Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/NNjFOpBLRVEUX5OxHj__hE1Blwc.roa
File:                     NNjFOpBLRVEUX5OxHj__hE1Blwc.roa (raw, json)
Hash identifier:          lHB1qkl5V12j5mwvNZLCnlEnmIOQHK42fB9f+fxa53o=
Subject key identifier:   34:D8:C5:3A:90:4B:45:51:14:5F:93:B1:1E:3F:FF:84:4D:41:97:07
Certificate issuer:       /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial:       018CC3B7427E2FE9B0CA457A7AA15B5A15F0
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/NNjFOpBLRVEUX5OxHj__hE1Blwc.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213340
IP address blocks:        31.31.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:7e:2f:e9:b0:ca:45:7a:7a:a1:5b:5a:15:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34d8c53a904b4551145f93b11e3fff844d419707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:93:03:7f:61:32:ef:cd:2a:99:76:c0:0e:58:
                    e4:e2:91:f1:ae:b6:0f:cc:45:cc:1d:ce:f2:ba:88:
                    81:f7:d8:83:cc:a2:68:97:a3:35:94:c8:57:04:e5:
                    b2:83:86:6e:43:f3:21:53:1b:99:8a:3e:b2:62:62:
                    01:53:de:a8:f2:0d:a9:41:5d:d9:ba:66:00:d4:cb:
                    45:2c:ea:97:92:59:ce:14:8f:29:74:ea:b0:41:fd:
                    4e:11:e2:bf:2f:83:b7:53:92:3e:51:e6:63:48:bb:
                    36:43:7b:90:53:5a:0d:37:c7:4e:a3:e1:2e:9e:8d:
                    c7:f5:dd:2f:82:b5:7b:c3:21:24:b6:31:1c:cd:54:
                    69:ce:a7:a3:90:89:e7:21:34:50:ce:ba:f8:3c:7e:
                    78:c0:47:02:81:d9:8d:bc:93:d4:79:6b:4c:9c:0e:
                    f6:44:18:b4:4a:98:c3:7f:41:43:6c:ba:c9:12:3a:
                    59:7b:97:c9:10:b0:02:2a:8c:89:75:c8:44:7b:c2:
                    cc:ef:df:f9:b0:d4:b7:fa:9d:84:77:42:76:52:6e:
                    8f:36:af:cf:ba:ef:27:1b:85:53:56:1d:a3:8d:c3:
                    22:59:34:d5:44:3a:0b:20:fb:2a:bc:f8:c8:6d:84:
                    b3:5e:d7:e7:9b:3d:ba:4b:4a:46:7f:a8:cd:cc:d1:
                    77:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D8:C5:3A:90:4B:45:51:14:5F:93:B1:1E:3F:FF:84:4D:41:97:07
            X509v3 Authority Key Identifier:
                keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/NNjFOpBLRVEUX5OxHj__hE1Blwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.31.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:4b:02:10:5c:ca:f1:c4:5e:7c:d6:2c:42:9e:51:f8:f6:77:
         e3:67:76:da:9f:b0:f9:5b:0c:f8:5a:ad:da:5d:2b:d7:f5:35:
         2a:b7:85:1c:58:61:3c:8e:87:8e:ce:0a:21:63:42:93:84:e3:
         d0:d6:cb:c9:33:d7:b5:3e:65:55:33:c2:6c:71:d5:4a:f1:86:
         16:20:d5:6d:62:c7:2b:c2:e3:70:d6:94:2b:06:35:dc:ac:94:
         20:7d:fa:54:cf:38:d3:b9:a1:3b:68:3c:d7:94:1c:98:25:33:
         8b:68:01:bc:8d:e4:31:4c:a7:b2:56:3b:74:ec:4a:37:be:23:
         90:0d:c6:7f:39:64:96:7c:55:24:f3:9b:57:ab:40:54:f4:5e:
         2b:14:9f:c8:c4:e7:d4:af:7f:23:41:15:c8:42:14:86:af:e6:
         4c:ff:7c:4b:2b:7c:e5:b1:70:0b:30:e7:03:ee:06:a2:3b:94:
         81:b9:f2:6c:21:b1:ec:25:95:d4:1e:40:5d:3e:be:0d:7e:b9:
         6b:6e:97:2a:b1:9f:fa:f4:ee:ac:83:4f:ba:45:23:dd:7b:fd:
         37:0b:85:4c:8c:34:a9:da:c4:7b:b5:b6:20:e8:55:56:0e:b3:
         02:f0:3d:10:ad:00:58:09:26:19:2c:bf:6c:8d:2a:fe:56:50:
         07:04:1d:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0J+L+mwykV6eqFbWhXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQ4YzUzYTkwNGI0NTUxMTQ1ZjkzYjExZTNmZmY4NDRkNDE5NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJMDf2Ey780qmXbADljk4pHxrrYP
zEXMHc7yuoiB99iDzKJol6M1lMhXBOWyg4ZuQ/MhUxuZij6yYmIBU96o8g2pQV3Z
umYA1MtFLOqXklnOFI8pdOqwQf1OEeK/L4O3U5I+UeZjSLs2Q3uQU1oNN8dOo+Eu
no3H9d0vgrV7wyEktjEczVRpzqejkInnITRQzrr4PH54wEcCgdmNvJPUeWtMnA72
RBi0SpjDf0FDbLrJEjpZe5fJELACKoyJdchEe8LM79/5sNS3+p2Ed0J2Um6PNq/P
uu8nG4VTVh2jjcMiWTTVRDoLIPsqvPjIbYSzXtfnmz26S0pGf6jNzNF3MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTYxTqQS0VRFF+TsR4//4RNQZcHMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvTk5qRk9wQkxSVkVVWDVPeEhqX19oRTFCbHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHx+rMA0G
CSqGSIb3DQEBCwUAA4IBAQBtSwIQXMrxxF581ixCnlH49nfjZ3ban7D5Wwz4Wq3a
XSvX9TUqt4UcWGE8joeOzgohY0KThOPQ1svJM9e1PmVVM8JscdVK8YYWINVtYscr
wuNw1pQrBjXcrJQgffpUzzjTuaE7aDzXlByYJTOLaAG8jeQxTKeyVjt07Eo3viOQ
DcZ/OWSWfFUk85tXq0BU9F4rFJ/IxOfUr38jQRXIQhSGr+ZM/3xLK3zlsXALMOcD
7gaiO5SBufJsIbHsJZXUHkBdPr4NfrlrbpcqsZ/69O6sg0+6RSPde/03C4VMjDSp
2sR7tbYg6FVWDrMC8D0QrQBYCSYZLL9sjSr+VlAHBB0b
-----END CERTIFICATE-----