Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/I8M09wEb8pPy5aE1tmLVBA1QjII.roa
File:                     I8M09wEb8pPy5aE1tmLVBA1QjII.roa (raw, json)
Hash identifier:          H2KzL98idyYXiGDF46vhI9MdVSfKRRTkQwlTKnfvbNE=
Subject key identifier:   23:C3:34:F7:01:1B:F2:93:F2:E5:A1:35:B6:62:D5:04:0D:50:8C:82
Certificate issuer:       /CN=a939cc1621ee3010ae98e127bd254a7833fd2827
Certificate serial:       019427B54AB2E9A5CB606FF3A0BEBD575CD4
Authority key identifier: A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/I8M09wEb8pPy5aE1tmLVBA1QjII.roa
Signing time:             Thu 02 Jan 2025 15:49:39 +0000
ROA not before:           Thu 02 Jan 2025 15:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48964
IP address blocks:        31.133.114.0/24 maxlen: 24
                          31.133.116.0/24 maxlen: 24
                          31.133.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:4a:b2:e9:a5:cb:60:6f:f3:a0:be:bd:57:5c:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a939cc1621ee3010ae98e127bd254a7833fd2827
        Validity
            Not Before: Jan  2 15:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23c334f7011bf293f2e5a135b662d5040d508c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:df:e4:8e:97:8d:90:75:9e:30:55:09:4e:6f:
                    c0:62:f0:b6:b9:87:18:b4:ca:8f:d6:b7:93:90:ec:
                    58:cc:f0:21:48:2d:e1:f2:4f:48:d2:b3:00:1f:db:
                    94:53:5d:ee:c4:cc:0f:75:35:7a:bf:3e:b4:1d:ff:
                    d6:da:f3:60:dc:e1:41:ad:cc:54:85:69:09:9d:6e:
                    3f:f6:01:d2:06:c5:f5:51:c0:a5:48:ad:77:d2:9d:
                    c0:b1:6f:1b:0b:72:f4:9a:51:f1:b2:b3:60:57:3e:
                    b3:80:8b:6b:d5:2d:15:0c:4b:44:73:1e:fa:ec:ec:
                    e8:48:83:80:1a:b7:30:77:eb:92:aa:36:d6:fd:75:
                    57:cf:66:f5:13:59:af:1c:66:15:04:f0:31:de:03:
                    70:e7:eb:ed:98:e1:e2:67:ef:15:1d:32:f1:2c:55:
                    e8:36:d8:7f:95:e7:b5:0d:8d:9b:ca:0b:97:5d:a3:
                    47:71:4c:c4:09:6a:a6:7b:85:51:62:af:8f:05:95:
                    ef:85:6c:57:16:29:b4:ae:00:7d:e6:cb:71:ba:70:
                    31:24:e9:dc:a1:91:53:2c:06:e7:78:c4:09:bc:3c:
                    33:4a:98:09:7e:2b:86:00:e8:6d:f7:e9:c7:0a:9e:
                    8a:e3:1a:af:c4:de:6f:a0:5a:3c:f1:f5:c9:7a:ab:
                    04:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C3:34:F7:01:1B:F2:93:F2:E5:A1:35:B6:62:D5:04:0D:50:8C:82
            X509v3 Authority Key Identifier:
                keyid:A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/I8M09wEb8pPy5aE1tmLVBA1QjII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.114.0/24
                  31.133.116.0/24
                  31.133.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:8a:8e:2b:e4:77:ae:0c:97:2d:ef:1b:08:24:b0:4e:ee:8d:
         30:6d:3b:76:05:27:da:69:38:36:21:bb:27:46:05:1b:7f:1b:
         d9:95:04:af:f3:c2:76:ac:f0:c6:02:ac:d8:2e:74:94:9c:b8:
         9b:d5:dd:b4:a0:9d:3d:5f:d0:8e:67:5e:33:5b:79:74:33:c0:
         98:13:1e:c6:98:ea:45:6b:96:98:ce:27:07:aa:7c:36:af:91:
         86:a1:2d:ef:23:df:f7:b7:10:4f:d6:6d:88:b3:0b:55:2a:e7:
         7e:5b:b2:cd:05:b7:7c:68:1d:d1:aa:74:ff:57:93:a1:5d:77:
         de:df:02:e9:df:48:73:61:ce:2b:56:28:0d:e2:9e:76:03:fc:
         91:aa:33:bb:9f:5b:35:ec:e0:c7:b8:22:69:58:00:e5:b2:94:
         31:98:7d:99:61:b6:83:21:60:f2:be:b3:a4:71:c2:60:63:c1:
         8b:83:af:24:50:b2:4d:9c:94:2f:0b:06:79:ca:dd:62:d6:0b:
         d7:bc:dd:cc:b9:35:7c:5f:f3:51:91:bf:89:ea:c5:8e:6a:aa:
         b2:cb:dd:28:21:f2:08:03:92:7d:3f:c4:78:b6:91:ba:33:77:
         3f:56:e5:91:2f:f8:a8:51:27:03:06:9c:1b:78:f3:73:09:a5:
         d6:1d:e8:e4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntUqy6aXLYG/zoL69V1zUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzljYzE2MjFlZTMwMTBhZTk4ZTEyN2JkMjU0YTc4MzNm
ZDI4MjcwHhcNMjUwMTAyMTU0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MzMzRmNzAxMWJmMjkzZjJlNWExMzViNjYyZDUwNDBkNTA4YzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19/kjpeNkHWeMFUJTm/AYvC2uYcY
tMqP1reTkOxYzPAhSC3h8k9I0rMAH9uUU13uxMwPdTV6vz60Hf/W2vNg3OFBrcxU
hWkJnW4/9gHSBsX1UcClSK130p3AsW8bC3L0mlHxsrNgVz6zgItr1S0VDEtEcx76
7OzoSIOAGrcwd+uSqjbW/XVXz2b1E1mvHGYVBPAx3gNw5+vtmOHiZ+8VHTLxLFXo
Nth/lee1DY2byguXXaNHcUzECWqme4VRYq+PBZXvhWxXFim0rgB95stxunAxJOnc
oZFTLAbneMQJvDwzSpgJfiuGAOht9+nHCp6K4xqvxN5voFo88fXJeqsETQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCPDNPcBG/KT8uWhNbZi1QQNUIyCMB8GA1UdIwQY
MBaAFKk5zBYh7jAQrpjhJ70lSngz/SgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYt
YjA2MTk0ZDEzYzZiLzEvSThNMDl3RWI4cFB5NWFFMXRtTFZCQTFRaklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYtYjA2MTk0ZDEzYzZi
LzEvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH4VyAwQA
H4V0AwQAH4V3MA0GCSqGSIb3DQEBCwUAA4IBAQBKio4r5HeuDJct7xsIJLBO7o0w
bTt2BSfaaTg2IbsnRgUbfxvZlQSv88J2rPDGAqzYLnSUnLib1d20oJ09X9COZ14z
W3l0M8CYEx7GmOpFa5aYzicHqnw2r5GGoS3vI9/3txBP1m2IswtVKud+W7LNBbd8
aB3RqnT/V5OhXXfe3wLp30hzYc4rVigN4p52A/yRqjO7n1s17ODHuCJpWADlspQx
mH2ZYbaDIWDyvrOkccJgY8GLg68kULJNnJQvCwZ5yt1i1gvXvN3MuTV8X/NRkb+J
6sWOaqqyy90oIfIIA5J9P8R4tpG6M3c/VuWRL/ioUScDBpwbePNzCaXWHejk
-----END CERTIFICATE-----