Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/bphPIpGVOBk9bI5lRL_a-BXdGqA.roa
File:                     bphPIpGVOBk9bI5lRL_a-BXdGqA.roa (raw, json)
Hash identifier:          0H92+Wi0NZWfhjNU6PcS2YztStj10CYVAytPDoRuX70=
Subject key identifier:   6E:98:4F:22:91:95:38:19:3D:6C:8E:65:44:BF:DA:F8:15:DD:1A:A0
Certificate issuer:       /CN=e356f5c23ccec64640685e44d59bc4b6d44daab9
Certificate serial:       018CC64B1DD4117546FCA123FCCBC1BAB97B
Authority key identifier: E3:56:F5:C2:3C:CE:C6:46:40:68:5E:44:D5:9B:C4:B6:D4:4D:AA:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/41b1wjzOxkZAaF5E1ZvEttRNqrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/bphPIpGVOBk9bI5lRL_a-BXdGqA.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35500
IP address blocks:        193.47.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/41b1wjzOxkZAaF5E1ZvEttRNqrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/41b1wjzOxkZAaF5E1ZvEttRNqrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/41b1wjzOxkZAaF5E1ZvEttRNqrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 13:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1d:d4:11:75:46:fc:a1:23:fc:cb:c1:ba:b9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e356f5c23ccec64640685e44d59bc4b6d44daab9
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e984f22919538193d6c8e6544bfdaf815dd1aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:61:8b:54:c0:f8:a4:6b:e9:7a:dd:8d:10:80:
                    37:c9:14:cc:da:d9:c9:1b:aa:1f:94:04:f9:08:13:
                    aa:6e:86:72:74:1f:5b:07:a4:b1:ed:1e:79:37:a8:
                    c2:02:d9:c8:d7:ac:50:da:1b:83:95:eb:f1:80:69:
                    ed:22:71:c2:c5:2f:a4:6a:b1:2e:42:76:0d:0a:e1:
                    38:9a:05:4f:cb:b0:65:db:fd:90:48:7f:bf:54:04:
                    45:a6:de:e0:34:a2:97:f4:b6:a8:d0:89:62:29:fc:
                    e5:78:07:f5:48:d9:69:50:8b:c7:42:83:58:43:1a:
                    12:dd:32:d4:3a:5e:c9:90:0c:9f:b4:57:61:81:e6:
                    f8:93:73:0c:95:c0:a2:ed:36:b7:a1:85:c7:80:6f:
                    4d:d6:64:a6:11:58:7a:76:f2:b0:d2:dd:ec:72:9a:
                    42:b7:10:9d:88:34:a2:f2:f2:fd:37:8b:e2:80:a3:
                    6b:c1:e5:77:7c:77:09:8f:d9:54:6d:a2:6c:6c:32:
                    19:cb:14:fc:72:31:7a:f3:0d:b4:30:cb:17:ca:b9:
                    56:78:05:93:92:22:2a:ce:a6:1c:f6:9a:d7:45:a7:
                    88:2e:1a:ff:bc:15:53:b3:37:b1:ff:e5:18:de:3b:
                    be:9b:34:58:89:51:8b:42:7d:33:5d:fc:1c:80:62:
                    cf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:98:4F:22:91:95:38:19:3D:6C:8E:65:44:BF:DA:F8:15:DD:1A:A0
            X509v3 Authority Key Identifier:
