Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/V6xnzjmn9nY2PtGIjay3WKf5hms.roa
File:                     V6xnzjmn9nY2PtGIjay3WKf5hms.roa (raw, json)
Hash identifier:          FKlGmRDBEwORtiuk08AYYs82GgHigfToK7W3m05L9Ms=
Subject key identifier:   57:AC:67:CE:39:A7:F6:76:36:3E:D1:88:8D:AC:B7:58:A7:F9:86:6B
Certificate issuer:       /CN=63ee6d1d1eccaf9799bbd5f2b6dace46d86df48b
Certificate serial:       018EF0A87996302ACDC0E43DCF18F785A77B
Authority key identifier: 63:EE:6D:1D:1E:CC:AF:97:99:BB:D5:F2:B6:DA:CE:46:D8:6D:F4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/V6xnzjmn9nY2PtGIjay3WKf5hms.roa
Signing time:             Thu 18 Apr 2024 10:02:36 +0000
ROA not before:           Thu 18 Apr 2024 10:02:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206791
IP address blocks:        31.43.163.0/24 maxlen: 24
                          178.159.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:a8:79:96:30:2a:cd:c0:e4:3d:cf:18:f7:85:a7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63ee6d1d1eccaf9799bbd5f2b6dace46d86df48b
        Validity
            Not Before: Apr 18 10:02:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57ac67ce39a7f676363ed1888dacb758a7f9866b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d2:ef:1f:78:f2:4d:c4:6c:b7:4c:f6:e3:b8:
                    8a:85:1b:e4:66:25:21:c6:ec:7e:46:c0:cb:08:a1:
                    36:5b:ba:3d:06:da:b9:a6:2a:a0:c5:58:47:34:59:
                    74:56:97:46:21:70:b5:d5:73:70:f5:d8:6a:fa:38:
                    88:9e:a6:a6:6c:f1:75:92:d9:b4:43:e7:ca:42:21:
                    fc:db:1a:03:8c:2e:95:b7:4b:3f:2b:7d:36:b8:02:
                    1d:00:2e:6b:3f:36:ec:4e:1e:40:e8:ac:77:d9:a7:
                    df:e3:d2:4d:b1:4c:4a:d9:78:2b:10:a0:c3:35:6d:
                    69:7f:85:39:e5:7d:43:4f:62:79:35:7e:76:8c:40:
                    db:02:ab:48:ca:fd:f2:0c:20:81:de:00:b3:d8:e7:
                    57:80:57:04:7b:39:ff:3b:e8:83:73:19:aa:87:7a:
                    83:ff:cc:cb:9a:2c:60:63:51:53:24:d4:20:6c:ee:
                    87:df:bb:74:8f:b9:01:5f:36:f2:ab:0c:96:b3:98:
                    70:84:de:50:b7:55:53:06:86:5d:a5:bb:0f:b2:f8:
                    13:21:e9:eb:dc:36:c3:9c:03:33:4a:4d:ab:b3:52:
                    43:bc:c9:a5:8a:d2:2b:36:2e:55:ed:fe:0e:60:42:
                    50:a0:d7:d5:b6:86:3f:d3:91:79:f2:69:40:7a:23:
                    cd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:AC:67:CE:39:A7:F6:76:36:3E:D1:88:8D:AC:B7:58:A7:F9:86:6B
            X509v3 Authority Key Identifier:
                keyid:63:EE:6D:1D:1E:CC:AF:97:99:BB:D5:F2:B6:DA:CE:46:D8:6D:F4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-5tHR7Mr5eZu9XyttrORtht9Is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/V6xnzjmn9nY2PtGIjay3WKf5hms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5dc1d9-eba4-42c8-b3d6-d1c5f1b51e17/1/Y-5tHR7Mr5eZu9XyttrORtht9Is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.163.0/24
