Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/OiptHQtYh19ufJZq6PSIZHLUI3c.roa
File:                     OiptHQtYh19ufJZq6PSIZHLUI3c.roa (raw, json)
Hash identifier:          For6t1sOwZyJ2e80rY19og+5LuRAnWhkgoU2b0sRKn8=
Subject key identifier:   3A:2A:6D:1D:0B:58:87:5F:6E:7C:96:6A:E8:F4:88:64:72:D4:23:77
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       0192ED5370860E13B877E57D664A67E3D625
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/OiptHQtYh19ufJZq6PSIZHLUI3c.roa
Signing time:             Sat 02 Nov 2024 14:42:01 +0000
ROA not before:           Sat 02 Nov 2024 14:42:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        31.130.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ed:53:70:86:0e:13:b8:77:e5:7d:66:4a:67:e3:d6:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Nov  2 14:42:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a2a6d1d0b58875f6e7c966ae8f4886472d42377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c9:75:c9:ce:8a:52:4c:15:b1:7b:90:49:09:
                    5d:6c:26:0b:e3:02:0f:b2:0c:b0:7a:00:fb:35:2d:
                    0d:38:02:24:06:1d:48:db:25:1e:43:9f:22:54:9b:
                    44:8f:e4:ea:ca:b4:f6:7b:c7:8c:9e:23:10:a3:e7:
                    57:78:77:82:13:f4:50:73:04:96:a2:50:1c:08:a5:
                    28:3a:91:b5:f8:21:8c:b2:5c:72:62:2e:b1:fe:87:
                    3f:11:9f:18:57:9a:e6:fd:90:f4:70:36:14:18:c4:
                    62:9a:dc:cf:21:1c:7e:92:cc:80:72:cf:22:60:1a:
                    d8:a8:9a:c9:2e:5a:38:e0:de:8b:1f:1c:0a:94:32:
                    9a:40:cd:b5:78:8a:d3:c3:00:77:95:f2:98:0a:4d:
                    d8:f3:3e:23:59:4a:df:7d:d5:31:71:a3:b7:05:73:
                    e5:60:65:bb:d2:30:7e:10:54:37:e2:a1:39:9d:ca:
                    ed:f0:5c:7c:26:ec:07:83:58:92:47:14:68:2c:f9:
                    9f:b8:75:57:9e:79:86:93:24:85:1a:7f:07:2b:5d:
                    39:ff:28:4d:eb:93:2d:a6:61:41:89:ff:cf:18:53:
                    1c:b1:22:3b:e2:d4:b6:93:9a:e7:da:47:5d:7b:5c:
                    6c:14:da:74:fe:aa:77:25:ef:8a:d4:9f:2d:b5:bf:
                    af:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:2A:6D:1D:0B:58:87:5F:6E:7C:96:6A:E8:F4:88:64:72:D4:23:77
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/OiptHQtYh19ufJZq6PSIZHLUI3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:bf:ec:75:ff:e6:db:02:11:cf:ee:37:7f:97:24:2c:e5:cb:
         ee:66:7b:45:9b:e4:37:81:1e:e7:83:da:9f:6d:55:8e:81:e2:
         a4:33:5d:7d:15:d6:06:42:c2:f2:f4:f3:23:e7:be:28:60:30:
         ce:c9:82:97:69:45:a2:78:6c:e3:b5:77:a1:58:ed:74:ee:70:
         f0:df:c2:a2:f7:7d:2a:01:c5:b0:9f:01:47:bc:df:cf:66:ac:
         38:3f:9b:2e:f7:65:a1:a3:96:8f:ea:cf:36:ee:95:ba:d0:b4:
         63:54:0e:e3:3e:77:ba:0f:a9:98:c3:57:88:7f:de:e2:38:34:
         63:50:71:e0:b6:ba:7c:03:35:bf:3f:1d:c0:1e:d5:aa:e9:44:
         b5:66:34:aa:13:05:a9:7c:fd:4a:75:eb:d9:61:ca:5e:10:4b:
         8b:90:ab:1c:d5:68:19:5e:f8:50:f6:a5:8e:ab:df:3d:06:27:
         f1:3e:47:5c:87:f0:ac:dc:15:2a:b4:e9:b8:74:ec:16:ee:4c:
         c2:de:26:07:b9:bc:fa:dd:4d:fb:e0:ac:9e:26:dc:54:92:ec:
         7d:9f:dd:56:c5:6d:5b:84:1f:0d:b4:9e:06:8a:df:7f:42:b3:
         ee:78:3b:d0:13:27:06:75:ec:f4:ae:c3:a1:3b:8a:89:0f:b1:
         b3:58:3f:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLtU3CGDhO4d+V9Zkpn49YlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQxMTAyMTQ0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTJhNmQxZDBiNTg4NzVmNmU3Yzk2NmFlOGY0ODg2NDcyZDQyMzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucl1yc6KUkwVsXuQSQldbCYL4wIP
sgywegD7NS0NOAIkBh1I2yUeQ58iVJtEj+TqyrT2e8eMniMQo+dXeHeCE/RQcwSW
olAcCKUoOpG1+CGMslxyYi6x/oc/EZ8YV5rm/ZD0cDYUGMRimtzPIRx+ksyAcs8i
YBrYqJrJLlo44N6LHxwKlDKaQM21eIrTwwB3lfKYCk3Y8z4jWUrffdUxcaO3BXPl
YGW70jB+EFQ34qE5ncrt8Fx8JuwHg1iSRxRoLPmfuHVXnnmGkySFGn8HK105/yhN
65MtpmFBif/PGFMcsSI74tS2k5rn2kdde1xsFNp0/qp3Je+K1J8ttb+vNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoqbR0LWIdfbnyWauj0iGRy1CN3MB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvT2lwdEhRdFloMTl1ZkpacTZQU0laSExVSTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH4KYMA0G
CSqGSIb3DQEBCwUAA4IBAQCjv+x1/+bbAhHP7jd/lyQs5cvuZntFm+Q3gR7ng9qf
bVWOgeKkM119FdYGQsLy9PMj574oYDDOyYKXaUWieGzjtXehWO107nDw38Ki930q
AcWwnwFHvN/PZqw4P5su92Who5aP6s827pW60LRjVA7jPne6D6mYw1eIf97iODRj
UHHgtrp8AzW/Px3AHtWq6US1ZjSqEwWpfP1KdevZYcpeEEuLkKsc1WgZXvhQ9qWO
q989BifxPkdch/Cs3BUqtOm4dOwW7kzC3iYHubz63U374KyeJtxUkux9n91WxW1b
hB8NtJ4Git9/QrPueDvQEycGdez0rsOhO4qJD7GzWD81
-----END CERTIFICATE-----