Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/9x6CeORey6i4-S-XbaQOw8ouC34.roa
File:                     9x6CeORey6i4-S-XbaQOw8ouC34.roa (raw, json)
Hash identifier:          M9ky/86/O1AWg/i2UJgJKYGRfRgyL3NA/mHSt7QGkxE=
Subject key identifier:   F7:1E:82:78:E4:5E:CB:A8:B8:F9:2F:97:6D:A4:0E:C3:CA:2E:0B:7E
Certificate issuer:       /CN=05424afa4bcee7654bdf3ab791656e4445c2f95a
Certificate serial:       01908A592E500D360DBB6BAA04D40FF72B27
Authority key identifier: 05:42:4A:FA:4B:CE:E7:65:4B:DF:3A:B7:91:65:6E:44:45:C2:F9:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/9x6CeORey6i4-S-XbaQOw8ouC34.roa
Signing time:             Sat 06 Jul 2024 23:20:18 +0000
ROA not before:           Sat 06 Jul 2024 23:20:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        185.31.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:8a:59:2e:50:0d:36:0d:bb:6b:aa:04:d4:0f:f7:2b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05424afa4bcee7654bdf3ab791656e4445c2f95a
        Validity
            Not Before: Jul  6 23:20:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f71e8278e45ecba8b8f92f976da40ec3ca2e0b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:18:dc:ec:ad:37:cf:77:76:13:91:f4:62:c3:
                    67:43:2d:20:ff:09:13:85:0f:d5:da:1d:d5:00:65:
                    b8:59:47:fd:09:ad:68:b8:60:6a:25:df:f8:2e:47:
                    67:9f:0a:f3:9c:60:2e:71:02:b4:bb:fa:0b:a7:fb:
                    6b:bb:18:1c:5c:63:5f:e8:a7:3d:6c:4a:71:57:08:
                    07:9f:46:29:b7:53:7f:0d:d7:33:c3:1e:72:9c:c4:
                    b3:a7:23:3c:88:64:3b:09:85:5d:23:f3:74:fc:65:
                    60:69:6e:5b:e6:3b:f9:23:f9:74:cf:ae:a1:b3:d4:
                    0f:c7:42:30:8e:44:02:0a:ea:fb:38:75:96:f9:ed:
                    28:3a:63:e0:5a:6f:e8:f5:28:27:72:51:ec:4c:72:
                    61:ae:be:62:47:e3:05:b9:f7:46:c8:46:7d:8c:a1:
                    ff:50:0d:28:14:3f:e4:8c:cb:4c:41:2a:5f:f2:bb:
                    79:e1:c5:0a:cb:63:35:f2:b8:d1:7d:36:f3:9a:44:
                    e0:f1:a6:46:e9:89:c3:ed:f2:9a:7c:26:a8:e4:8f:
                    3a:72:02:b3:d4:df:ec:e7:f0:44:03:de:5c:23:c4:
                    cf:f5:86:fd:bc:46:29:17:b6:59:25:0f:41:d9:37:
                    74:8e:b3:7e:ca:38:da:a5:b4:85:0e:3c:61:fd:14:
                    cb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1E:82:78:E4:5E:CB:A8:B8:F9:2F:97:6D:A4:0E:C3:CA:2E:0B:7E
            X509v3 Authority Key Identifier:
                keyid:05:42:4A:FA:4B:CE:E7:65:4B:DF:3A:B7:91:65:6E:44:45:C2:F9:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/9x6CeORey6i4-S-XbaQOw8ouC34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:4d:c1:b4:33:e6:fc:23:31:51:7f:d8:73:3a:4e:80:84:56:
         69:75:5c:ac:64:31:9d:f4:b4:74:e9:6b:49:8a:72:00:f9:fd:
         48:05:0f:44:b3:24:83:27:a4:11:54:a8:b9:f0:0c:e1:97:64:
         27:50:99:11:78:76:b5:7d:44:80:c5:f3:99:32:0c:be:9f:ad:
         a1:1e:a2:16:ce:99:bd:69:2f:ad:40:0d:68:ad:a4:7b:8c:e5:
         27:8e:45:c0:4c:b4:03:4d:e2:1b:75:c0:bc:ca:13:cd:75:ee:
         87:63:30:77:f5:dc:2e:f8:35:b9:26:73:cf:34:64:d7:fc:6d:
         e7:f7:79:53:c1:89:a1:17:1a:b7:d0:e2:47:3d:ba:e1:07:b0:
         e3:c5:75:7c:ed:4c:e5:73:e2:4c:c4:cb:54:47:db:82:60:e7:
         31:15:03:ae:e7:bd:80:4e:31:1d:04:c8:f5:ac:59:67:5f:69:
         07:c9:12:37:8a:d9:05:94:ba:60:87:04:b6:a1:84:07:1c:0b:
         c3:20:d2:7e:42:12:c9:0b:6e:2a:44:dc:df:b2:fd:b3:2d:e9:
         3c:a5:c1:4d:24:bd:45:cb:be:41:4f:aa:ff:a0:45:01:7e:fe:
         f0:71:2a:03:93:8d:f1:c4:0b:24:de:d4:5e:9d:62:ee:eb:12:
         df:cf:64:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCKWS5QDTYNu2uqBNQP9ysnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDI0YWZhNGJjZWU3NjU0YmRmM2FiNzkxNjU2ZTQ0NDVj
MmY5NWEwHhcNMjQwNzA2MjMyMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFlODI3OGU0NWVjYmE4YjhmOTJmOTc2ZGE0MGVjM2NhMmUwYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBjc7K03z3d2E5H0YsNnQy0g/wkT
hQ/V2h3VAGW4WUf9Ca1ouGBqJd/4LkdnnwrznGAucQK0u/oLp/truxgcXGNf6Kc9
bEpxVwgHn0Ypt1N/Ddczwx5ynMSzpyM8iGQ7CYVdI/N0/GVgaW5b5jv5I/l0z66h
s9QPx0IwjkQCCur7OHWW+e0oOmPgWm/o9SgnclHsTHJhrr5iR+MFufdGyEZ9jKH/
UA0oFD/kjMtMQSpf8rt54cUKy2M18rjRfTbzmkTg8aZG6YnD7fKafCao5I86cgKz
1N/s5/BEA95cI8TP9Yb9vEYpF7ZZJQ9B2Td0jrN+yjjapbSFDjxh/RTLnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcegnjkXsuouPkvl22kDsPKLgt+MB8GA1UdIwQY
MBaAFAVCSvpLzudlS986t5FlbkRFwvlaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVKSy1rdk81MlZMM3pxM2tXVnVSRVhDLVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81MTE2ZjMtZjQ1NC00ZDcwLWI5ZDQt
MDgxYjE3OTkzM2M0LzEvOXg2Q2VPUmV5Nmk0LVMtWGJhUU93OG91QzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81MTE2ZjMtZjQ1NC00ZDcwLWI5ZDQtMDgxYjE3OTkzM2M0
LzEvQlVKSy1rdk81MlZMM3pxM2tXVnVSRVhDLVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR8IMA0G
CSqGSIb3DQEBCwUAA4IBAQCNTcG0M+b8IzFRf9hzOk6AhFZpdVysZDGd9LR06WtJ
inIA+f1IBQ9EsySDJ6QRVKi58Azhl2QnUJkReHa1fUSAxfOZMgy+n62hHqIWzpm9
aS+tQA1oraR7jOUnjkXATLQDTeIbdcC8yhPNde6HYzB39dwu+DW5JnPPNGTX/G3n
93lTwYmhFxq30OJHPbrhB7DjxXV87Uzlc+JMxMtUR9uCYOcxFQOu572ATjEdBMj1
rFlnX2kHyRI3itkFlLpghwS2oYQHHAvDINJ+QhLJC24qRNzfsv2zLek8pcFNJL1F
y75BT6r/oEUBfv7wcSoDk43xxAsk3tRenWLu6xLfz2RD
-----END CERTIFICATE-----