Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/nyzY1cyMCN1hNlpJoPCb2I_5DW0.roa
File:                     nyzY1cyMCN1hNlpJoPCb2I_5DW0.roa (raw, json)
Hash identifier:          12uIY2O8BLrzELdLdf5+XqiNHLcanFt3Ca2B88Zojyw=
Subject key identifier:   9F:2C:D8:D5:CC:8C:08:DD:61:36:5A:49:A0:F0:9B:D8:8F:F9:0D:6D
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       018E6560796A59A10F10DCA873D151AD0BF1
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/nyzY1cyMCN1hNlpJoPCb2I_5DW0.roa
Signing time:             Fri 22 Mar 2024 08:56:45 +0000
ROA not before:           Fri 22 Mar 2024 08:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49107
IP address blocks:        31.130.156.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:60:79:6a:59:a1:0f:10:dc:a8:73:d1:51:ad:0b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Mar 22 08:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f2cd8d5cc8c08dd61365a49a0f09bd88ff90d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:94:9c:ee:b9:ca:50:0b:7c:11:ed:f7:2e:e6:
                    bd:99:1c:2b:78:71:61:d5:05:1f:b1:0c:d0:22:72:
                    a4:83:a9:83:00:71:62:be:35:05:ab:32:a4:5d:0b:
                    dc:a6:94:94:54:dc:20:3b:b3:4d:21:af:e6:6f:66:
                    38:52:7d:db:c6:04:f3:3c:f3:94:be:5f:84:8b:e6:
                    04:d1:4a:79:94:c0:bd:de:0d:65:4b:4d:61:aa:fe:
                    6d:e9:db:10:aa:8a:7c:42:0b:fc:fa:dc:c2:04:ff:
                    bd:8b:38:88:d1:50:e6:e0:04:98:38:f4:43:f9:fa:
                    b2:e2:b2:82:11:26:23:e2:3d:4a:5c:67:f7:42:5e:
                    20:e9:c2:f7:0f:c9:9f:3f:0f:55:e0:4c:42:2e:4f:
                    7a:f1:0f:a0:c5:80:46:b4:79:74:b8:d5:6a:0b:54:
                    35:47:2d:b9:33:cb:c6:97:0c:48:30:8c:54:4f:0d:
                    b6:f6:fa:ce:ec:7c:60:0d:09:39:87:45:a0:00:93:
                    9f:77:57:bd:18:bb:b1:3d:fe:18:fb:15:ab:42:d1:
                    22:8e:95:c7:45:40:e1:d8:94:4b:41:af:dd:ba:ac:
                    f5:b2:e8:cc:b4:eb:d7:7a:55:e8:fa:52:c8:ec:c5:
                    fa:24:04:0c:08:6a:ef:12:fe:33:d7:cf:bf:c0:4c:
                    bc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2C:D8:D5:CC:8C:08:DD:61:36:5A:49:A0:F0:9B:D8:8F:F9:0D:6D
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/nyzY1cyMCN1hNlpJoPCb2I_5DW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:5b:62:b8:98:7e:00:bf:e8:8f:f6:20:24:fd:9d:25:5e:6e:
         88:14:a7:e0:e2:71:d8:a2:ab:ec:8f:85:83:70:74:a3:a1:00:
         fd:bf:da:29:68:20:3a:f1:b9:ce:f2:2b:b5:a4:df:ef:2a:5c:
         54:a1:18:48:aa:a4:d3:4a:10:e9:75:66:42:44:47:89:de:ae:
         7c:18:1d:13:e2:b9:80:b0:5e:5b:a8:92:20:e0:09:4d:ca:7b:
         87:68:f8:f4:62:9d:12:ed:dd:7f:40:bd:6e:fb:bc:8a:7d:dc:
         66:7e:4b:c6:23:fe:07:a2:99:5d:0c:20:b6:d1:da:c5:06:89:
         b1:7d:09:2d:82:72:fe:6e:72:16:63:60:4e:eb:15:6c:3c:d0:
         ca:76:9b:35:e1:02:cb:2d:d5:c4:f7:3b:7a:7e:15:df:16:ae:
         ba:26:dc:db:9b:c3:5b:16:0a:fd:d4:ae:37:44:28:45:a3:5b:
         fc:bd:62:c5:b3:8f:04:1f:bb:a9:7d:f6:bb:90:d5:27:87:cd:
         ce:98:8e:11:e6:ad:24:a8:52:44:83:bd:3c:a8:81:10:33:13:
         f3:02:df:19:8e:f2:93:c3:58:31:09:0b:02:f1:aa:05:15:d7:
         a1:94:e1:0d:6b:9f:ad:93:c4:9f:20:1b:9a:19:93:a3:89:ac:
         64:39:d5:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5lYHlqWaEPENyoc9FRrQvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQwMzIyMDg1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJjZDhkNWNjOGMwOGRkNjEzNjVhNDlhMGYwOWJkODhmZjkwZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpSc7rnKUAt8Ee33Lua9mRwreHFh
1QUfsQzQInKkg6mDAHFivjUFqzKkXQvcppSUVNwgO7NNIa/mb2Y4Un3bxgTzPPOU
vl+Ei+YE0Up5lMC93g1lS01hqv5t6dsQqop8Qgv8+tzCBP+9iziI0VDm4ASYOPRD
+fqy4rKCESYj4j1KXGf3Ql4g6cL3D8mfPw9V4ExCLk968Q+gxYBGtHl0uNVqC1Q1
Ry25M8vGlwxIMIxUTw229vrO7HxgDQk5h0WgAJOfd1e9GLuxPf4Y+xWrQtEijpXH
RUDh2JRLQa/duqz1sujMtOvXelXo+lLI7MX6JAQMCGrvEv4z18+/wEy8/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8s2NXMjAjdYTZaSaDwm9iP+Q1tMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvbnl6WTFjeU1DTjFoTmxwSm9QQ2IySV81RFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4KcMA0G
CSqGSIb3DQEBCwUAA4IBAQBPW2K4mH4Av+iP9iAk/Z0lXm6IFKfg4nHYoqvsj4WD
cHSjoQD9v9opaCA68bnO8iu1pN/vKlxUoRhIqqTTShDpdWZCREeJ3q58GB0T4rmA
sF5bqJIg4AlNynuHaPj0Yp0S7d1/QL1u+7yKfdxmfkvGI/4HopldDCC20drFBomx
fQktgnL+bnIWY2BO6xVsPNDKdps14QLLLdXE9zt6fhXfFq66Jtzbm8NbFgr91K43
RChFo1v8vWLFs48EH7upffa7kNUnh83OmI4R5q0kqFJEg708qIEQMxPzAt8ZjvKT
w1gxCQsC8aoFFdehlOENa5+tk8SfIBuaGZOjiaxkOdV/
-----END CERTIFICATE-----