Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/353R-YGB2IDPZ0CO0EiO8XaCRxM.roa
File:                     353R-YGB2IDPZ0CO0EiO8XaCRxM.roa (raw, json)
Hash identifier:          EbZh3J0OMK+FWYL+c+9p18BnJl+KvjDb03CHAsFx+qQ=
Subject key identifier:   DF:9D:D1:F9:81:81:D8:80:CF:67:40:8E:D0:48:8E:F1:76:82:47:13
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B92EFF3E4C322D0EAA8D69EDCC244
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/353R-YGB2IDPZ0CO0EiO8XaCRxM.roa
Signing time:             Mon 01 Jan 2024 18:31:30 +0000
ROA not before:           Mon 01 Jan 2024 18:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202399
IP address blocks:        85.31.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:92:ef:f3:e4:c3:22:d0:ea:a8:d6:9e:dc:c2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df9dd1f98181d880cf67408ed0488ef176824713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7a:bb:35:a6:30:1f:b8:64:bd:4e:ab:6c:d7:
                    85:9e:12:a8:28:a8:ad:f0:f3:f4:8f:a5:16:a1:eb:
                    fc:1f:e2:20:26:5a:d6:c4:4d:87:00:61:d8:fd:b8:
                    a2:b5:85:76:40:7b:0d:54:a5:0b:33:a3:03:f3:ae:
                    fd:dc:3c:50:c8:fa:45:84:75:5f:05:d2:77:67:8e:
                    b1:19:27:86:81:b3:94:b2:0a:3f:72:a9:15:fb:00:
                    03:fa:c0:43:b8:d9:67:74:7e:2a:e0:65:40:96:bf:
                    d1:3c:d6:f2:49:5d:86:10:58:50:9d:2c:d4:81:42:
                    3f:ac:71:39:02:69:95:ab:98:34:25:6f:18:27:5f:
                    98:f3:16:cf:9c:90:cc:be:93:18:2d:ec:3a:91:19:
                    5e:a5:82:79:17:7d:c1:0d:04:3e:50:0d:cc:05:a2:
                    7f:c6:d2:f1:20:5c:21:1c:ed:b7:78:74:9c:d3:d7:
                    c5:17:fa:a3:ec:09:68:3e:7f:0b:01:c3:57:82:67:
                    49:20:a4:76:d7:7d:4d:00:23:34:ee:c1:ab:90:36:
                    22:37:86:ff:98:3f:22:0e:e4:fd:40:f1:d1:c5:d9:
                    3f:2c:40:2f:88:61:5b:41:09:44:cd:11:1b:d4:01:
                    6e:6e:e8:16:51:3c:d8:21:74:73:02:65:6b:36:90:
                    e4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9D:D1:F9:81:81:D8:80:CF:67:40:8E:D0:48:8E:F1:76:82:47:13
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/353R-YGB2IDPZ0CO0EiO8XaCRxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9d:36:6b:ea:17:d6:b4:b5:1a:07:d8:1a:eb:06:98:38:1a:
         c6:c7:e9:1e:50:1a:a2:49:57:18:16:e2:50:12:da:7f:69:15:
         07:f7:8c:d1:28:c9:e6:63:27:e1:ec:2e:24:b0:99:e1:83:dc:
         a4:fe:bd:e2:f9:48:79:1e:0d:b2:9c:96:68:db:de:f5:3e:c7:
         3c:b1:7b:8d:83:94:d0:00:72:50:47:d2:fd:c8:92:3e:ea:27:
         54:f2:da:92:7c:fe:94:c4:72:8f:87:d9:6f:19:b4:f1:ec:83:
         a8:c3:c2:6b:a7:18:58:ac:2e:9e:5e:32:00:0d:42:b3:1c:86:
         df:a6:ce:31:96:9c:58:8d:b2:01:7d:e4:06:88:8d:e0:a5:dc:
         79:3f:79:04:b4:59:78:23:2d:8c:90:07:85:32:9f:57:eb:3b:
         18:11:c5:c5:e0:a1:5c:3e:43:e1:b3:fb:30:51:29:04:1c:a5:
         9d:b3:3e:93:aa:69:bd:c7:41:f2:31:ba:0e:11:80:a8:94:f3:
         72:55:b8:c0:6e:81:9d:46:e1:f0:45:b2:1d:50:1a:34:77:79:
         00:b0:5a:d4:f0:b6:d7:d5:67:ef:a0:53:e7:34:b0:1a:f8:67:
         0e:6d:31:a8:9a:59:77:5c:3c:3d:54:21:5c:5e:2a:3c:93:67:
         7e:37:d8:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5Lv8+TDItDqqNae3MJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlkZDFmOTgxODFkODgwY2Y2NzQwOGVkMDQ4OGVmMTc2ODI0NzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3q7NaYwH7hkvU6rbNeFnhKoKKit
8PP0j6UWoev8H+IgJlrWxE2HAGHY/biitYV2QHsNVKULM6MD86793DxQyPpFhHVf
BdJ3Z46xGSeGgbOUsgo/cqkV+wAD+sBDuNlndH4q4GVAlr/RPNbySV2GEFhQnSzU
gUI/rHE5AmmVq5g0JW8YJ1+Y8xbPnJDMvpMYLew6kRlepYJ5F33BDQQ+UA3MBaJ/
xtLxIFwhHO23eHSc09fFF/qj7AloPn8LAcNXgmdJIKR2131NACM07sGrkDYiN4b/
mD8iDuT9QPHRxdk/LEAviGFbQQlEzREb1AFubugWUTzYIXRzAmVrNpDksQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+d0fmBgdiAz2dAjtBIjvF2gkcTMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMzUzUi1ZR0IySURQWjBDTzBFaU84WGFDUnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/9MA0G
CSqGSIb3DQEBCwUAA4IBAQAvnTZr6hfWtLUaB9ga6waYOBrGx+keUBqiSVcYFuJQ
Etp/aRUH94zRKMnmYyfh7C4ksJnhg9yk/r3i+Uh5Hg2ynJZo2971Psc8sXuNg5TQ
AHJQR9L9yJI+6idU8tqSfP6UxHKPh9lvGbTx7IOow8JrpxhYrC6eXjIADUKzHIbf
ps4xlpxYjbIBfeQGiI3gpdx5P3kEtFl4Iy2MkAeFMp9X6zsYEcXF4KFcPkPhs/sw
USkEHKWdsz6Tqmm9x0HyMboOEYColPNyVbjAboGdRuHwRbIdUBo0d3kAsFrU8LbX
1WfvoFPnNLAa+GcObTGomll3XDw9VCFcXio8k2d+N9iS
-----END CERTIFICATE-----