Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rK-O2bPaPejVHEV2uwNLhsbUB8k.roa
File:                     rK-O2bPaPejVHEV2uwNLhsbUB8k.roa (raw, json)
Hash identifier:          iZLQ4+GX3qMUmsYbcbM6EVATGL0HA11Gh7vlEF2m/v8=
Subject key identifier:   AC:AF:8E:D9:B3:DA:3D:E8:D5:1C:45:76:BB:03:4B:86:C6:D4:07:C9
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       018D35BFB14B53CD3122E5F473D8033F5F6B
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rK-O2bPaPejVHEV2uwNLhsbUB8k.roa
Signing time:             Tue 23 Jan 2024 09:56:11 +0000
ROA not before:           Tue 23 Jan 2024 09:56:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56701
IP address blocks:        31.130.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:bf:b1:4b:53:cd:31:22:e5:f4:73:d8:03:3f:5f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan 23 09:56:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acaf8ed9b3da3de8d51c4576bb034b86c6d407c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a1:5c:14:75:7a:1b:51:11:d5:b4:df:26:a6:
                    cd:97:26:d5:f9:42:61:69:0d:09:09:d9:ac:a3:cb:
                    c3:18:38:3e:c9:76:30:5d:eb:3b:b8:24:d3:9e:93:
                    19:fd:b8:93:03:0f:96:a4:c1:79:17:af:73:ae:d6:
                    4d:37:50:06:d7:84:50:c9:68:69:89:9e:e5:49:31:
                    9f:91:e4:49:2c:8a:56:ec:a0:91:a6:e1:14:47:84:
                    34:66:d2:54:96:92:a4:cd:a1:09:c5:38:65:a7:5e:
                    fa:37:91:b5:3b:26:fa:d1:e2:e9:45:81:3b:ec:7a:
                    55:c1:c6:e8:f9:fd:24:cf:45:63:ba:6c:6f:d7:82:
                    ad:39:dd:57:c9:2e:b4:b0:10:64:e6:8c:33:5a:bf:
                    2c:2d:4f:64:e6:9b:71:33:b4:53:61:b1:0e:68:cc:
                    4c:d7:c6:e5:ef:c5:87:8f:64:57:d4:31:46:73:79:
                    91:3b:44:3f:48:e9:a6:f9:f6:00:d7:23:51:76:3a:
                    49:a9:9d:9f:f0:45:b7:52:7c:e5:95:33:be:28:25:
                    63:57:18:f2:1d:58:e1:ba:b7:14:c8:ad:6b:cd:99:
                    50:96:32:84:7d:fb:8c:33:9d:8b:ab:26:31:c2:04:
                    5d:c7:1e:d2:b8:77:31:00:88:86:5a:fb:cb:e5:f3:
                    90:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AF:8E:D9:B3:DA:3D:E8:D5:1C:45:76:BB:03:4B:86:C6:D4:07:C9
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rK-O2bPaPejVHEV2uwNLhsbUB8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:c2:e4:db:8d:d3:ba:a0:3e:a2:4e:76:25:c0:83:22:06:1d:
         c9:ab:cf:a0:a8:fd:7a:6c:81:fb:14:2a:80:93:de:13:8d:99:
         1f:ef:c5:8c:d4:9a:9e:0c:37:25:3d:9f:cb:00:ff:2a:a6:07:
         46:72:4c:78:09:41:52:62:79:76:0a:b2:b2:56:25:bd:62:a0:
         6b:72:d6:d4:c6:11:8b:8a:cb:ac:68:ad:52:64:8c:52:7c:9f:
         dc:27:80:9e:84:95:88:a6:e2:fb:a2:ba:91:e1:9a:7f:f6:97:
         59:0d:bf:5a:a2:55:18:6c:01:37:a2:72:26:87:2a:2d:40:a8:
         bd:28:21:89:c3:0c:a4:ab:b8:2b:42:32:3b:b5:85:8a:3d:09:
         41:b1:89:51:f3:90:c4:2c:57:6f:a6:3d:31:d3:4b:76:d3:6c:
         2b:d3:71:22:7e:69:88:15:46:89:f9:e7:5c:41:6d:65:9c:eb:
         4b:fc:18:62:82:0f:ec:dd:eb:50:5f:13:bc:5c:59:3a:86:a7:
         f2:af:29:0b:74:f6:6b:8b:e9:14:5e:eb:82:29:98:e5:1a:ce:
         73:80:f5:68:90:71:b6:ba:f2:88:05:d1:34:0e:b9:8d:89:55:
         81:c2:96:94:2d:d0:c1:c6:24:86:f6:51:a7:d5:76:0e:ef:ad:
         f5:b8:f7:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY01v7FLU80xIuX0c9gDP19rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQwMTIzMDk1NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FmOGVkOWIzZGEzZGU4ZDUxYzQ1NzZiYjAzNGI4NmM2ZDQwN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraFcFHV6G1ER1bTfJqbNlybV+UJh
aQ0JCdmso8vDGDg+yXYwXes7uCTTnpMZ/biTAw+WpMF5F69zrtZNN1AG14RQyWhp
iZ7lSTGfkeRJLIpW7KCRpuEUR4Q0ZtJUlpKkzaEJxThlp176N5G1Oyb60eLpRYE7
7HpVwcbo+f0kz0Vjumxv14KtOd1XyS60sBBk5owzWr8sLU9k5ptxM7RTYbEOaMxM
18bl78WHj2RX1DFGc3mRO0Q/SOmm+fYA1yNRdjpJqZ2f8EW3UnzllTO+KCVjVxjy
HVjhurcUyK1rzZlQljKEffuMM52LqyYxwgRdxx7SuHcxAIiGWvvL5fOQ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyvjtmz2j3o1RxFdrsDS4bG1AfJMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvckstTzJiUGFQZWpWSEVWMnV3Tkxoc2JVQjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4KJMA0G
CSqGSIb3DQEBCwUAA4IBAQBVwuTbjdO6oD6iTnYlwIMiBh3Jq8+gqP16bIH7FCqA
k94TjZkf78WM1JqeDDclPZ/LAP8qpgdGckx4CUFSYnl2CrKyViW9YqBrctbUxhGL
isusaK1SZIxSfJ/cJ4CehJWIpuL7orqR4Zp/9pdZDb9aolUYbAE3onImhyotQKi9
KCGJwwykq7grQjI7tYWKPQlBsYlR85DELFdvpj0x00t202wr03EifmmIFUaJ+edc
QW1lnOtL/Bhigg/s3etQXxO8XFk6hqfyrykLdPZri+kUXuuCKZjlGs5zgPVokHG2
uvKIBdE0DrmNiVWBwpaULdDBxiSG9lGn1XYO7631uPfM
-----END CERTIFICATE-----