                  178.159.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:c2:3c:89:c3:78:ec:07:65:34:bd:7d:d2:85:cb:e4:24:4c:
         c4:f1:9f:d4:a2:fd:2b:ea:7f:4f:25:3d:83:6f:0d:51:53:bf:
         8d:71:16:19:7f:bf:15:f8:9a:71:df:ee:53:3d:8c:ac:9c:f3:
         58:96:87:c7:4d:58:7e:51:52:a4:f2:31:47:5b:c7:01:f7:6c:
         ec:51:2f:67:dd:11:df:61:fc:fc:42:5e:03:65:a6:c8:40:fd:
         cd:61:ca:b9:e1:eb:7c:05:51:52:4d:64:e9:d9:df:42:2d:56:
         67:4b:17:93:80:2e:50:e1:2d:37:18:e8:e9:6d:a4:3c:7c:12:
         a0:13:f9:6a:f3:59:cf:17:46:b7:7f:f9:f8:aa:d9:4c:cb:85:
         39:fc:1f:98:6e:1e:d9:ec:60:83:78:f5:01:80:02:31:4f:49:
         21:1b:2b:bf:da:a1:0b:6f:75:97:8d:bd:35:e1:a9:67:f5:41:
         62:cb:5c:6f:4f:0e:86:a1:f4:ed:4e:22:37:37:2e:8e:15:49:
         f1:e1:38:a1:f3:ea:b4:0d:94:8b:b2:59:0e:53:d1:fa:09:bd:
         a7:a7:87:e5:a3:d9:d4:20:26:a0:43:68:7d:94:c5:37:ef:f9:
         b7:bc:75:59:71:21:16:92:62:1d:dc:74:20:0d:cd:59:f6:99:
         4f:77:03:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7wqHmWMCrNwOQ9zxj3had7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZWU2ZDFkMWVjY2FmOTc5OWJiZDVmMmI2ZGFjZTQ2ZDg2
ZGY0OGIwHhcNMjQwNDE4MTAwMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2FjNjdjZTM5YTdmNjc2MzYzZWQxODg4ZGFjYjc1OGE3Zjk4NjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NLvH3jyTcRst0z247iKhRvkZiUh
xux+RsDLCKE2W7o9Btq5piqgxVhHNFl0VpdGIXC11XNw9dhq+jiInqambPF1ktm0
Q+fKQiH82xoDjC6Vt0s/K302uAIdAC5rPzbsTh5A6Kx32aff49JNsUxK2XgrEKDD
NW1pf4U55X1DT2J5NX52jEDbAqtIyv3yDCCB3gCz2OdXgFcEezn/O+iDcxmqh3qD
/8zLmixgY1FTJNQgbO6H37t0j7kBXzbyqwyWs5hwhN5Qt1VTBoZdpbsPsvgTIenr
3DbDnAMzSk2rs1JDvMmlitIrNi5V7f4OYEJQoNfVtoY/05F58mlAeiPNawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFesZ845p/Z2Nj7RiI2st1in+YZrMB8GA1UdIwQY
MBaAFGPubR0ezK+XmbvV8rbazkbYbfSLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS01dEhSN01yNWVadTlYeXR0ck9SdGh0OUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZGMxZDktZWJhNC00MmM4LWIzZDYt
ZDFjNWYxYjUxZTE3LzEvVjZ4bnpqbW45blkyUHRHSWpheTNXS2Y1aG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZGMxZDktZWJhNC00MmM4LWIzZDYtZDFjNWYxYjUxZTE3
LzEvWS01dEhSN01yNWVadTlYeXR0ck9SdGh0OUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyujAwQA
sp8lMA0GCSqGSIb3DQEBCwUAA4IBAQAcwjyJw3jsB2U0vX3ShcvkJEzE8Z/Uov0r
6n9PJT2Dbw1RU7+NcRYZf78V+Jpx3+5TPYysnPNYlofHTVh+UVKk8jFHW8cB92zs
US9n3RHfYfz8Ql4DZabIQP3NYcq54et8BVFSTWTp2d9CLVZnSxeTgC5Q4S03GOjp
baQ8fBKgE/lq81nPF0a3f/n4qtlMy4U5/B+Ybh7Z7GCDePUBgAIxT0khGyu/2qEL
b3WXjb014aln9UFiy1xvTw6GofTtTiI3Ny6OFUnx4Tih8+q0DZSLslkOU9H6Cb2n
p4flo9nUICagQ2h9lMU37/m3vHVZcSEWkmId3HQgDc1Z9plPdwPl
-----END CERTIFICATE-----