b1:5c:4d:91:e7:88:9f:bd:02:00:32:4d:49:b3:ba:
         2f:26:12:f5:b0:b4:42:92:c5:c9:c1:c5:6e:f9:eb:fc:d8:26:
         35:c5:c3:9f:d4:f5:89:5e:91:08:fe:f5:2a:7a:a2:c9:cb:0a:
         f1:99:65:1c:06:68:f4:2e:68:26:b5:e3:63:1b:9d:52:7f:a9:
         6b:92:12:95:51:4c:0f:2a:44:c2:17:8f:9e:4e:19:e4:2f:ab:
         83:c8:b4:15:60:8b:e8:03:09:54:30:ca:70:7f:90:34:3b:5c:
         20:77:81:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY68Pdsqbu/xM9QBvUlUZT/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjQwNDA4MDU0NTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTJhNzhmYjdjOWY2NTZhMWYyMDAxZTgzNjQ1ODFhNzk4OGFmN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qW7b89sLiprg1q8SF1TU4OKfPT6
3E6hy1biExfz48Z1HuxggV26jg4m8pCWvIn0uL4beV4/movgN9cHFtKOtUVrMlAm
OmMMpIm2nWwJtSW9LCv67cwM1WsvpTazW04foKqwMLPSQ/FZw4sV5n3Gqh8r26vB
346POLGKFG3zOUc1NKaarzzoo9qtcK+9TbqxvdsikDB6i9RvvEIYBWJD1cMtB+gp
LaPob6ksZoivJe1eS2zGbat/WpgSKa+K/hDCvFqalEy6NaOvcsaWiMRIHUN5QgXL
kxNkQmGjzqOHn5MIr12gpOto/fij7bIUMiWh9qJ0OwqS7s0K734hLYCZwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4qePt8n2VqHyAB6DZFgaeYivfvMB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvTGlwNC0zeWZaV29mSUFIb05rV0JwNWlLOS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH4AgMA0G
CSqGSIb3DQEBCwUAA4IBAQCUHHDn9zi3JkRE/tbKrVhT0P9quByKspurOAkTI5lG
mVs30ulDhwWa5xjkTcu783Hb9ASCZ20DvwrqXyb7Oz1ffCBeBmzmtgbXCpW447iB
57zzTS+O7W097PPa6JQ+IOhyz0QeVEg1Y8KMXEbXXA4SaSkFEmHO4v8hJHn/Bj9h
zr/oletZNACuQ5EH9wv/B/wS4kGxXE2R54ifvQIAMk1Js7ovJhL1sLRCksXJwcVu
+ev82CY1xcOf1PWJXpEI/vUqeqLJywrxmWUcBmj0LmgmteNjG51Sf6lrkhKVUUwP
KkTCF4+eThnkL6uDyLQVYIvoAwlUMMpwf5A0O1wgd4H8
-----END CERTIFICATE-----