Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/yT08aq9g8gr_7uJbAjMzISILEFQ.roa
File:                     yT08aq9g8gr_7uJbAjMzISILEFQ.roa (raw, json)
Hash identifier:          agdJwkdFCKZjIsDgSFTQHzgV7ndbDKUmqQK/MrjXQ/Y=
Subject key identifier:   C9:3D:3C:6A:AF:60:F2:0A:FF:EE:E2:5B:02:33:33:21:22:0B:10:54
Certificate issuer:       /CN=821f1285d775a9f589243eac844adc5ab89d97c9
Certificate serial:       018CC3B71537FF7A06C8144003BF14B97497
Authority key identifier: 82:1F:12:85:D7:75:A9:F5:89:24:3E:AC:84:4A:DC:5A:B8:9D:97:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/yT08aq9g8gr_7uJbAjMzISILEFQ.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        193.31.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:15:37:ff:7a:06:c8:14:40:03:bf:14:b9:74:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821f1285d775a9f589243eac844adc5ab89d97c9
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c93d3c6aaf60f20affeee25b02333321220b1054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:69:01:92:62:1a:d0:cf:67:18:a4:9d:da:03:
                    1b:a7:bd:57:b4:0c:fd:11:27:05:bf:c7:f3:01:5c:
                    b9:43:60:ae:76:0d:38:3a:e8:60:12:49:01:58:03:
                    c4:e6:67:54:26:fb:d8:11:34:01:da:ee:0f:b5:75:
                    63:97:1d:04:6d:87:f6:f1:9f:47:17:e8:3e:2a:06:
                    50:89:97:04:da:ef:74:68:55:a2:7a:c5:66:51:c0:
                    08:28:ff:e5:56:7c:4a:c1:db:8b:e7:03:12:2e:31:
                    f4:b0:2a:20:47:a5:e3:64:d4:53:24:90:77:28:3c:
                    7b:8b:fb:76:51:12:40:89:47:85:f9:4f:89:f3:e2:
                    d3:d7:ae:94:e0:5d:5d:37:03:d6:d9:f2:9d:6b:65:
                    8f:b6:10:f5:8e:e5:28:8e:55:02:da:5f:40:56:9a:
                    a8:dc:50:73:e4:f0:aa:f7:62:fd:84:f3:0b:dd:6d:
                    87:a5:46:7d:13:ce:f7:c3:92:4e:36:c2:a7:93:f3:
                    19:02:29:73:0d:79:9d:62:c6:d1:05:d4:df:8e:32:
                    87:5b:8f:e1:60:09:fb:a1:55:5f:84:c1:89:eb:20:
                    88:1b:48:10:04:3f:b3:3e:ef:c4:12:32:79:06:c7:
                    f5:f6:98:04:2e:75:15:ac:82:a7:27:cd:77:6d:e8:
                    c2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3D:3C:6A:AF:60:F2:0A:FF:EE:E2:5B:02:33:33:21:22:0B:10:54
            X509v3 Authority Key Identifier:
                keyid:82:1F:12:85:D7:75:A9:F5:89:24:3E:AC:84:4A:DC:5A:B8:9D:97:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gh8Shdd1qfWJJD6shErcWridl8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/yT08aq9g8gr_7uJbAjMzISILEFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/17d81d-173d-4486-955d-48eea8d5fef1/1/gh8Shdd1qfWJJD6shErcWridl8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:0a:d2:05:b3:22:b5:3b:01:fb:1a:41:27:f4:0d:99:21:ec:
