Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QBbKMrewUV5LysqmZYBRCD2P-aU.roa
File:                     QBbKMrewUV5LysqmZYBRCD2P-aU.roa (raw, json)
Hash identifier:          pyCMXVW0aDhN3pnl3u7Ja6A+yxwNB3DI3wsCXDY581k=
Subject key identifier:   40:16:CA:32:B7:B0:51:5E:4B:CA:CA:A6:65:80:51:08:3D:8F:F9:A5
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       01941FFA263645B047934FB157D1AB149E06
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QBbKMrewUV5LysqmZYBRCD2P-aU.roa
Signing time:             Wed 01 Jan 2025 03:47:54 +0000
ROA not before:           Wed 01 Jan 2025 03:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.31.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:26:36:45:b0:47:93:4f:b1:57:d1:ab:14:9e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 03:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4016ca32b7b0515e4bcacaa6658051083d8ff9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:20:3f:44:7a:fd:ba:fc:bc:bd:f3:0b:b3:b4:
                    9e:07:56:e8:4a:95:15:f7:38:4e:99:74:5d:63:e7:
                    c7:61:e2:4a:09:14:41:3d:ef:66:84:9d:8e:8f:f6:
                    5d:f1:a0:fc:08:e6:d1:35:b2:4c:e8:3a:09:76:77:
                    d0:d1:0c:d2:4d:0d:2a:32:0a:c6:5b:45:d5:3f:82:
                    d0:d6:f4:90:24:10:5c:e0:74:35:4e:c1:de:57:06:
                    28:d6:5c:62:b3:e0:f5:ee:98:6d:03:d0:50:ae:e2:
                    69:cb:68:44:1e:b8:9a:53:5a:83:dd:6d:f7:1c:0d:
                    b4:9b:6b:47:2b:ae:d8:78:41:06:36:8e:94:2a:e1:
                    06:e8:fc:8d:50:11:4c:d1:3c:da:de:59:dc:c5:59:
                    a0:69:e2:75:f0:dd:a3:c3:35:89:e9:a7:38:13:ca:
                    5c:f8:b4:8a:0a:ed:74:7f:f8:9d:97:06:96:72:9d:
                    47:fe:bc:df:12:35:f3:fe:24:96:49:82:94:40:f4:
                    c5:e6:99:70:20:53:b6:b0:74:50:4e:37:dd:32:0c:
                    b7:bb:d1:44:59:3c:80:c7:92:6c:68:0a:0c:bc:dc:
                    7a:6d:61:c9:17:8a:03:61:10:2b:72:7b:a1:60:83:
                    a3:ca:5c:13:34:a1:81:2f:61:d5:80:36:1a:46:a5:
                    e7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:16:CA:32:B7:B0:51:5E:4B:CA:CA:A6:65:80:51:08:3D:8F:F9:A5
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QBbKMrewUV5LysqmZYBRCD2P-aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:e1:38:b0:18:5a:ca:b7:51:8a:48:c0:2d:dc:a4:8e:07:e6:
         df:bc:67:58:f3:b6:0d:ad:fa:20:9d:63:cd:c8:4a:8c:de:14:
         c5:65:d9:e5:7f:84:68:9b:ee:f3:fe:22:e0:be:f9:25:89:d0:
         23:8a:b6:0d:98:fa:61:48:c4:53:21:70:e4:c3:73:ed:ff:67:
         16:ff:90:68:e5:1d:3e:18:97:fc:8f:47:52:38:9d:5e:80:1b:
         3c:e8:b1:1f:ed:9e:8c:2f:0a:3d:ba:fb:09:ea:84:31:0d:10:
         a9:28:bf:7c:bb:7d:4f:82:f3:76:d0:a1:a9:94:17:da:7b:81:
         fe:2d:39:65:a6:2c:1c:28:6c:e5:32:d5:c3:7e:04:3c:6c:fa:
         ad:d5:39:ee:a3:45:80:9a:9e:5e:f6:19:8b:16:78:9f:a3:75:
         fd:6e:60:34:d7:8d:68:72:52:23:2c:18:99:28:22:4f:a3:14:
         7f:9c:09:9f:86:2d:9e:c5:a6:b3:b7:d4:6c:1d:3a:d9:b2:0c:
         cf:25:df:a3:c8:e0:cb:ec:5d:80:2a:1b:ba:d4:fa:60:be:7e:
         0b:38:4c:32:f5:b4:8f:f5:c7:9c:a2:79:b4:d3:62:86:fc:d2:
         3c:d5:99:ee:a9:60:61:6a:31:25:f7:58:88:9f:56:b5:dd:3d:
         a2:11:8c:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iY2RbBHk0+xV9GrFJ4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjUwMTAxMDM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE2Y2EzMmI3YjA1MTVlNGJjYWNhYTY2NTgwNTEwODNkOGZmOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCA/RHr9uvy8vfMLs7SeB1boSpUV
9zhOmXRdY+fHYeJKCRRBPe9mhJ2Oj/Zd8aD8CObRNbJM6DoJdnfQ0QzSTQ0qMgrG
W0XVP4LQ1vSQJBBc4HQ1TsHeVwYo1lxis+D17phtA9BQruJpy2hEHriaU1qD3W33
HA20m2tHK67YeEEGNo6UKuEG6PyNUBFM0Tza3lncxVmgaeJ18N2jwzWJ6ac4E8pc
+LSKCu10f/idlwaWcp1H/rzfEjXz/iSWSYKUQPTF5plwIFO2sHRQTjfdMgy3u9FE
WTyAx5JsaAoMvNx6bWHJF4oDYRArcnuhYIOjylwTNKGBL2HVgDYaRqXn/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAWyjK3sFFeS8rKpmWAUQg9j/mlMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvUUJiS01yZXdVVjVMeXNxbVpZQlJDRDJQLWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8PMA0G
CSqGSIb3DQEBCwUAA4IBAQAI4TiwGFrKt1GKSMAt3KSOB+bfvGdY87YNrfognWPN
yEqM3hTFZdnlf4Rom+7z/iLgvvklidAjirYNmPphSMRTIXDkw3Pt/2cW/5Bo5R0+
GJf8j0dSOJ1egBs86LEf7Z6MLwo9uvsJ6oQxDRCpKL98u31PgvN20KGplBfae4H+
LTllpiwcKGzlMtXDfgQ8bPqt1Tnuo0WAmp5e9hmLFnifo3X9bmA0141oclIjLBiZ
KCJPoxR/nAmfhi2exaazt9RsHTrZsgzPJd+jyODL7F2AKhu61Ppgvn4LOEwy9bSP
9ceconm002KG/NI81ZnuqWBhajEl91iIn1a13T2iEYw7
-----END CERTIFICATE-----