Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/31oYjp6PLJpPUmjfWGkZbeYiY7U.roa
File:                     31oYjp6PLJpPUmjfWGkZbeYiY7U.roa (raw, json)
Hash identifier:          p4fcdg3gF+XAkTKqc6yuDTm6Sh9yBzCyMUbwfF6k9a8=
Subject key identifier:   DF:5A:18:8E:9E:8F:2C:9A:4F:52:68:DF:58:69:19:6D:E6:22:63:B5
Certificate issuer:       /CN=c8d02a9a3a3338ae63d484ef3006b8ad6eafaa1a
Certificate serial:       018CC801166944AE16D8E59438819E3CFF77
Authority key identifier: C8:D0:2A:9A:3A:33:38:AE:63:D4:84:EF:30:06:B8:AD:6E:AF:AA:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNAqmjozOK5j1ITvMAa4rW6vqho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/31oYjp6PLJpPUmjfWGkZbeYiY7U.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34471
IP address blocks:        45.84.48.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/yNAqmjozOK5j1ITvMAa4rW6vqho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/yNAqmjozOK5j1ITvMAa4rW6vqho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNAqmjozOK5j1ITvMAa4rW6vqho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:16:69:44:ae:16:d8:e5:94:38:81:9e:3c:ff:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d02a9a3a3338ae63d484ef3006b8ad6eafaa1a
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df5a188e9e8f2c9a4f5268df5869196de62263b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9f:74:39:c5:f3:51:bb:a3:91:bc:ad:16:ae:
                    5f:37:10:ee:cc:29:bb:0b:fb:d7:63:b0:ed:aa:e0:
                    af:92:b3:54:2b:54:bb:13:c3:96:12:5d:b9:91:3c:
                    04:2b:bb:2d:54:7f:9c:bb:cf:ba:98:da:03:2d:9d:
                    e4:d3:01:11:6c:71:3b:f1:64:2a:fb:0c:ec:78:08:
                    9a:77:ce:e0:f5:a6:be:9a:77:c9:08:6f:a5:ba:81:
                    10:31:1b:ee:34:33:5a:c6:00:4a:34:7d:08:36:0c:
                    93:fc:4b:79:cd:55:97:20:7a:90:8d:1e:52:f7:7c:
                    c9:70:0f:2d:a7:ec:ef:97:f9:95:90:ce:14:4f:37:
                    57:2a:8e:e6:da:cd:7a:a3:cc:ef:13:67:69:3a:29:
                    49:1e:f8:bc:b2:0b:37:fd:e1:33:ff:c8:71:72:13:
                    92:19:10:94:52:7a:b4:1c:65:8c:95:6a:41:b2:59:
                    93:1b:ea:d4:69:48:65:f9:95:8d:bd:56:f5:66:78:
                    6b:c7:6b:f8:c6:b3:35:b0:70:8c:62:57:a6:40:b7:
                    59:fc:fc:88:35:44:7e:72:82:dc:0d:4b:2c:1d:5e:
                    8c:a9:03:0b:92:5d:74:06:87:6a:b7:0c:61:1a:67:
                    9b:3e:50:ed:df:8a:e9:d7:67:fa:36:d7:b0:61:58:
                    3d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5A:18:8E:9E:8F:2C:9A:4F:52:68:DF:58:69:19:6D:E6:22:63:B5
            X509v3 Authority Key Identifier:
                keyid:C8:D0:2A:9A:3A:33:38:AE:63:D4:84:EF:30:06:B8:AD:6E:AF:AA:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNAqmjozOK5j1ITvMAa4rW6vqho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/31oYjp6PLJpPUmjfWGkZbeYiY7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/5151c5-faa4-45ef-b238-b69cdb4efd82/1/yNAqmjozOK5j1ITvMAa4rW6vqho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:4d:a7:b9:f9:23:35:df:33:fd:a1:8e:4e:ac:36:59:1d:3e:
         4f:43:b9:87:aa:29:3c:b7:31:3f:2b:3d:8a:a1:16:23:8e:b9:
         8a:2e:34:ca:0c:c7:7f:32:5c:ff:60:2b:83:89:40:48:53:e4:
         e6:1c:04:d7:31:da:ac:21:9d:a0:e9:89:0b:e0:39:b5:13:ec:
         36:a0:52:60:2b:81:68:c6:8c:54:97:e2:28:63:8c:6f:a4:80:
         af:e7:38:34:51:19:0b:d8:26:d9:b0:88:d8:51:d9:ed:1e:50:
         9e:3d:73:87:e3:44:80:a4:91:2a:e0:01:b5:57:61:2e:e1:4d:
         8f:7e:c8:38:98:01:54:93:12:23:6b:42:ef:e1:a6:02:a0:aa:
         e7:ae:b3:52:47:c0:54:d8:6c:83:bf:59:62:6d:fa:f5:ff:1d:
         f6:4d:5d:89:1f:fe:14:bd:c7:35:f3:56:0f:ef:93:8a:2b:8c:
         d9:ba:8d:d7:5b:51:00:b1:3f:7a:db:2a:b7:2a:41:1d:85:3f:
         b2:a6:f9:48:4f:c3:f8:38:f3:73:8b:98:ca:9d:7b:ad:7b:4a:
         bb:37:98:14:cc:ee:3d:9e:05:e4:75:c1:32:58:97:29:37:0c:
         76:1e:5a:bb:32:8f:72:a1:31:97:24:64:05:2e:54:76:12:97:
         5f:21:f2:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARZpRK4W2OWUOIGePP93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDAyYTlhM2EzMzM4YWU2M2Q0ODRlZjMwMDZiOGFkNmVh
ZmFhMWEwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjVhMTg4ZTllOGYyYzlhNGY1MjY4ZGY1ODY5MTk2ZGU2MjI2M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw590OcXzUbujkbytFq5fNxDuzCm7
C/vXY7DtquCvkrNUK1S7E8OWEl25kTwEK7stVH+cu8+6mNoDLZ3k0wERbHE78WQq
+wzseAiad87g9aa+mnfJCG+luoEQMRvuNDNaxgBKNH0INgyT/Et5zVWXIHqQjR5S
93zJcA8tp+zvl/mVkM4UTzdXKo7m2s16o8zvE2dpOilJHvi8sgs3/eEz/8hxchOS
GRCUUnq0HGWMlWpBslmTG+rUaUhl+ZWNvVb1Znhrx2v4xrM1sHCMYlemQLdZ/PyI
NUR+coLcDUssHV6MqQMLkl10BodqtwxhGmebPlDt34rp12f6NtewYVg9pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9aGI6ejyyaT1Jo31hpGW3mImO1MB8GA1UdIwQY
MBaAFMjQKpo6MziuY9SE7zAGuK1ur6oaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5BcW1qb3pPSzVqMUlUdk1BYTRyVzZ2cWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy81MTUxYzUtZmFhNC00NWVmLWIyMzgt
YjY5Y2RiNGVmZDgyLzEvMzFvWWpwNlBMSnBQVW1qZldHa1piZVlpWTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy81MTUxYzUtZmFhNC00NWVmLWIyMzgtYjY5Y2RiNGVmZDgy
LzEveU5BcW1qb3pPSzVqMUlUdk1BYTRyVzZ2cWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVQwMA0G
CSqGSIb3DQEBCwUAA4IBAQA/Tae5+SM13zP9oY5OrDZZHT5PQ7mHqik8tzE/Kz2K
oRYjjrmKLjTKDMd/Mlz/YCuDiUBIU+TmHATXMdqsIZ2g6YkL4Dm1E+w2oFJgK4Fo
xoxUl+IoY4xvpICv5zg0URkL2CbZsIjYUdntHlCePXOH40SApJEq4AG1V2Eu4U2P
fsg4mAFUkxIja0Lv4aYCoKrnrrNSR8BU2GyDv1libfr1/x32TV2JH/4Uvcc181YP
75OKK4zZuo3XW1EAsT962yq3KkEdhT+ypvlIT8P4OPNzi5jKnXute0q7N5gUzO49
ngXkdcEyWJcpNwx2Hlq7Mo9yoTGXJGQFLlR2EpdfIfK3
-----END CERTIFICATE-----