Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/3ruIdaoC5GpH7lLaeU4xtrAknVk.roa
File:                     3ruIdaoC5GpH7lLaeU4xtrAknVk.roa (raw, json)
Hash identifier:          9XZDFb5fuxYkHFZqInbvrLaf94JVtD7E5nhSQaOQnDM=
Subject key identifier:   DE:BB:88:75:AA:02:E4:6A:47:EE:52:DA:79:4E:31:B6:B0:24:9D:59
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B93AE4F6407398207B9E6C91076CF4
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/3ruIdaoC5GpH7lLaeU4xtrAknVk.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206409
IP address blocks:        31.145.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3a:e4:f6:40:73:98:20:7b:9e:6c:91:07:6c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=debb8875aa02e46a47ee52da794e31b6b0249d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f0:a8:5e:90:ff:7b:66:0f:0d:cb:30:9d:74:
                    be:af:b5:1a:85:ec:33:b6:5d:19:56:75:40:69:4c:
                    c9:b5:95:77:7a:d1:a4:0a:40:cb:8f:00:ed:98:31:
                    57:55:aa:a9:84:1c:4c:2e:37:b1:aa:4a:31:f9:eb:
                    19:48:5a:dc:cf:56:e4:da:06:78:c0:63:76:de:ab:
                    59:ac:b6:37:82:4a:90:b6:8f:49:d3:d3:26:49:48:
                    26:a9:59:61:d9:16:d3:de:d8:0c:6e:ff:a6:68:be:
                    5b:eb:ec:66:46:84:55:30:f0:f4:2e:3f:af:a7:45:
                    9c:55:93:94:f1:0e:81:57:73:33:29:8f:e2:2e:8f:
                    dc:fe:01:d1:aa:06:59:1b:da:bf:28:e0:3f:74:95:
                    6d:20:73:03:e9:ca:a3:14:15:fa:fa:e4:8b:0f:b2:
                    8b:b8:ab:36:5c:80:25:4b:c8:db:30:42:3c:ef:16:
                    92:d3:d7:c9:d6:42:06:1c:4b:d0:61:00:eb:c7:05:
                    1e:c1:79:fe:68:ee:df:ec:6f:88:da:a3:f3:c0:a0:
                    be:d1:2b:d5:6d:f3:3e:17:4a:6a:ec:b5:38:dd:48:
                    4c:f6:e0:ee:4b:a0:8c:69:99:e6:5b:65:fb:a2:95:
                    b7:a9:3f:70:d3:0d:69:fc:dc:29:e5:e3:6d:71:e0:
                    5d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BB:88:75:AA:02:E4:6A:47:EE:52:DA:79:4E:31:B6:B0:24:9D:59
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/3ruIdaoC5GpH7lLaeU4xtrAknVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.145.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a1:38:b5:a9:27:86:0f:33:6d:3f:a5:ca:e2:ee:09:6c:98:
         ba:ab:99:ae:72:bf:b3:a7:5a:05:56:06:76:b8:51:bd:39:9d:
         39:9d:88:c2:af:c2:f7:24:76:17:bc:f5:3d:41:7e:97:a3:43:
         d4:5d:27:3d:a3:60:45:f0:f1:13:43:94:b2:a6:05:29:aa:e8:
         a4:bf:82:60:c6:f4:7f:82:df:15:d7:cb:16:40:a0:af:2f:08:
         0c:f3:9c:46:8b:e4:f8:96:69:0e:d2:82:97:d1:30:68:a7:a9:
         75:41:89:38:f9:5a:b9:99:5d:c1:98:46:f2:58:92:99:22:67:
         be:07:4d:87:8d:89:da:eb:fc:19:fd:a5:70:31:ec:db:ca:be:
         77:d0:66:f8:2c:cd:41:ab:b1:73:82:13:4a:11:1e:9c:f2:e7:
         36:c6:c7:9a:c0:8c:76:d1:0b:5c:52:44:c9:93:ab:00:24:9f:
         3b:92:cf:2f:1e:7b:b0:9e:3e:34:cd:20:e3:b3:d6:ef:9c:31:
         10:6e:fd:fd:15:f6:47:15:56:f9:a1:d6:27:fa:4b:a9:6b:d9:
         3e:29:be:5f:a1:64:9f:0c:a7:92:2a:71:22:a7:06:ba:9b:23:
         8c:04:16:0c:47:ca:d2:87:9f:41:0d:a1:10:5b:b4:11:aa:42:
         bb:b8:53:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTrk9kBzmCB7nmyRB2z0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJiODg3NWFhMDJlNDZhNDdlZTUyZGE3OTRlMzFiNmIwMjQ5ZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/CoXpD/e2YPDcswnXS+r7Uahewz
tl0ZVnVAaUzJtZV3etGkCkDLjwDtmDFXVaqphBxMLjexqkox+esZSFrcz1bk2gZ4
wGN23qtZrLY3gkqQto9J09MmSUgmqVlh2RbT3tgMbv+maL5b6+xmRoRVMPD0Lj+v
p0WcVZOU8Q6BV3MzKY/iLo/c/gHRqgZZG9q/KOA/dJVtIHMD6cqjFBX6+uSLD7KL
uKs2XIAlS8jbMEI87xaS09fJ1kIGHEvQYQDrxwUewXn+aO7f7G+I2qPzwKC+0SvV
bfM+F0pq7LU43UhM9uDuS6CMaZnmW2X7opW3qT9w0w1p/Nwp5eNtceBdmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN67iHWqAuRqR+5S2nlOMbawJJ1ZMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvM3J1SWRhb0M1R3BIN2xMYWVVNHh0ckFrblZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5E7MA0G
CSqGSIb3DQEBCwUAA4IBAQBwoTi1qSeGDzNtP6XK4u4JbJi6q5mucr+zp1oFVgZ2
uFG9OZ05nYjCr8L3JHYXvPU9QX6Xo0PUXSc9o2BF8PETQ5SypgUpquikv4JgxvR/
gt8V18sWQKCvLwgM85xGi+T4lmkO0oKX0TBop6l1QYk4+Vq5mV3BmEbyWJKZIme+
B02HjYna6/wZ/aVwMezbyr530Gb4LM1Bq7FzghNKER6c8uc2xseawIx20QtcUkTJ
k6sAJJ87ks8vHnuwnj40zSDjs9bvnDEQbv39FfZHFVb5odYn+kupa9k+Kb5foWSf
DKeSKnEipwa6myOMBBYMR8rSh59BDaEQW7QRqkK7uFNi
-----END CERTIFICATE-----