                keyid:E3:56:F5:C2:3C:CE:C6:46:40:68:5E:44:D5:9B:C4:B6:D4:4D:AA:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/41b1wjzOxkZAaF5E1ZvEttRNqrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/bphPIpGVOBk9bI5lRL_a-BXdGqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c3d10e-f4ab-4f08-956c-3cadec46e5c3/1/41b1wjzOxkZAaF5E1ZvEttRNqrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:20:0f:5d:d8:e1:01:45:a6:8d:f3:63:b4:e1:d6:e0:ed:38:
         10:f9:d5:b4:22:05:06:43:1b:fb:78:96:e5:c2:84:31:3c:05:
         d2:a7:fd:0a:c8:40:ff:07:79:f4:44:a5:fe:19:d5:64:68:fb:
         17:a3:a3:03:df:4b:64:98:43:f9:bb:64:f5:23:e0:ad:8a:1c:
         eb:fe:71:a1:c7:fd:b2:6d:0c:3b:b7:62:95:cc:a9:c8:ec:89:
         1e:7b:b5:a2:7d:ae:28:07:4b:b0:c8:cd:c5:fb:f7:18:f9:45:
         0c:87:79:7d:41:4c:1c:0e:40:91:58:ad:94:b1:1b:bf:1c:6c:
         98:73:dc:2b:0a:a2:52:db:aa:bf:c8:b6:7d:6d:b3:2b:ca:8a:
         27:63:63:eb:8a:0a:36:87:a6:eb:ad:9b:b1:ee:81:eb:5f:8c:
         d6:43:c8:c1:bd:dc:8b:73:81:7d:d8:14:6f:73:b0:59:61:b9:
         b8:62:e6:de:68:72:95:bb:e2:71:68:7d:04:cc:28:f8:c7:9a:
         96:40:13:3f:a0:34:39:4c:58:11:84:41:d5:fc:bd:75:e5:08:
         d6:bf:35:5e:a2:f5:1c:97:1a:e7:45:38:0f:ca:84:85:5c:1f:
         0c:4c:25:5b:cb:52:1c:ad:9d:6a:e8:3f:7d:3a:6f:9e:ea:e5:
         8d:16:61:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx3UEXVG/KEj/MvBurl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNTZmNWMyM2NjZWM2NDY0MDY4NWU0NGQ1OWJjNGI2ZDQ0
ZGFhYjkwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk4NGYyMjkxOTUzODE5M2Q2YzhlNjU0NGJmZGFmODE1ZGQxYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWGLVMD4pGvpet2NEIA3yRTM2tnJ
G6oflAT5CBOqboZydB9bB6Sx7R55N6jCAtnI16xQ2huDlevxgGntInHCxS+karEu
QnYNCuE4mgVPy7Bl2/2QSH+/VARFpt7gNKKX9Lao0IliKfzleAf1SNlpUIvHQoNY
QxoS3TLUOl7JkAyftFdhgeb4k3MMlcCi7Ta3oYXHgG9N1mSmEVh6dvKw0t3scppC
txCdiDSi8vL9N4vigKNrweV3fHcJj9lUbaJsbDIZyxT8cjF68w20MMsXyrlWeAWT
kiIqzqYc9prXRaeILhr/vBVTszex/+UY3ju+mzRYiVGLQn0zXfwcgGLPSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6YTyKRlTgZPWyOZUS/2vgV3RqgMB8GA1UdIwQY
MBaAFONW9cI8zsZGQGheRNWbxLbUTaq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDFiMXdqek94a1pBYUY1RTFadkV0dFJOcXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jM2QxMGUtZjRhYi00ZjA4LTk1NmMt
M2NhZGVjNDZlNWMzLzEvYnBoUElwR1ZPQms5Ykk1bFJMX2EtQlhkR3FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jM2QxMGUtZjRhYi00ZjA4LTk1NmMtM2NhZGVjNDZlNWMz
LzEvNDFiMXdqek94a1pBYUY1RTFadkV0dFJOcXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCVIA9d2OEBRaaN82O04dbg7TgQ+dW0IgUGQxv7eJbl
woQxPAXSp/0KyED/B3n0RKX+GdVkaPsXo6MD30tkmEP5u2T1I+Ctihzr/nGhx/2y
bQw7t2KVzKnI7Ikee7Wifa4oB0uwyM3F+/cY+UUMh3l9QUwcDkCRWK2UsRu/HGyY
c9wrCqJS26q/yLZ9bbMryoonY2Prigo2h6brrZux7oHrX4zWQ8jBvdyLc4F92BRv
c7BZYbm4YubeaHKVu+JxaH0EzCj4x5qWQBM/oDQ5TFgRhEHV/L115QjWvzVeovUc
lxrnRTgPyoSFXB8MTCVby1IcrZ1q6D99Om+e6uWNFmHq
-----END CERTIFICATE-----