Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/pGGDoeGnPksdWvYsReZKh3O6puY.roa
File:                     pGGDoeGnPksdWvYsReZKh3O6puY.roa (raw, json)
Hash identifier:          xGeOEw9UbAQAfMawzQlzpH9iOWa+z4LqLDy15zn/jN0=
Subject key identifier:   A4:61:83:A1:E1:A7:3E:4B:1D:5A:F6:2C:45:E6:4A:87:73:BA:A6:E6
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019427B486AE92155FAB9A39F13A7844D56B
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/pGGDoeGnPksdWvYsReZKh3O6puY.roa
Signing time:             Thu 02 Jan 2025 15:48:49 +0000
ROA not before:           Thu 02 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207986
IP address blocks:        31.130.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:86:ae:92:15:5f:ab:9a:39:f1:3a:78:44:d5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a46183a1e1a73e4b1d5af62c45e64a8773baa6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:00:53:5d:4f:66:58:e2:28:45:f6:8f:b6:13:
                    ce:ed:cc:7a:57:83:34:96:95:1f:78:05:96:26:3c:
                    25:9f:3b:62:af:9e:e9:c2:8f:a2:d4:d7:53:19:e0:
                    02:e7:43:9e:b9:95:cd:a2:dd:53:ac:aa:48:4b:fa:
                    39:b3:57:62:93:03:8f:57:00:3b:e3:8c:ab:66:f5:
                    b3:e4:20:46:50:6f:c6:7e:5a:07:cf:c1:b1:43:69:
                    c5:b7:18:da:78:1f:1b:c2:65:e7:ee:35:43:17:ea:
                    c1:c6:6b:f0:24:28:5b:01:54:69:c8:27:35:4f:0d:
                    3b:55:f4:cc:ff:89:00:d2:e2:6f:12:70:29:cf:94:
                    21:90:79:32:b0:8e:99:14:55:17:ee:32:74:f0:06:
                    6f:a8:94:ef:21:2e:86:99:5f:73:45:13:06:2d:20:
                    28:df:8d:d3:ac:4f:21:4e:e0:87:a0:e1:43:9a:b8:
                    d2:7c:46:a1:24:a3:d3:18:13:13:35:c9:4d:9a:df:
                    cd:51:03:5a:20:25:b9:fc:f6:47:26:80:09:e4:52:
                    92:da:1c:74:b6:36:79:4d:16:70:2b:93:63:86:97:
                    48:c7:0c:8f:80:b4:6c:67:ae:09:a9:d7:4d:c7:65:
                    d0:5b:6d:c7:57:94:15:f4:85:ba:84:1e:83:86:db:
                    2b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:61:83:A1:E1:A7:3E:4B:1D:5A:F6:2C:45:E6:4A:87:73:BA:A6:E6
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/pGGDoeGnPksdWvYsReZKh3O6puY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:09:cb:98:81:90:03:4b:46:02:e9:31:b8:6f:e2:69:a7:59:
         67:02:4d:32:12:a1:da:08:c6:8f:5e:5d:ce:68:20:2a:41:69:
         7a:83:8c:19:1d:82:3b:76:77:fa:b8:5a:58:a9:2a:f9:c8:a7:
         c7:63:5e:70:03:f7:05:2b:76:5b:9f:de:16:65:67:ba:a5:7f:
         cf:12:f6:d0:bd:23:d2:2d:df:e2:e6:d8:3a:cb:d2:4b:ba:37:
         40:46:53:b8:3c:31:32:d0:1d:d1:56:c2:17:0e:d2:57:e0:4d:
         2a:93:09:60:d4:eb:89:bd:e8:07:db:7c:d2:e7:4c:19:4d:7d:
         62:4e:4b:a8:27:d7:1f:5b:ae:e6:44:36:b0:6b:9b:31:9a:23:
         47:97:df:a5:3b:53:42:27:53:50:0c:b8:30:c6:5e:1b:27:61:
         e3:f1:f9:8c:f3:22:f2:04:a0:b5:16:f6:cf:61:6a:bb:df:d0:
         58:bc:89:91:43:a0:df:0c:8a:9d:bb:33:0f:f6:80:cd:43:df:
         98:0e:99:ae:37:68:c7:d0:8b:66:37:8e:4c:6f:fd:2c:e6:26:
         14:47:44:a0:e7:b4:1a:c3:65:4a:24:6c:42:11:5c:95:3b:96:
         49:3e:6d:43:3b:1e:5b:73:15:1f:82:c3:06:76:28:54:ca:50:
         6f:7c:ba:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntIaukhVfq5o58Tp4RNVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwMTAyMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYxODNhMWUxYTczZTRiMWQ1YWY2MmM0NWU2NGE4NzczYmFhNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgBTXU9mWOIoRfaPthPO7cx6V4M0
lpUfeAWWJjwlnztir57pwo+i1NdTGeAC50OeuZXNot1TrKpIS/o5s1dikwOPVwA7
44yrZvWz5CBGUG/GfloHz8GxQ2nFtxjaeB8bwmXn7jVDF+rBxmvwJChbAVRpyCc1
Tw07VfTM/4kA0uJvEnApz5QhkHkysI6ZFFUX7jJ08AZvqJTvIS6GmV9zRRMGLSAo
343TrE8hTuCHoOFDmrjSfEahJKPTGBMTNclNmt/NUQNaICW5/PZHJoAJ5FKS2hx0
tjZ5TRZwK5NjhpdIxwyPgLRsZ64JqddNx2XQW23HV5QV9IW6hB6DhtsrjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRhg6Hhpz5LHVr2LEXmSodzuqbmMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvcEdHRG9lR25Qa3NkV3ZZc1JlWktoM082cHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH4KMMA0G
CSqGSIb3DQEBCwUAA4IBAQAXCcuYgZADS0YC6TG4b+Jpp1lnAk0yEqHaCMaPXl3O
aCAqQWl6g4wZHYI7dnf6uFpYqSr5yKfHY15wA/cFK3Zbn94WZWe6pX/PEvbQvSPS
Ld/i5tg6y9JLujdARlO4PDEy0B3RVsIXDtJX4E0qkwlg1OuJvegH23zS50wZTX1i
TkuoJ9cfW67mRDawa5sxmiNHl9+lO1NCJ1NQDLgwxl4bJ2Hj8fmM8yLyBKC1FvbP
YWq739BYvImRQ6DfDIqduzMP9oDNQ9+YDpmuN2jH0ItmN45Mb/0s5iYUR0Sg57Qa
w2VKJGxCEVyVO5ZJPm1DOx5bcxUfgsMGdihUylBvfLrJ
-----END CERTIFICATE-----