Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/FKz7CcR-c4RcMiULpoVXB_vC4xc.roa
File:                     FKz7CcR-c4RcMiULpoVXB_vC4xc.roa (raw, json)
Hash identifier:          QgeXDMeIPMj2VUO72wFl9c27pnHlUd+pX0ueMcMFAX4=
Subject key identifier:   14:AC:FB:09:C4:7E:73:84:5C:32:25:0B:A6:85:57:07:FB:C2:E3:17
Certificate issuer:       /CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
Certificate serial:       018F7063C15474FDB7B992B591ED174BD8D8
Authority key identifier: 8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/FKz7CcR-c4RcMiULpoVXB_vC4xc.roa
Signing time:             Mon 13 May 2024 05:18:56 +0000
ROA not before:           Mon 13 May 2024 05:18:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        31.128.112.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:70:63:c1:54:74:fd:b7:b9:92:b5:91:ed:17:4b:d8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
        Validity
            Not Before: May 13 05:18:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14acfb09c47e73845c32250ba6855707fbc2e317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:93:2f:11:1b:ab:f7:39:fa:52:e8:51:7c:27:
                    dc:92:dc:23:a8:3c:39:d1:97:bc:ba:12:90:4f:0c:
                    38:6e:17:69:48:9e:0a:ff:0b:c9:65:a8:95:e9:be:
                    ed:16:87:95:cd:7b:be:58:12:97:da:e1:b5:a5:11:
                    60:80:f8:1f:eb:d2:c5:78:49:81:a1:73:0f:dc:f0:
                    a1:44:7f:ef:81:78:b3:7e:7d:4c:5a:07:64:8a:d9:
                    48:21:9b:41:eb:96:b1:d0:06:32:83:e9:ba:73:37:
                    7f:13:69:7e:4d:fa:60:17:99:9d:98:0e:bd:07:8d:
                    60:21:8c:a4:0d:ab:55:b1:85:41:b8:ca:98:bc:b4:
                    f7:b5:ad:47:ea:35:04:c6:3f:c7:77:74:cb:3d:06:
                    3e:71:f0:17:ef:c0:ce:e3:d3:5d:21:bc:ce:c4:ff:
                    ed:8e:b8:ae:b4:cd:d1:dd:d6:6f:c6:c4:00:60:25:
                    21:cb:ba:00:41:8b:d7:9f:25:ff:ba:33:6d:6e:0f:
                    e5:3e:27:6d:26:40:94:ef:16:62:59:a8:10:6d:1f:
                    db:65:b5:af:77:57:0d:1e:8a:5b:60:61:3f:c1:fc:
                    f9:e4:22:76:7a:d4:cc:d6:1e:2d:83:3c:cc:07:79:
                    d2:f0:c5:6b:2d:8b:31:dd:4c:ad:39:0f:04:3d:8d:
                    41:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AC:FB:09:C4:7E:73:84:5C:32:25:0B:A6:85:57:07:FB:C2:E3:17
            X509v3 Authority Key Identifier:
                keyid:8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/FKz7CcR-c4RcMiULpoVXB_vC4xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         48:12:ce:90:bd:cc:ba:4f:65:6f:a6:7e:24:40:19:0d:48:a9:
         54:cf:76:a8:2c:b4:34:bf:63:dc:d8:68:b2:2a:00:c9:9a:c1:
         73:bc:55:9c:a5:be:21:cc:ae:98:ed:63:10:f8:6c:16:64:1c:
         94:a6:8d:86:3c:2a:66:5c:d7:3b:5a:e5:37:8f:b6:77:05:03:
         2b:d2:21:7c:71:75:aa:f0:e9:e8:9b:91:01:70:aa:de:60:dd:
         4d:7b:47:b5:3d:3e:84:9b:e2:57:f2:00:0c:09:90:db:8f:11:
         fe:89:a9:7a:3d:fd:59:f5:0b:f8:5c:27:ce:2b:a6:63:ef:38:
         09:b8:3a:bf:95:89:4f:c0:97:cb:52:75:ee:6f:0a:06:30:94:
         b0:f5:89:b1:90:24:b4:62:5a:44:a2:b1:6d:28:07:a3:39:a0:
         ef:a3:f2:02:37:38:a2:ba:3e:09:92:b6:81:69:c5:2b:04:2c:
         1a:0b:e8:34:55:30:8b:5d:0d:92:f4:1c:f8:e7:a6:f5:f0:61:
         17:ec:e1:f8:87:58:12:0d:6f:38:61:0d:57:7c:87:8d:ce:08:
         12:9e:5c:0b:b0:5f:da:e7:52:3a:83:d4:45:08:51:a2:6d:62:
         e3:e8:d3:f7:0b:d2:25:ed:d5:35:f9:8d:2e:75:f8:ce:00:d5:
         0d:bc:0b:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9wY8FUdP23uZK1ke0XS9jYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjY2NjkxYWQzYTQxNjUyZjViZDg1OTYyMzBiM2FjNzQz
ZDJhMmMwHhcNMjQwNTEzMDUxODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGFjZmIwOWM0N2U3Mzg0NWMzMjI1MGJhNjg1NTcwN2ZiYzJlMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZMvERur9zn6UuhRfCfcktwjqDw5
0Ze8uhKQTww4bhdpSJ4K/wvJZaiV6b7tFoeVzXu+WBKX2uG1pRFggPgf69LFeEmB
oXMP3PChRH/vgXizfn1MWgdkitlIIZtB65ax0AYyg+m6czd/E2l+TfpgF5mdmA69
B41gIYykDatVsYVBuMqYvLT3ta1H6jUExj/Hd3TLPQY+cfAX78DO49NdIbzOxP/t
jriutM3R3dZvxsQAYCUhy7oAQYvXnyX/ujNtbg/lPidtJkCU7xZiWagQbR/bZbWv
d1cNHopbYGE/wfz55CJ2etTM1h4tgzzMB3nS8MVrLYsx3UytOQ8EPY1BYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSs+wnEfnOEXDIlC6aFVwf7wuMXMB8GA1UdIwQY
MBaAFI72ZpGtOkFlL1vYWWIws6x0PSosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMt
YmE5MjJiYjFlYmI0LzEvRkt6N0NjUi1jNFJjTWlVTHBvVlhCX3ZDNHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMtYmE5MjJiYjFlYmI0
LzEvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH4BwMA0G
CSqGSIb3DQEBCwUAA4IBAQBIEs6Qvcy6T2Vvpn4kQBkNSKlUz3aoLLQ0v2Pc2Giy
KgDJmsFzvFWcpb4hzK6Y7WMQ+GwWZByUpo2GPCpmXNc7WuU3j7Z3BQMr0iF8cXWq
8Onom5EBcKreYN1Ne0e1PT6Em+JX8gAMCZDbjxH+ial6Pf1Z9Qv4XCfOK6Zj7zgJ
uDq/lYlPwJfLUnXubwoGMJSw9YmxkCS0YlpEorFtKAejOaDvo/ICNziiuj4JkraB
acUrBCwaC+g0VTCLXQ2S9Bz456b18GEX7OH4h1gSDW84YQ1XfIeNzggSnlwLsF/a
51I6g9RFCFGibWLj6NP3C9Il7dU1+Y0udfjOANUNvAsj
-----END CERTIFICATE-----