Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/GO89Jf8R1h1vnnX4cBwuviz5o2U.roa
File:                     GO89Jf8R1h1vnnX4cBwuviz5o2U.roa (raw, json)
Hash identifier:          nHT5ps5GBVsBRZrZMmFeCfKTr0vHQqLk7ovfsiTM5vg=
Subject key identifier:   18:EF:3D:25:FF:11:D6:1D:6F:9E:75:F8:70:1C:2E:BE:2C:F9:A3:65
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       018CC3493091F13959F8DDB80061690D869D
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/GO89Jf8R1h1vnnX4cBwuviz5o2U.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        193.31.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:30:91:f1:39:59:f8:dd:b8:00:61:69:0d:86:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18ef3d25ff11d61d6f9e75f8701c2ebe2cf9a365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4a:9a:be:b7:ad:9f:3e:ad:29:49:e3:ac:d6:
                    11:fe:6f:4a:f3:12:d3:75:e9:b2:cc:42:08:46:56:
                    4f:70:79:1c:54:b6:ba:c5:da:2b:fc:01:fe:d2:8f:
                    3a:f4:e7:12:d8:61:7b:a0:3d:b2:38:45:9d:ac:80:
                    50:d3:36:34:39:72:9f:27:cb:83:63:5c:cf:2d:94:
                    0f:a5:49:9c:7c:22:14:21:e5:87:96:27:40:96:28:
                    6d:2b:bb:48:a8:c2:d7:31:0e:d7:f5:1b:d8:3e:29:
                    d6:2f:1b:0d:28:9f:91:81:5e:c3:1d:d9:d6:d2:4d:
                    84:35:43:9b:cb:8e:e4:d7:b7:64:26:7d:ff:af:a5:
                    5d:a7:e5:ff:6b:a3:8f:4c:9a:6b:61:01:88:45:ba:
                    6b:47:93:fc:82:2e:c3:cc:0f:42:c9:d8:f0:6a:de:
                    1c:e9:20:39:04:a8:db:db:f9:da:56:38:2a:d4:01:
                    c5:6c:03:81:e4:3b:d4:fb:75:25:cc:d4:85:3c:12:
                    ba:37:27:37:79:af:c1:ea:f3:c9:88:45:e3:70:da:
                    5b:41:f5:19:a0:4e:72:22:59:b2:f7:c7:dd:70:d3:
                    f6:2c:a6:d1:0b:01:05:68:95:ad:e4:9c:ca:50:f8:
                    fd:61:e7:85:9f:4a:6d:21:de:a8:a7:c4:a4:11:5c:
                    b5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EF:3D:25:FF:11:D6:1D:6F:9E:75:F8:70:1C:2E:BE:2C:F9:A3:65
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/GO89Jf8R1h1vnnX4cBwuviz5o2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:4c:23:d3:80:45:b3:fa:64:11:4c:75:5f:7a:f5:18:17:3c:
         b1:9b:f9:fa:d6:71:7a:fa:1c:b4:52:8d:a7:98:56:7d:ac:1a:
         c1:71:8c:a7:0d:b1:53:85:6a:40:4f:38:05:76:09:9f:10:97:
         a0:67:f5:b4:9d:65:5a:f2:05:f6:d4:c1:b1:79:e0:10:0d:56:
         1c:be:f6:17:64:42:98:0f:cf:74:9e:28:29:cc:8f:1f:cc:79:
         0f:15:11:b2:2b:9c:0e:56:64:b9:04:6f:9f:15:54:f3:47:38:
         8e:ee:5e:28:18:5e:38:df:6b:11:46:1a:39:0a:55:ee:44:3e:
         93:72:d4:5f:62:9a:2a:97:a6:d0:5e:79:45:af:57:aa:4c:3c:
         f1:f1:87:c8:8e:8a:b8:08:63:0a:95:e1:39:b0:97:f4:04:e3:
         85:18:60:67:cf:66:7c:ed:4e:0f:c9:b9:85:2a:3b:39:f9:7d:
         79:3d:5e:93:2e:c6:6c:56:98:f2:c5:0f:b6:c7:f5:1f:c9:a7:
         0d:1d:cc:38:cf:b7:b7:02:2b:2f:d8:7f:15:e5:a3:6a:2a:1b:
         99:84:50:e8:50:0b:b5:40:84:d9:a3:3e:7f:e7:a4:38:31:86:
         e3:1f:e6:65:9f:3c:57:74:90:7e:8c:14:9e:bb:65:42:b4:5d:
         5f:2b:2a:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTCR8TlZ+N24AGFpDYadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGVmM2QyNWZmMTFkNjFkNmY5ZTc1Zjg3MDFjMmViZTJjZjlhMzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uqavretnz6tKUnjrNYR/m9K8xLT
demyzEIIRlZPcHkcVLa6xdor/AH+0o869OcS2GF7oD2yOEWdrIBQ0zY0OXKfJ8uD
Y1zPLZQPpUmcfCIUIeWHlidAlihtK7tIqMLXMQ7X9RvYPinWLxsNKJ+RgV7DHdnW
0k2ENUOby47k17dkJn3/r6Vdp+X/a6OPTJprYQGIRbprR5P8gi7DzA9Cydjwat4c
6SA5BKjb2/naVjgq1AHFbAOB5DvU+3UlzNSFPBK6Nyc3ea/B6vPJiEXjcNpbQfUZ
oE5yIlmy98fdcNP2LKbRCwEFaJWt5JzKUPj9YeeFn0ptId6op8SkEVy1PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjvPSX/EdYdb551+HAcLr4s+aNlMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvR084OUpmOFIxaDF2bm5YNGNCd3V2aXo1bzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR88MA0G
CSqGSIb3DQEBCwUAA4IBAQA1TCPTgEWz+mQRTHVfevUYFzyxm/n61nF6+hy0Uo2n
mFZ9rBrBcYynDbFThWpATzgFdgmfEJegZ/W0nWVa8gX21MGxeeAQDVYcvvYXZEKY
D890nigpzI8fzHkPFRGyK5wOVmS5BG+fFVTzRziO7l4oGF4432sRRho5ClXuRD6T
ctRfYpoql6bQXnlFr1eqTDzx8YfIjoq4CGMKleE5sJf0BOOFGGBnz2Z87U4PybmF
Kjs5+X15PV6TLsZsVpjyxQ+2x/UfyacNHcw4z7e3Aisv2H8V5aNqKhuZhFDoUAu1
QITZoz5/56Q4MYbjH+ZlnzxXdJB+jBSeu2VCtF1fKyr/
-----END CERTIFICATE-----