Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BAO3IJ9C_GVskKvZt0IN4blg5_8.roa
File:                     BAO3IJ9C_GVskKvZt0IN4blg5_8.roa (raw, json)
Hash identifier:          luw8xf9LAEJ19qI3Kq5ZV0vaAKUorV4Ugts4TlsdKWI=
Subject key identifier:   04:03:B7:20:9F:42:FC:65:6C:90:AB:D9:B7:42:0D:E1:B9:60:E7:FF
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64ADDC521E27E3EEEF09689F072DD98
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BAO3IJ9C_GVskKvZt0IN4blg5_8.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24858
IP address blocks:        193.231.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:c5:21:e2:7e:3e:ee:f0:96:89:f0:72:dd:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0403b7209f42fc656c90abd9b7420de1b960e7ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:35:28:99:47:53:3e:ae:88:48:0a:cf:f5:7e:
                    a0:91:70:05:a8:92:9c:ae:08:73:81:3e:a0:a9:7c:
                    ff:ad:9e:76:2c:21:1e:48:b1:8a:fc:a8:72:8c:55:
                    d5:2c:3f:94:04:15:27:db:f8:3d:ff:e3:cf:4d:c5:
                    cc:ec:09:9d:29:e7:e2:f4:5f:0a:c1:fa:12:e4:44:
                    0c:75:8d:31:03:e0:84:39:52:5c:65:ef:ec:c7:16:
                    a0:49:36:22:fa:78:2a:98:d6:40:57:78:ad:c1:23:
                    1e:a1:59:61:91:fa:b4:a4:5f:83:8e:49:d7:ad:32:
                    8f:7d:a4:ea:36:3e:e0:96:0a:a5:74:7e:97:0c:fd:
                    87:35:8d:53:4a:b0:ad:43:b7:79:58:3d:42:a4:e7:
                    56:ff:28:d6:fc:90:2c:4d:15:e0:05:af:f2:38:44:
                    2d:50:ac:59:4e:a1:37:d7:59:d1:3a:f6:33:f5:cd:
                    9d:28:46:7b:1f:a4:8e:d3:44:9e:3f:ba:64:16:46:
                    2b:26:2c:e9:35:0f:11:ac:60:01:75:b9:a2:80:e2:
                    d6:76:c9:b8:f9:38:aa:1c:93:ac:f8:ea:5c:63:3c:
                    32:dc:8b:b5:1b:cb:5b:c5:04:95:a2:e1:68:fb:70:
                    12:91:42:50:f0:c9:c7:6b:51:a9:f1:f0:cf:e7:f5:
                    2a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:03:B7:20:9F:42:FC:65:6C:90:AB:D9:B7:42:0D:E1:B9:60:E7:FF
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BAO3IJ9C_GVskKvZt0IN4blg5_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.231.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d8:fd:3e:54:a3:86:7c:72:53:29:15:02:f4:9f:22:b2:f3:
         97:56:dc:83:fa:21:35:e7:02:44:1d:71:29:16:47:5c:1d:cd:
         2c:86:14:ab:02:f1:50:cc:c9:28:31:52:d5:14:b9:c3:b4:93:
         cd:5e:db:7d:eb:cc:c5:7e:34:c0:ae:4c:7a:8d:04:c5:94:bd:
         71:1b:b5:14:aa:c1:d3:93:0c:c2:76:6d:48:4c:cb:68:9b:29:
         09:36:11:cb:0f:61:39:0f:2b:fe:66:f8:79:be:1a:e3:3b:c6:
         a2:f8:c6:b5:ab:71:a2:a8:8a:97:d6:8a:76:6e:43:3c:6c:19:
         5b:1c:fe:64:4d:c5:da:d2:51:92:7b:19:1c:5d:6e:8e:d0:ec:
         58:96:d3:c2:42:66:dd:a3:e2:51:d3:a0:c4:4d:00:6d:68:93:
         7e:da:87:80:43:73:6c:97:2e:53:a1:ec:a8:7d:f7:6d:fe:ab:
         ca:c8:72:db:d3:60:dc:48:7c:2a:4d:d4:ad:1f:7a:30:d5:2f:
         87:6c:a5:e4:ba:51:19:2a:82:5e:3f:13:85:3f:02:8a:a9:21:
         ca:20:d0:49:72:10:5b:34:c7:7d:7d:6c:c5:17:4a:1f:62:e8:
         91:c2:65:f0:e5:3c:80:25:19:d6:f6:0e:41:be:da:e7:9c:93:
         71:5f:79:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt3FIeJ+Pu7wlonwct2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDAzYjcyMDlmNDJmYzY1NmM5MGFiZDliNzQyMGRlMWI5NjBlN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTUomUdTPq6ISArP9X6gkXAFqJKc
rghzgT6gqXz/rZ52LCEeSLGK/KhyjFXVLD+UBBUn2/g9/+PPTcXM7AmdKefi9F8K
wfoS5EQMdY0xA+CEOVJcZe/sxxagSTYi+ngqmNZAV3itwSMeoVlhkfq0pF+DjknX
rTKPfaTqNj7glgqldH6XDP2HNY1TSrCtQ7d5WD1CpOdW/yjW/JAsTRXgBa/yOEQt
UKxZTqE311nROvYz9c2dKEZ7H6SO00SeP7pkFkYrJizpNQ8RrGABdbmigOLWdsm4
+TiqHJOs+OpcYzwy3Iu1G8tbxQSVouFo+3ASkUJQ8MnHa1Gp8fDP5/UqWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQDtyCfQvxlbJCr2bdCDeG5YOf/MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQkFPM0lKOUNfR1Zza0t2WnQwSU40YmxnNV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweddMA0G
CSqGSIb3DQEBCwUAA4IBAQBy2P0+VKOGfHJTKRUC9J8isvOXVtyD+iE15wJEHXEp
FkdcHc0shhSrAvFQzMkoMVLVFLnDtJPNXtt968zFfjTArkx6jQTFlL1xG7UUqsHT
kwzCdm1ITMtomykJNhHLD2E5Dyv+Zvh5vhrjO8ai+Ma1q3GiqIqX1op2bkM8bBlb
HP5kTcXa0lGSexkcXW6O0OxYltPCQmbdo+JR06DETQBtaJN+2oeAQ3Nsly5Toeyo
ffdt/qvKyHLb02DcSHwqTdStH3ow1S+HbKXkulEZKoJePxOFPwKKqSHKINBJchBb
NMd9fWzFF0ofYuiRwmXw5TyAJRnW9g5BvtrnnJNxX3no
-----END CERTIFICATE-----