Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6tdLib4zSO-qcH6wC4Tabqx_3L4.roa
File:                     6tdLib4zSO-qcH6wC4Tabqx_3L4.roa (raw, json)
Hash identifier:          fD2hskRRKAQTvo06VGyEPP+7FoQAoOYAPkilSZdtQKo=
Subject key identifier:   EA:D7:4B:89:BE:33:48:EF:AA:70:7E:B0:0B:84:DA:6E:AC:7F:DC:BE
Certificate issuer:       /CN=e87cc680c85983e7bf74498d0e6be800f86451c3
Certificate serial:       018CC50045261ADDF85BFC9B5CD8E659510E
Authority key identifier: E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6tdLib4zSO-qcH6wC4Tabqx_3L4.roa
Signing time:             Mon 01 Jan 2024 12:29:38 +0000
ROA not before:           Mon 01 Jan 2024 12:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43915
IP address blocks:        31.210.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:45:26:1a:dd:f8:5b:fc:9b:5c:d8:e6:59:51:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e87cc680c85983e7bf74498d0e6be800f86451c3
        Validity
            Not Before: Jan  1 12:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ead74b89be3348efaa707eb00b84da6eac7fdcbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d6:74:ea:21:af:4c:15:32:c3:43:15:af:7d:
                    d1:e5:fc:4c:50:be:1e:0e:9b:7f:46:ba:18:46:f5:
                    09:83:69:72:1d:9a:5f:1d:1e:b6:c5:08:db:e3:f0:
                    f2:5c:8d:14:b0:8d:0d:78:75:49:cd:3a:e8:56:33:
                    18:b8:99:49:a2:4d:85:2a:5a:53:d7:c0:f1:7f:f9:
                    6b:9f:00:bb:38:f1:c1:8f:a6:11:31:06:54:be:23:
                    61:3b:7c:af:a9:71:2e:7c:6f:24:56:1f:72:85:36:
                    d9:96:27:d4:57:26:e9:c5:b8:6a:38:40:df:82:26:
                    62:4c:94:2a:6a:a4:8f:d1:7e:80:ec:89:03:ad:1b:
                    e9:33:43:91:ce:f4:84:1a:d6:08:2a:45:cc:c8:98:
                    2f:b9:05:a6:15:95:29:54:95:20:11:c5:a1:44:b0:
                    e6:e8:ac:ea:81:9c:66:23:ba:63:a1:34:d3:ab:70:
                    59:ef:20:8d:58:ba:60:50:dc:6a:45:0d:17:41:6f:
                    2f:b3:10:5f:93:4c:94:17:50:e1:57:33:8d:6d:bf:
                    b1:fa:b1:44:b3:d1:75:f4:6f:68:72:04:16:a3:cb:
                    aa:01:1a:5e:3e:ca:46:14:62:39:78:74:4a:92:b5:
                    8b:81:65:82:a4:b1:91:34:64:17:a8:4c:d9:2c:bf:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D7:4B:89:BE:33:48:EF:AA:70:7E:B0:0B:84:DA:6E:AC:7F:DC:BE
            X509v3 Authority Key Identifier:
                keyid:E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6tdLib4zSO-qcH6wC4Tabqx_3L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:15:a6:5b:b0:29:63:c7:30:18:30:54:36:1a:c1:a1:4b:90:
         54:26:57:c0:08:61:a2:27:3b:94:dd:bb:c3:a0:4b:72:87:9e:
         66:08:ad:66:a2:66:0f:7d:a1:d9:a5:d0:f4:cd:f5:22:6f:62:
         2f:fc:da:88:32:44:1c:26:58:a2:4c:c9:12:e5:2c:53:a8:6d:
         6a:10:d7:6b:65:d5:9a:b7:23:07:81:9e:3a:5c:a0:8b:28:f8:
         1a:f6:1d:63:4b:99:01:aa:5d:4a:b8:57:50:46:e0:e6:8a:7e:
         69:44:15:94:30:a9:43:5a:3c:7f:dd:58:0c:8f:d5:2e:80:b4:
         dd:b7:c4:f9:a1:b3:81:20:62:fd:41:d1:06:92:12:50:83:6b:
         f0:39:35:b2:99:f9:f2:73:a7:27:fc:d5:30:7b:26:ce:3a:0c:
         9e:70:64:6f:84:22:da:3a:f2:75:72:82:4e:ac:0e:85:2d:d4:
         93:45:eb:90:03:8b:81:15:c2:8e:c9:17:0d:b9:c9:10:b5:96:
         4c:58:ec:23:3f:c6:0d:cb:44:c0:f0:e9:b4:8b:b7:df:6d:e6:
         d9:c1:59:b8:f9:90:7c:52:5a:5b:28:99:8a:d1:46:f4:64:0c:
         b0:77:d5:2f:d3:82:90:fa:14:22:e7:77:c2:be:6f:a7:25:07:
         5f:8e:d9:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEUmGt34W/ybXNjmWVEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4N2NjNjgwYzg1OTgzZTdiZjc0NDk4ZDBlNmJlODAwZjg2
NDUxYzMwHhcNMjQwMTAxMTIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ3NGI4OWJlMzM0OGVmYWE3MDdlYjAwYjg0ZGE2ZWFjN2ZkY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNZ06iGvTBUyw0MVr33R5fxMUL4e
Dpt/RroYRvUJg2lyHZpfHR62xQjb4/DyXI0UsI0NeHVJzTroVjMYuJlJok2FKlpT
18Dxf/lrnwC7OPHBj6YRMQZUviNhO3yvqXEufG8kVh9yhTbZlifUVybpxbhqOEDf
giZiTJQqaqSP0X6A7IkDrRvpM0ORzvSEGtYIKkXMyJgvuQWmFZUpVJUgEcWhRLDm
6KzqgZxmI7pjoTTTq3BZ7yCNWLpgUNxqRQ0XQW8vsxBfk0yUF1DhVzONbb+x+rFE
s9F19G9ocgQWo8uqARpePspGFGI5eHRKkrWLgWWCpLGRNGQXqEzZLL8wswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrXS4m+M0jvqnB+sAuE2m6sf9y+MB8GA1UdIwQY
MBaAFOh8xoDIWYPnv3RJjQ5r6AD4ZFHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkh6R2dNaFpnLWVfZEVtTkRtdm9BUGhrVWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yOWFmNTktMGI3Yi00ZDgwLThmOWYt
MTRkMDJlMzBkMjI3LzEvNnRkTGliNHpTTy1xY0g2d0M0VGFicXhfM0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yOWFmNTktMGI3Yi00ZDgwLThmOWYtMTRkMDJlMzBkMjI3
LzEvNkh6R2dNaFpnLWVfZEVtTkRtdm9BUGhrVWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9IbMA0G
CSqGSIb3DQEBCwUAA4IBAQAjFaZbsCljxzAYMFQ2GsGhS5BUJlfACGGiJzuU3bvD
oEtyh55mCK1momYPfaHZpdD0zfUib2Iv/NqIMkQcJliiTMkS5SxTqG1qENdrZdWa
tyMHgZ46XKCLKPga9h1jS5kBql1KuFdQRuDmin5pRBWUMKlDWjx/3VgMj9UugLTd
t8T5obOBIGL9QdEGkhJQg2vwOTWymfnyc6cn/NUweybOOgyecGRvhCLaOvJ1coJO
rA6FLdSTReuQA4uBFcKOyRcNuckQtZZMWOwjP8YNy0TA8Om0i7ffbebZwVm4+ZB8
UlpbKJmK0Ub0ZAywd9Uv04KQ+hQi53fCvm+nJQdfjtnD
-----END CERTIFICATE-----