Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mjkfjd8MYNueWW5OVxSWBYVA_0k.roa
File:                     mjkfjd8MYNueWW5OVxSWBYVA_0k.roa (raw, json)
Hash identifier:          qXvlqSWK1xFwUPlj0vE4BIy41FU6OPKl7PLolLc/QMI=
Subject key identifier:   9A:39:1F:8D:DF:0C:60:DB:9E:59:6E:4E:57:14:96:05:85:40:FF:49
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B7EE85CEC6128885C1EC6B5CFEDE6
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mjkfjd8MYNueWW5OVxSWBYVA_0k.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15384
IP address blocks:        193.91.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7e:e8:5c:ec:61:28:88:5c:1e:c6:b5:cf:ed:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a391f8ddf0c60db9e596e4e571496058540ff49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4a:bd:73:fb:46:2b:a7:6b:ba:c2:65:6b:4e:
                    9b:8c:c7:3a:f6:ac:57:46:b8:91:f3:f4:e8:d7:4d:
                    d7:3e:c0:07:b7:5e:5a:86:b7:9c:d2:e2:78:f2:b5:
                    e1:cd:42:9a:92:f7:df:27:4e:43:1c:74:43:00:8f:
                    79:2f:84:63:e6:00:ae:99:70:5e:f4:5c:f2:bf:81:
                    f7:a8:e0:fa:51:e6:fe:90:fd:5e:f0:ea:4f:14:4f:
                    8f:8d:26:da:70:22:87:11:90:4a:fd:0c:c2:ae:cc:
                    3c:b0:5a:40:ce:eb:2d:a9:6d:1f:64:91:4d:f0:7d:
                    b3:04:0a:c1:9d:1e:93:93:82:63:77:f2:53:bb:45:
                    e2:dc:c5:a2:f4:56:76:7b:27:75:9e:cd:1c:71:df:
                    dd:6f:c0:0e:7c:d2:68:76:3c:ca:d7:95:0c:57:02:
                    55:ad:91:58:e8:ca:01:5c:68:7c:30:8b:c9:33:16:
                    31:aa:6e:f7:2b:a3:77:11:ea:5a:92:d1:47:8b:ce:
                    e7:9c:40:fd:4b:7e:eb:43:7a:4e:94:45:e3:ac:13:
                    d3:26:ea:26:ce:61:9a:7f:cd:82:32:9d:fd:da:a2:
                    e2:d5:38:37:0e:38:fa:a8:7a:eb:95:7a:4d:bd:ad:
                    4f:ff:c9:07:dd:bf:cc:b9:1e:33:87:0e:6c:45:22:
                    b9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:39:1F:8D:DF:0C:60:DB:9E:59:6E:4E:57:14:96:05:85:40:FF:49
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mjkfjd8MYNueWW5OVxSWBYVA_0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.91.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:60:b1:ce:76:46:bd:db:6b:4e:6c:3f:81:ff:b4:b8:0b:4b:
         08:75:7f:21:35:9b:0d:07:cf:84:8f:f3:0f:83:7d:b4:75:ce:
         df:1f:ba:33:26:32:f1:3d:81:d1:c5:5f:da:30:45:dd:f3:79:
         36:b0:0d:cc:bb:89:3b:3a:78:e2:6f:79:3d:ba:b5:bf:4d:e0:
         10:f1:c4:ab:50:70:0f:49:15:05:94:dd:3b:4f:e4:9d:af:48:
         37:20:82:2a:20:49:13:41:16:56:b8:5d:c5:5a:3c:6b:be:6c:
         40:b4:09:e5:8b:87:83:6d:32:25:7a:42:2a:cc:15:85:48:7a:
         6b:2e:da:3d:84:72:06:fe:92:cd:c6:be:f5:54:78:5e:c3:69:
         fe:bf:29:a8:3b:cb:f3:25:2d:1c:23:42:9d:0e:0f:38:8f:8b:
         ba:2d:8b:22:e0:83:b5:63:e4:c6:0c:d0:d4:5d:e4:55:e0:c2:
         fc:db:5b:f3:c8:99:e6:7b:dd:c0:f7:f4:b5:b3:a7:1b:16:d3:
         55:d9:fc:8a:4a:09:34:e9:10:6e:e2:c7:ff:77:38:2d:ea:b7:
         d4:ef:ac:c5:b9:c1:c9:02:a5:e5:25:26:cd:c4:2f:03:e4:1a:
         2e:4c:00:67:2b:58:d8:e8:6f:51:ab:11:e6:89:2e:07:bf:d0:
         d1:80:a6:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS37oXOxhKIhcHsa1z+3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTM5MWY4ZGRmMGM2MGRiOWU1OTZlNGU1NzE0OTYwNTg1NDBmZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Eq9c/tGK6drusJla06bjMc69qxX
RriR8/To103XPsAHt15ahrec0uJ48rXhzUKakvffJ05DHHRDAI95L4Rj5gCumXBe
9Fzyv4H3qOD6Ueb+kP1e8OpPFE+PjSbacCKHEZBK/QzCrsw8sFpAzustqW0fZJFN
8H2zBArBnR6Tk4Jjd/JTu0Xi3MWi9FZ2eyd1ns0ccd/db8AOfNJodjzK15UMVwJV
rZFY6MoBXGh8MIvJMxYxqm73K6N3EepaktFHi87nnED9S37rQ3pOlEXjrBPTJuom
zmGaf82CMp392qLi1Tg3Djj6qHrrlXpNva1P/8kH3b/MuR4zhw5sRSK5kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo5H43fDGDbnlluTlcUlgWFQP9JMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvbWprZmpkOE1ZTnVlV1c1T1Z4U1dCWVZBXzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVsfMA0G
CSqGSIb3DQEBCwUAA4IBAQBFYLHOdka922tObD+B/7S4C0sIdX8hNZsNB8+Ej/MP
g320dc7fH7ozJjLxPYHRxV/aMEXd83k2sA3Mu4k7Onjib3k9urW/TeAQ8cSrUHAP
SRUFlN07T+Sdr0g3IIIqIEkTQRZWuF3FWjxrvmxAtAnli4eDbTIlekIqzBWFSHpr
Lto9hHIG/pLNxr71VHhew2n+vymoO8vzJS0cI0KdDg84j4u6LYsi4IO1Y+TGDNDU
XeRV4ML821vzyJnme93A9/S1s6cbFtNV2fyKSgk06RBu4sf/dzgt6rfU76zFucHJ
AqXlJSbNxC8D5BouTABnK1jY6G9RqxHmiS4Hv9DRgKYG
-----END CERTIFICATE-----