Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/pyrkpXOL8RI-YlYdhM6FjQXhZmI.roa
File:                     pyrkpXOL8RI-YlYdhM6FjQXhZmI.roa (raw, json)
Hash identifier:          zPiKDShicH8CnQmb+fSMXnoAglt3XsoL8K5gcTUjo7M=
Subject key identifier:   A7:2A:E4:A5:73:8B:F1:12:3E:62:56:1D:84:CE:85:8D:05:E1:66:62
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       01921F7B52F0AE9B0BA14293B6F07CA9F0FB
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/pyrkpXOL8RI-YlYdhM6FjQXhZmI.roa
Signing time:             Mon 23 Sep 2024 15:23:48 +0000
ROA not before:           Mon 23 Sep 2024 15:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135330
IP address blocks:        31.192.233.0/24 maxlen: 24
                          2a0a:eec0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:7b:52:f0:ae:9b:0b:a1:42:93:b6:f0:7c:a9:f0:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Sep 23 15:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72ae4a5738bf1123e62561d84ce858d05e16662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3b:c9:04:45:41:6f:02:6c:33:ff:da:03:43:
                    09:58:2f:a1:f6:f4:b5:69:98:51:c0:36:2e:f2:96:
                    3e:ef:a2:a2:2f:f9:5e:40:f5:22:e6:36:12:a8:b8:
                    7a:3a:90:9f:40:c8:e9:f6:a3:55:fe:73:68:b2:a7:
                    dd:ef:28:09:46:f8:75:80:6a:6b:85:19:ef:69:18:
                    57:6e:f4:78:6a:11:47:df:40:1c:a4:1f:c1:39:39:
                    89:a9:a3:d5:29:32:48:75:2f:99:c3:05:fd:eb:1e:
                    42:fa:c4:d5:9c:e3:89:fa:b3:43:7c:65:8a:27:37:
                    bc:c7:f1:93:38:be:98:36:15:f3:9b:73:08:2e:a1:
                    ea:c6:3b:6d:4d:e1:92:33:8c:80:72:10:42:1d:b0:
                    fc:11:04:c7:56:b7:94:39:32:3d:5a:b9:15:93:5d:
                    5e:fd:bd:10:bc:cc:f9:b5:80:77:f3:2c:67:14:17:
                    ce:12:e0:e6:ea:5d:9a:d8:ad:a5:2a:00:02:3a:7d:
                    c8:02:72:9d:6e:fa:c6:15:c3:d6:8e:cc:3d:f4:68:
                    cf:26:36:4f:9f:6a:a4:36:a2:5e:9b:83:6b:1c:88:
                    63:f0:f3:1a:39:f5:f0:a9:bb:27:18:87:84:59:ad:
                    cb:7e:9e:b1:eb:4d:2e:7a:d9:81:c6:8a:23:8e:bc:
                    2d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2A:E4:A5:73:8B:F1:12:3E:62:56:1D:84:CE:85:8D:05:E1:66:62
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/pyrkpXOL8RI-YlYdhM6FjQXhZmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.233.0/24
                IPv6:
                  2a0a:eec0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:7e:69:77:74:1b:29:0f:64:8b:c5:da:74:e2:b5:73:4e:1a:
         bf:4e:b9:eb:ad:d3:28:19:c3:8c:fe:f9:d4:4a:1f:bb:f7:69:
         a7:80:25:83:2c:c7:c7:88:33:60:90:e1:6c:c1:1a:75:bf:af:
         7c:a8:27:e1:3c:84:d3:f1:bd:cc:6d:13:60:3a:6e:f4:88:72:
         67:c9:8a:7a:2f:36:a2:ac:df:f6:be:7e:5a:09:2f:ff:cb:c9:
         c3:fb:d4:78:c3:d9:49:e1:d7:20:34:2a:10:d3:fc:b5:08:15:
         8a:f4:c3:72:55:09:b6:6e:37:8f:43:93:1c:cc:3c:0f:0a:88:
         2a:ac:03:28:d9:da:a8:73:14:2e:c9:ce:6a:71:61:d7:8b:10:
         40:8a:53:66:9d:2e:eb:22:a9:05:18:d6:e5:32:8b:b9:a3:c8:
         14:08:2e:77:8f:49:9e:fd:2f:29:88:fa:94:78:f8:54:55:92:
         7d:53:a5:77:ba:bf:6e:92:d1:eb:67:10:38:80:d7:fa:b6:fe:
         f4:93:cf:fb:6c:29:10:e1:dc:a4:f1:dd:04:c5:15:70:65:96:
         f8:ca:b6:6e:45:6e:a8:93:d7:18:a9:cb:ec:a8:31:51:4f:27:
         ca:12:38:9c:35:1a:37:7a:c7:bf:a0:fc:0a:db:43:87:83:40:
         21:98:1d:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZIfe1LwrpsLoUKTtvB8qfD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjQwOTIzMTUyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJhZTRhNTczOGJmMTEyM2U2MjU2MWQ4NGNlODU4ZDA1ZTE2NjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DvJBEVBbwJsM//aA0MJWC+h9vS1
aZhRwDYu8pY+76KiL/leQPUi5jYSqLh6OpCfQMjp9qNV/nNosqfd7ygJRvh1gGpr
hRnvaRhXbvR4ahFH30AcpB/BOTmJqaPVKTJIdS+ZwwX96x5C+sTVnOOJ+rNDfGWK
Jze8x/GTOL6YNhXzm3MILqHqxjttTeGSM4yAchBCHbD8EQTHVreUOTI9WrkVk11e
/b0QvMz5tYB38yxnFBfOEuDm6l2a2K2lKgACOn3IAnKdbvrGFcPWjsw99GjPJjZP
n2qkNqJem4NrHIhj8PMaOfXwqbsnGIeEWa3Lfp6x600uetmBxoojjrwtDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKcq5KVzi/ESPmJWHYTOhY0F4WZiMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvcHlya3BYT0w4UkktWWxZZGhNNkZqUVhoWm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH8DpMA8E
AgACMAkDBwAqCu7AAAgwDQYJKoZIhvcNAQELBQADggEBAEp+aXd0GykPZIvF2nTi
tXNOGr9Oueut0ygZw4z++dRKH7v3aaeAJYMsx8eIM2CQ4WzBGnW/r3yoJ+E8hNPx
vcxtE2A6bvSIcmfJinovNqKs3/a+floJL//LycP71HjD2Unh1yA0KhDT/LUIFYr0
w3JVCbZuN49DkxzMPA8KiCqsAyjZ2qhzFC7JzmpxYdeLEECKU2adLusiqQUY1uUy
i7mjyBQILnePSZ79LymI+pR4+FRVkn1TpXe6v26S0etnEDiA1/q2/vSTz/tsKRDh
3KTx3QTFFXBllvjKtm5FbqiT1xipy+yoMVFPJ8oSOJw1Gjd6x7+g/ArbQ4eDQCGY
HV4=
-----END CERTIFICATE-----