Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/zdE4E7UlcPuuMllQ-3loEYot7Oc.roa
File:                     zdE4E7UlcPuuMllQ-3loEYot7Oc.roa (raw, json)
Hash identifier:          i1F72yj5JbqrwE7K2OItelzj+3kHCSZOKdL6Y/ui61Y=
Subject key identifier:   CD:D1:38:13:B5:25:70:FB:AE:32:59:50:FB:79:68:11:8A:2D:EC:E7
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       0192FC264D0D123364949886C8D1B59652EF
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/zdE4E7UlcPuuMllQ-3loEYot7Oc.roa
Signing time:             Tue 05 Nov 2024 11:47:01 +0000
ROA not before:           Tue 05 Nov 2024 11:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60707
IP address blocks:        31.169.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:26:4d:0d:12:33:64:94:98:86:c8:d1:b5:96:52:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Nov  5 11:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdd13813b52570fbae325950fb7968118a2dece7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bc:3d:4e:86:a3:d1:f6:f8:86:93:19:e8:0f:
                    fd:93:78:bc:cd:ef:41:97:47:24:51:2f:05:db:79:
                    b6:42:ed:5a:dc:25:30:c9:ff:a3:df:bd:ff:2b:a3:
                    b8:cc:90:20:81:a9:29:ec:23:ac:a8:a0:f3:8c:4c:
                    45:4b:b0:6b:1a:6f:09:ef:f6:53:f7:a0:7f:72:e0:
                    77:f7:e1:69:03:91:6e:c3:17:0b:64:e9:9f:2c:72:
                    5c:3d:1d:17:9f:c7:a3:a7:35:d2:05:e2:d3:31:fa:
                    4a:43:48:92:c4:90:eb:29:cd:fa:c9:e2:8d:07:e3:
                    08:ef:57:a2:b3:b6:a4:94:a4:19:30:1d:79:31:24:
                    c4:35:ea:6c:c4:2d:a6:12:34:e0:77:1b:6d:48:7e:
                    a7:0e:c3:6f:dc:26:25:46:3c:29:4f:02:2a:06:a4:
                    45:8d:30:a3:83:94:45:55:da:db:26:4b:a9:d6:4d:
                    c8:a3:b0:3a:f1:f4:3a:aa:1e:49:26:c7:8a:5d:a7:
                    a9:a3:8a:2b:19:da:24:e7:19:55:9a:4a:75:5b:d5:
                    c2:2d:34:c8:e5:47:8e:22:1e:68:35:40:96:48:cc:
                    fd:d0:7c:e2:77:87:35:33:8d:81:b4:4a:be:4d:f7:
                    f1:74:f4:eb:aa:cc:27:dd:36:e0:52:c9:bf:05:83:
                    17:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D1:38:13:B5:25:70:FB:AE:32:59:50:FB:79:68:11:8A:2D:EC:E7
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/zdE4E7UlcPuuMllQ-3loEYot7Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:28:f2:2a:bf:b1:b8:ad:0d:36:41:70:8f:5c:40:14:94:d9:
         6c:47:b1:77:46:fc:d1:b2:ed:39:17:f0:12:a7:a9:cf:f1:08:
         1c:12:f6:ed:d4:ae:96:b8:a3:3d:04:b8:58:d8:a9:2f:b7:6d:
         d5:76:a4:1a:57:cc:b2:24:fd:ae:a2:26:1a:72:96:ea:87:22:
         c1:1e:07:f8:bb:27:ce:7f:4a:16:46:56:4b:50:7a:58:7f:f0:
         36:f4:6d:5e:da:2b:0a:45:4f:f3:f8:60:4d:7d:de:58:69:a7:
         f3:b0:25:5a:ad:55:93:89:38:c9:cb:37:e9:9e:8b:98:47:aa:
         97:21:0b:16:ff:38:65:87:81:0f:8d:c7:5e:8b:16:0d:40:26:
         de:e5:65:3a:e1:f0:9d:de:e2:f9:4e:9e:40:f4:ee:ac:a6:3f:
         ab:ec:e7:59:a6:06:77:aa:54:0b:f0:41:c4:26:e1:fc:b3:05:
         d3:e2:fe:f7:16:9d:86:ef:d0:2c:23:27:74:11:44:37:ec:3d:
         f7:64:ba:37:e8:5e:f2:87:a2:8a:e0:38:22:78:21:78:ad:8c:
         52:39:c1:04:c5:4a:0e:f6:d6:a8:58:80:55:fc:84:d8:44:ef:
         24:95:ef:71:76:69:cf:bf:ce:0e:65:97:8a:72:19:d3:03:24:
         72:86:61:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL8Jk0NEjNklJiGyNG1llLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQxMTA1MTE0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGQxMzgxM2I1MjU3MGZiYWUzMjU5NTBmYjc5NjgxMThhMmRlY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7w9Toaj0fb4hpMZ6A/9k3i8ze9B
l0ckUS8F23m2Qu1a3CUwyf+j373/K6O4zJAggakp7COsqKDzjExFS7BrGm8J7/ZT
96B/cuB39+FpA5FuwxcLZOmfLHJcPR0Xn8ejpzXSBeLTMfpKQ0iSxJDrKc36yeKN
B+MI71eis7aklKQZMB15MSTENepsxC2mEjTgdxttSH6nDsNv3CYlRjwpTwIqBqRF
jTCjg5RFVdrbJkup1k3Io7A68fQ6qh5JJseKXaepo4orGdok5xlVmkp1W9XCLTTI
5UeOIh5oNUCWSMz90Hzid4c1M42BtEq+TffxdPTrqswn3TbgUsm/BYMX1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3ROBO1JXD7rjJZUPt5aBGKLeznMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvemRFNEU3VWxjUHV1TWxsUS0zbG9FWW90N09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lYMA0G
CSqGSIb3DQEBCwUAA4IBAQCyKPIqv7G4rQ02QXCPXEAUlNlsR7F3RvzRsu05F/AS
p6nP8QgcEvbt1K6WuKM9BLhY2Kkvt23VdqQaV8yyJP2uoiYacpbqhyLBHgf4uyfO
f0oWRlZLUHpYf/A29G1e2isKRU/z+GBNfd5YaafzsCVarVWTiTjJyzfpnouYR6qX
IQsW/zhlh4EPjcdeixYNQCbe5WU64fCd3uL5Tp5A9O6spj+r7OdZpgZ3qlQL8EHE
JuH8swXT4v73Fp2G79AsIyd0EUQ37D33ZLo36F7yh6KK4DgieCF4rYxSOcEExUoO
9taoWIBV/ITYRO8kle9xdmnPv84OZZeKchnTAyRyhmF1
-----END CERTIFICATE-----