Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/T9AWnzwFPJrnRY27QHYVAg6Qf7A.roa
File:                     T9AWnzwFPJrnRY27QHYVAg6Qf7A.roa (raw, json)
Hash identifier:          ZmDLmzyqToP88LfznxsXkMvJYzCRtFS2YuiyTXx4o9I=
Subject key identifier:   4F:D0:16:9F:3C:05:3C:9A:E7:45:8D:BB:40:76:15:02:0E:90:7F:B0
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018D122420E299B743BB370B5B1AF647E26E
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/T9AWnzwFPJrnRY27QHYVAg6Qf7A.roa
Signing time:             Tue 16 Jan 2024 11:59:34 +0000
ROA not before:           Tue 16 Jan 2024 11:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61135
IP address blocks:        31.169.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:24:20:e2:99:b7:43:bb:37:0b:5b:1a:f6:47:e2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan 16 11:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd0169f3c053c9ae7458dbb407615020e907fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a3:8c:5f:ac:5a:5c:ae:75:20:7a:36:5d:8c:
                    6f:76:58:03:93:ad:26:df:eb:22:6c:97:de:20:df:
                    f6:6b:5c:cc:94:a4:77:28:a7:73:4d:f8:69:f1:3d:
                    71:e6:6e:65:b0:68:33:55:a1:74:41:90:9c:c0:05:
                    3a:59:32:fc:ed:10:f8:d7:d6:3f:59:ea:55:28:39:
                    83:43:77:5d:00:41:62:25:46:81:83:31:29:e1:9d:
                    72:0a:75:9d:95:b5:43:ce:90:3f:7a:9b:95:f8:6d:
                    6f:16:62:fe:4f:a3:8c:cd:82:a6:ba:6e:90:5b:d7:
                    cd:9e:2c:c6:91:ab:da:4a:29:a3:88:3f:bd:bd:17:
                    2c:21:d9:02:bf:c8:8f:be:d1:ff:4d:70:4f:4b:e2:
                    4c:f8:63:9f:c7:61:ff:cc:df:13:17:4d:13:20:0a:
                    19:8b:89:d7:77:b9:8d:58:18:2a:66:46:f4:50:95:
                    aa:37:a5:7e:4b:cf:f9:69:40:53:89:2f:9e:24:3f:
                    d3:ba:92:4b:88:47:3e:cf:b2:8a:87:03:b4:35:95:
                    9b:3d:5a:84:5e:25:f5:a6:0b:52:88:c3:7e:9c:42:
                    1a:d8:6f:ab:d3:7f:c0:be:24:48:c4:1a:98:f0:77:
                    74:cc:e0:6f:fb:a2:a3:29:ab:f3:4f:a7:f0:69:d8:
                    48:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D0:16:9F:3C:05:3C:9A:E7:45:8D:BB:40:76:15:02:0E:90:7F:B0
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/T9AWnzwFPJrnRY27QHYVAg6Qf7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:22:bd:e7:86:66:07:b1:c3:6b:b0:3b:b5:dc:67:72:a2:08:
         16:b6:c6:b2:01:bd:5b:17:bb:c3:44:5c:d0:a2:b3:27:5f:f8:
         d7:fd:df:9a:6a:a3:2a:91:b7:d6:cc:0d:c6:b0:43:13:bf:bc:
         a6:4d:8a:e2:5c:8b:34:c1:a3:5c:cf:6c:3a:e9:55:f9:2e:41:
         1a:86:eb:96:cb:12:8e:64:eb:b1:eb:49:c9:c7:94:cf:34:3c:
         ac:4a:76:c8:af:e6:f1:43:e7:a3:08:66:fa:3e:53:a1:33:7b:
         49:4c:77:5f:c2:98:4f:2e:e3:aa:46:e2:ad:ab:01:39:04:70:
         16:d4:d9:89:1f:0e:b0:b6:48:b8:9a:86:fa:08:4c:8e:3c:00:
         75:28:eb:a0:9e:18:c5:8f:57:cd:da:48:b1:d8:dd:c5:d1:5c:
         73:9f:72:cb:c4:d6:64:46:2c:23:c6:97:2d:8f:19:4f:cb:4b:
         cc:27:d6:58:0b:21:d6:56:3c:ac:95:b4:e3:56:b7:3a:d2:0c:
         15:fb:97:a4:d2:2e:94:e4:4c:f6:ff:b5:0a:43:9a:e1:bd:55:
         ed:f1:d1:67:d3:68:11:72:0a:92:14:ff:51:fe:3d:f3:e1:9e:
         23:76:85:76:10:39:6f:3c:78:1a:c1:65:12:17:cf:be:f7:9c:
         58:64:69:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0SJCDimbdDuzcLWxr2R+JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTE2MTE1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQwMTY5ZjNjMDUzYzlhZTc0NThkYmI0MDc2MTUwMjBlOTA3ZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaOMX6xaXK51IHo2XYxvdlgDk60m
3+sibJfeIN/2a1zMlKR3KKdzTfhp8T1x5m5lsGgzVaF0QZCcwAU6WTL87RD419Y/
WepVKDmDQ3ddAEFiJUaBgzEp4Z1yCnWdlbVDzpA/epuV+G1vFmL+T6OMzYKmum6Q
W9fNnizGkavaSimjiD+9vRcsIdkCv8iPvtH/TXBPS+JM+GOfx2H/zN8TF00TIAoZ
i4nXd7mNWBgqZkb0UJWqN6V+S8/5aUBTiS+eJD/TupJLiEc+z7KKhwO0NZWbPVqE
XiX1pgtSiMN+nEIa2G+r03/AviRIxBqY8Hd0zOBv+6KjKavzT6fwadhIHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/QFp88BTya50WNu0B2FQIOkH+wMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvVDlBV256d0ZQSnJuUlkyN1FIWVZBZzZRZjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lPMA0G
CSqGSIb3DQEBCwUAA4IBAQCyIr3nhmYHscNrsDu13GdyoggWtsayAb1bF7vDRFzQ
orMnX/jX/d+aaqMqkbfWzA3GsEMTv7ymTYriXIs0waNcz2w66VX5LkEahuuWyxKO
ZOux60nJx5TPNDysSnbIr+bxQ+ejCGb6PlOhM3tJTHdfwphPLuOqRuKtqwE5BHAW
1NmJHw6wtki4mob6CEyOPAB1KOugnhjFj1fN2kix2N3F0Vxzn3LLxNZkRiwjxpct
jxlPy0vMJ9ZYCyHWVjyslbTjVrc60gwV+5ek0i6U5Ez2/7UKQ5rhvVXt8dFn02gR
cgqSFP9R/j3z4Z4jdoV2EDlvPHgawWUSF8++95xYZGmm
-----END CERTIFICATE-----