Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/PTSfc94GtIIUD_Uz4UcKxz70g4o.roa
File:                     PTSfc94GtIIUD_Uz4UcKxz70g4o.roa (raw, json)
Hash identifier:          SYqnkP1xgbIE5Uy1vDyATWnen2jXsbY87v32cc1BXys=
Subject key identifier:   3D:34:9F:73:DE:06:B4:82:14:0F:F5:33:E1:47:0A:C7:3E:F4:83:8A
Certificate issuer:       /CN=a939cc1621ee3010ae98e127bd254a7833fd2827
Certificate serial:       018CC492263A08923623D5C502EF3B318977
Authority key identifier: A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/PTSfc94GtIIUD_Uz4UcKxz70g4o.roa
Signing time:             Mon 01 Jan 2024 10:29:21 +0000
ROA not before:           Mon 01 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48964
IP address blocks:        31.133.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:26:3a:08:92:36:23:d5:c5:02:ef:3b:31:89:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a939cc1621ee3010ae98e127bd254a7833fd2827
        Validity
            Not Before: Jan  1 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d349f73de06b482140ff533e1470ac73ef4838a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d2:8a:bd:cc:fb:5b:4a:14:f0:94:51:e0:7c:
                    1c:f9:58:85:fc:f6:01:be:ae:9e:38:9c:fb:27:c5:
                    27:a7:4c:cc:4c:3f:56:5e:1e:cc:11:c9:71:67:e4:
                    d7:48:0c:54:57:75:d8:9f:dc:d9:e1:8e:eb:fa:df:
                    9a:29:ed:a4:a5:ee:4b:59:05:3a:d3:83:34:47:01:
                    81:71:8e:59:59:7b:66:83:90:e7:88:db:5b:b0:5b:
                    d3:67:e4:75:e6:4d:92:05:d9:44:10:8f:f7:cd:0d:
                    80:77:07:3e:f9:ce:45:41:63:04:66:3e:17:6c:66:
                    dd:5c:b7:be:50:5e:c5:21:7c:d1:1e:88:70:f5:51:
                    ac:0a:49:f8:c3:05:90:f0:2e:52:fa:6d:01:e1:6f:
                    66:9a:71:18:ef:2e:d7:0c:a7:b8:cc:e0:d8:48:ec:
                    69:25:7e:d2:b6:a7:1b:1c:55:06:d2:f4:c3:3a:89:
                    e2:9a:ab:71:eb:92:2a:63:19:3f:4e:0b:d7:e6:5b:
                    c9:09:53:a8:5d:f0:4b:c1:f5:ca:59:b6:be:b6:05:
                    83:1a:bf:2d:bb:79:99:4b:14:e0:a6:ba:31:f6:ec:
                    ea:3f:35:4e:74:1c:be:c2:5a:c1:7a:a9:88:f6:29:
                    12:d4:9e:1a:fb:c5:ea:a4:ea:5f:94:89:15:c0:7e:
                    ff:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:34:9F:73:DE:06:B4:82:14:0F:F5:33:E1:47:0A:C7:3E:F4:83:8A
            X509v3 Authority Key Identifier:
                keyid:A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/PTSfc94GtIIUD_Uz4UcKxz70g4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:3c:df:b7:51:fb:83:9a:4b:c1:6b:4a:59:3a:a5:ee:be:4b:
         f7:83:3b:7d:1f:69:99:8e:1c:e3:49:5e:b6:d6:7c:5a:ac:1e:
         99:42:44:44:36:8a:e8:85:4a:8d:bd:d6:2b:06:d6:ce:56:88:
         35:e9:a2:b1:74:4d:6a:f8:45:26:34:a4:09:cf:a9:e2:09:24:
         7c:15:98:33:c5:b9:66:85:bf:b9:62:73:67:91:d3:9a:90:2b:
         3a:0c:93:15:79:3c:be:97:90:c1:e4:83:26:53:7f:d1:2b:26:
         4a:6f:19:1e:9e:e3:98:96:f2:2b:7c:5a:a1:15:7a:64:46:7c:
         b7:79:a0:c7:ea:64:26:1e:97:c9:cc:9a:cb:56:8e:0a:2a:64:
         fa:af:c6:30:40:f2:47:13:30:e1:5f:c4:3c:7b:81:19:ca:d7:
         3e:f3:75:ea:6f:7c:5b:e2:91:74:80:f2:09:19:7f:ac:ad:9b:
         80:2b:14:84:46:1b:06:1e:dd:52:78:6b:34:e8:d5:d8:8a:07:
         61:37:fc:51:04:76:e2:ec:03:4d:c3:25:16:74:8d:a3:f9:11:
         13:37:01:fc:0e:0d:0c:07:f1:0b:cf:0c:0e:9e:fb:fd:e8:6d:
         6a:fc:1e:34:b6:e6:8a:8d:31:52:61:17:4f:26:91:23:a5:39:
         dd:3f:e7:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkiY6CJI2I9XFAu87MYl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzljYzE2MjFlZTMwMTBhZTk4ZTEyN2JkMjU0YTc4MzNm
ZDI4MjcwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDM0OWY3M2RlMDZiNDgyMTQwZmY1MzNlMTQ3MGFjNzNlZjQ4MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdKKvcz7W0oU8JRR4Hwc+ViF/PYB
vq6eOJz7J8Unp0zMTD9WXh7MEclxZ+TXSAxUV3XYn9zZ4Y7r+t+aKe2kpe5LWQU6
04M0RwGBcY5ZWXtmg5DniNtbsFvTZ+R15k2SBdlEEI/3zQ2Adwc++c5FQWMEZj4X
bGbdXLe+UF7FIXzRHohw9VGsCkn4wwWQ8C5S+m0B4W9mmnEY7y7XDKe4zODYSOxp
JX7StqcbHFUG0vTDOonimqtx65IqYxk/TgvX5lvJCVOoXfBLwfXKWba+tgWDGr8t
u3mZSxTgprox9uzqPzVOdBy+wlrBeqmI9ikS1J4a+8XqpOpflIkVwH7/tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD00n3PeBrSCFA/1M+FHCsc+9IOKMB8GA1UdIwQY
MBaAFKk5zBYh7jAQrpjhJ70lSngz/SgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYt
YjA2MTk0ZDEzYzZiLzEvUFRTZmM5NEd0SUlVRF9VejRVY0t4ejcwZzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYtYjA2MTk0ZDEzYzZi
LzEvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4V0MA0G
CSqGSIb3DQEBCwUAA4IBAQATPN+3UfuDmkvBa0pZOqXuvkv3gzt9H2mZjhzjSV62
1nxarB6ZQkRENorohUqNvdYrBtbOVog16aKxdE1q+EUmNKQJz6niCSR8FZgzxblm
hb+5YnNnkdOakCs6DJMVeTy+l5DB5IMmU3/RKyZKbxkenuOYlvIrfFqhFXpkRny3
eaDH6mQmHpfJzJrLVo4KKmT6r8YwQPJHEzDhX8Q8e4EZytc+83Xqb3xb4pF0gPIJ
GX+srZuAKxSERhsGHt1SeGs06NXYigdhN/xRBHbi7ANNwyUWdI2j+RETNwH8Dg0M
B/ELzwwOnvv96G1q/B40tuaKjTFSYRdPJpEjpTndP+ek
-----END CERTIFICATE-----