         6d:00:bd:55:44:9c:9a:f4:cc:40:0e:53:ce:d8:09:98:72:79:
         1e:94:ce:fd:bc:69:da:d5:91:d6:c4:cc:8d:3f:14:c1:78:40:
         06:71:8c:e2:2c:c6:36:c7:d1:e4:8b:d1:06:a7:06:b2:52:42:
         16:52:43:28:c2:69:d6:c2:0a:a9:4d:86:4b:20:73:86:bf:44:
         1d:16:a7:02:a0:2d:5d:7b:99:8e:c2:61:35:e4:4d:3d:50:c2:
         b8:34:3b:a1:4c:51:a0:ae:ab:be:e8:ad:19:0c:e2:1c:78:c7:
         44:d5:b3:96:4b:cb:53:0e:c1:ed:5c:06:e6:4e:a7:0c:13:4f:
         57:cd:ed:f9:0e:1f:5b:c0:cb:e8:a6:3c:11:e3:8b:3e:86:69:
         fe:66:f2:28:20:df:c7:83:9c:8d:55:6d:2a:61:bb:1c:c6:8f:
         28:ae:77:27:85:ae:3a:80:63:0c:6f:6c:48:c9:4f:da:00:90:
         51:d0:a8:86:59:d0:9e:e7:1a:cc:6e:48:78:b1:1a:25:ef:12:
         f4:04:60:0c:f3:c4:96:c5:02:3a:bd:54:6e:31:23:6c:d1:46:
         0a:33:58:2f:53:b3:51:06:8d:b4:c6:6e:29:95:64:73:1c:b6:
         d9:e6:00:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxU3/3oGyBRAA78UuXSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWYxMjg1ZDc3NWE5ZjU4OTI0M2VhYzg0NGFkYzVhYjg5
ZDk3YzkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNkM2M2YWFmNjBmMjBhZmZlZWUyNWIwMjMzMzMyMTIyMGIxMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mkBkmIa0M9nGKSd2gMbp71XtAz9
EScFv8fzAVy5Q2Cudg04OuhgEkkBWAPE5mdUJvvYETQB2u4PtXVjlx0EbYf28Z9H
F+g+KgZQiZcE2u90aFWiesVmUcAIKP/lVnxKwduL5wMSLjH0sCogR6XjZNRTJJB3
KDx7i/t2URJAiUeF+U+J8+LT166U4F1dNwPW2fKda2WPthD1juUojlUC2l9AVpqo
3FBz5PCq92L9hPML3W2HpUZ9E873w5JONsKnk/MZAilzDXmdYsbRBdTfjjKHW4/h
YAn7oVVfhMGJ6yCIG0gQBD+zPu/EEjJ5Bsf19pgELnUVrIKnJ813bejCaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk9PGqvYPIK/+7iWwIzMyEiCxBUMB8GA1UdIwQY
MBaAFIIfEoXXdan1iSQ+rIRK3Fq4nZfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2g4U2hkZDFxZldKSkQ2c2hFcmNXcmlkbDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xN2Q4MWQtMTczZC00NDg2LTk1NWQt
NDhlZWE4ZDVmZWYxLzEveVQwOGFxOWc4Z3JfN3VKYkFqTXpJU0lMRUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xN2Q4MWQtMTczZC00NDg2LTk1NWQtNDhlZWE4ZDVmZWYx
LzEvZ2g4U2hkZDFxZldKSkQ2c2hFcmNXcmlkbDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8QMA0G
CSqGSIb3DQEBCwUAA4IBAQBpCtIFsyK1OwH7GkEn9A2ZIextAL1VRJya9MxADlPO
2AmYcnkelM79vGna1ZHWxMyNPxTBeEAGcYziLMY2x9Hki9EGpwayUkIWUkMowmnW
wgqpTYZLIHOGv0QdFqcCoC1de5mOwmE15E09UMK4NDuhTFGgrqu+6K0ZDOIceMdE
1bOWS8tTDsHtXAbmTqcME09Xze35Dh9bwMvopjwR44s+hmn+ZvIoIN/Hg5yNVW0q
Ybscxo8orncnha46gGMMb2xIyU/aAJBR0KiGWdCe5xrMbkh4sRol7xL0BGAM88SW
xQI6vVRuMSNs0UYKM1gvU7NRBo20xm4plWRzHLbZ5gBt
-----END CERTIFICATE-----