Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/sdev-O2pnOPV1XiA2hWAxA3XoU8.roa
File:                     sdev-O2pnOPV1XiA2hWAxA3XoU8.roa (raw, json)
Hash identifier:          aKr5PRnCpNyZbwI1MaGFO4fGKXlkR+l6LILnZQp/h6k=
Subject key identifier:   B1:D7:AF:F8:ED:A9:9C:E3:D5:D5:78:80:DA:15:80:C4:0D:D7:A1:4F
Certificate issuer:       /CN=821f1285d775a9f589243eac844adc5ab89d97c9
Certificate serial:       018CC3B715B8F8D32A5441EC500F59465304
Authority key identifier: 82:1F:12:85:D7:75:A9:F5:89:24:3E:AC:84:4A:DC:5A:B8:9D:97:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/sdev-O2pnOPV1XiA2hWAxA3XoU8.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202062
IP address blocks:        193.31.16.0/23 maxlen: 23
                          193.31.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:15:b8:f8:d3:2a:54:41:ec:50:0f:59:46:53:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821f1285d775a9f589243eac844adc5ab89d97c9
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1d7aff8eda99ce3d5d57880da1580c40dd7a14f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d2:1d:e0:eb:29:ca:6b:6e:b0:16:6f:85:05:
                    93:6c:81:7f:2c:e3:25:9e:de:24:b4:2c:5a:1a:dd:
                    d9:23:5d:26:87:7f:5e:9f:57:d5:bd:d1:67:95:53:
                    5f:6e:ff:e3:e7:c0:63:1d:98:51:b7:1f:57:de:b1:
                    0b:fd:75:10:b2:83:65:34:2e:bf:3e:54:ad:90:97:
                    2b:b2:2d:6c:23:ef:2d:23:be:fc:d5:db:8e:9a:38:
                    6a:fe:76:1c:08:a3:93:29:38:d5:00:0b:c4:10:da:
                    ce:cc:cf:11:88:13:8c:59:19:2b:9e:39:49:e9:77:
                    6f:23:97:59:b9:84:4d:17:54:3b:a3:f5:09:c1:7c:
                    ff:84:4a:47:a6:07:2f:b9:67:a6:3e:21:80:36:f3:
                    1e:30:08:0e:77:83:33:ac:39:f2:58:ca:85:2d:d3:
                    4d:71:3f:c0:eb:08:6b:a6:87:de:a8:f6:f5:31:54:
                    05:06:38:03:3e:3d:d3:62:28:63:01:0f:c8:86:c1:
                    5f:e6:aa:f3:5b:bd:9d:f5:79:00:53:a5:db:16:77:
                    1e:09:ba:37:1a:dd:4b:cc:31:78:b4:8b:e2:f9:e7:
                    93:04:3c:d6:4d:20:91:9a:b6:85:0a:95:c0:d9:95:
                    06:cc:06:80:ab:07:96:85:6e:d5:94:78:4b:5e:7c:
                    01:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D7:AF:F8:ED:A9:9C:E3:D5:D5:78:80:DA:15:80:C4:0D:D7:A1:4F
            X509v3 Authority Key Identifier:
                keyid:82:1F:12:85:D7:75:A9:F5:89:24:3E:AC:84:4A:DC:5A:B8:9D:97:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/sdev-O2pnOPV1XiA2hWAxA3XoU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.16.0/23
                  193.31.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:08:5f:4d:b2:73:3f:b3:19:12:25:0d:ad:31:92:3a:e5:59:
         a4:66:7b:5f:de:25:e4:97:19:d7:08:57:ca:7a:d5:fb:fb:78:
         e0:69:54:57:3a:4a:6e:92:6e:d2:13:5e:2f:8b:7f:ef:44:52:
         e6:10:4b:ae:da:20:d8:d9:de:9c:99:14:dc:df:68:af:8a:52:
         3e:f4:ae:40:21:4f:20:6c:b6:94:05:f4:f3:d1:74:8a:f2:b8:
         47:23:60:60:f9:68:79:58:cb:27:ea:7d:19:70:0b:02:ba:01:
         12:1a:47:b6:61:3c:e6:d8:f8:c7:48:fa:71:34:76:8e:a9:96:
         d0:94:e0:b2:fe:6e:4b:c1:eb:5b:fa:e8:79:19:79:9a:1b:dc:
         ce:28:41:3f:52:3e:ed:ca:7a:6e:90:1f:95:eb:02:60:ea:45:
         d3:3c:cb:9b:0d:07:b3:07:e8:d5:17:95:63:90:aa:f2:a4:43:
         e9:da:de:86:83:9b:45:50:36:30:af:c4:fb:1b:d0:bd:98:3a:
         85:7f:de:3e:b6:07:e9:d0:eb:82:e4:a1:ae:c6:9b:63:a1:3c:
         9a:3d:33:9d:69:a4:9e:f7:84:5d:f3:8b:8f:a5:be:63:d7:2c:
         e6:a3:09:1a:3d:bb:8c:cd:9c:8f:ff:44:7b:7a:04:86:b0:23:
         fb:58:f3:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtxW4+NMqVEHsUA9ZRlMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWYxMjg1ZDc3NWE5ZjU4OTI0M2VhYzg0NGFkYzVhYjg5
ZDk3YzkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ3YWZmOGVkYTk5Y2UzZDVkNTc4ODBkYTE1ODBjNDBkZDdhMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNId4OspymtusBZvhQWTbIF/LOMl
nt4ktCxaGt3ZI10mh39en1fVvdFnlVNfbv/j58BjHZhRtx9X3rEL/XUQsoNlNC6/
PlStkJcrsi1sI+8tI7781duOmjhq/nYcCKOTKTjVAAvEENrOzM8RiBOMWRkrnjlJ
6XdvI5dZuYRNF1Q7o/UJwXz/hEpHpgcvuWemPiGANvMeMAgOd4MzrDnyWMqFLdNN
cT/A6whrpofeqPb1MVQFBjgDPj3TYihjAQ/IhsFf5qrzW72d9XkAU6XbFnceCbo3
Gt1LzDF4tIvi+eeTBDzWTSCRmraFCpXA2ZUGzAaAqweWhW7VlHhLXnwBSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHXr/jtqZzj1dV4gNoVgMQN16FPMB8GA1UdIwQY
MBaAFIIfEoXXdan1iSQ+rIRK3Fq4nZfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2g4U2hkZDFxZldKSkQ2c2hFcmNXcmlkbDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xN2Q4MWQtMTczZC00NDg2LTk1NWQt
NDhlZWE4ZDVmZWYxLzEvc2Rldi1PMnBuT1BWMVhpQTJoV0F4QTNYb1U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xN2Q4MWQtMTczZC00NDg2LTk1NWQtNDhlZWE4ZDVmZWYx
LzEvZ2g4U2hkZDFxZldKSkQ2c2hFcmNXcmlkbDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwR8QAwQB
wR/+MA0GCSqGSIb3DQEBCwUAA4IBAQCJCF9NsnM/sxkSJQ2tMZI65VmkZntf3iXk
lxnXCFfKetX7+3jgaVRXOkpukm7SE14vi3/vRFLmEEuu2iDY2d6cmRTc32ivilI+
9K5AIU8gbLaUBfTz0XSK8rhHI2Bg+Wh5WMsn6n0ZcAsCugESGke2YTzm2PjHSPpx
NHaOqZbQlOCy/m5Lwetb+uh5GXmaG9zOKEE/Uj7tynpukB+V6wJg6kXTPMubDQez
B+jVF5VjkKrypEPp2t6Gg5tFUDYwr8T7G9C9mDqFf94+tgfp0OuC5KGuxptjoTya
PTOdaaSe94Rd84uPpb5j1yzmowkaPbuMzZyP/0R7egSGsCP7WPOu
-----END CERTIFICATE-----