Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/31hlAh9qyZZnwvlHxbZACb7HSI8.roa
File:                     31hlAh9qyZZnwvlHxbZACb7HSI8.roa (raw, json)
Hash identifier:          QVyVuw5jutmxbGO8rqcd705j/Jfizc5s1dG/k33Lzxs=
Subject key identifier:   DF:58:65:02:1F:6A:C9:96:67:C2:F9:47:C5:B6:40:09:BE:C7:48:8F
Certificate issuer:       /CN=6c499eea1f09d01122528d41754d37c5caa34ba7
Certificate serial:       018CC8DEAAFFC57BB38C53B70E8164E50DAA
Authority key identifier: 6C:49:9E:EA:1F:09:D0:11:22:52:8D:41:75:4D:37:C5:CA:A3:4B:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bEme6h8J0BEiUo1BdU03xcqjS6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/31hlAh9qyZZnwvlHxbZACb7HSI8.roa
Signing time:             Tue 02 Jan 2024 06:31:25 +0000
ROA not before:           Tue 02 Jan 2024 06:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59942
IP address blocks:        195.245.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/bEme6h8J0BEiUo1BdU03xcqjS6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/bEme6h8J0BEiUo1BdU03xcqjS6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bEme6h8J0BEiUo1BdU03xcqjS6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:aa:ff:c5:7b:b3:8c:53:b7:0e:81:64:e5:0d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c499eea1f09d01122528d41754d37c5caa34ba7
        Validity
            Not Before: Jan  2 06:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df5865021f6ac99667c2f947c5b64009bec7488f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:53:d1:50:1d:fa:18:47:4b:b3:b7:16:f3:3a:
                    17:03:f1:f6:f7:0b:28:a1:61:c1:57:69:e5:b9:16:
                    ba:51:a7:41:a5:84:be:00:c7:ee:17:52:15:a8:cf:
                    d6:2b:6c:87:3a:eb:5b:3a:5b:eb:66:06:a8:46:24:
                    b9:7b:5e:d0:45:b2:e4:1f:82:8c:af:a6:a6:bb:17:
                    b7:74:a8:f3:c9:c6:d2:84:50:29:88:bf:66:fc:e6:
                    25:01:ae:49:e6:05:84:5c:35:0b:b0:10:68:60:e0:
                    1c:56:01:a3:c6:dd:29:7e:85:5d:25:a5:08:96:dc:
                    01:8f:e7:40:cf:69:91:7f:62:56:53:ef:ad:fa:07:
                    e5:9e:bf:bd:1e:85:c5:2a:e8:3f:3e:f6:2a:55:80:
                    f3:10:52:b3:83:98:43:96:e9:b3:38:b5:a5:ca:0b:
                    ab:1e:a3:0a:5e:99:dd:0c:6a:93:9f:70:88:67:1c:
                    b2:88:8f:5f:04:b8:5c:04:35:95:d6:95:e7:c8:4a:
                    89:5f:5c:a1:79:be:8f:df:d2:1c:d4:27:6f:9e:43:
                    d3:a4:d2:2b:34:cc:85:b9:b7:b5:9a:33:86:1f:40:
                    27:9a:5f:91:bf:86:4e:bd:f1:7c:23:76:d5:ba:9f:
                    1a:ed:1c:e0:ef:07:65:1a:7d:9a:b5:42:7e:85:89:
                    40:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:58:65:02:1F:6A:C9:96:67:C2:F9:47:C5:B6:40:09:BE:C7:48:8F
            X509v3 Authority Key Identifier:
                keyid:6C:49:9E:EA:1F:09:D0:11:22:52:8D:41:75:4D:37:C5:CA:A3:4B:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bEme6h8J0BEiUo1BdU03xcqjS6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/31hlAh9qyZZnwvlHxbZACb7HSI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/bdeb27-3434-4254-8241-7fddd22202bf/1/bEme6h8J0BEiUo1BdU03xcqjS6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:de:af:67:b0:b1:13:10:a6:7b:83:61:66:56:06:67:f3:71:
         2a:97:a1:ae:50:c9:17:71:1d:22:c8:28:9c:cf:56:f7:dc:f7:
         86:0e:a9:9d:e4:98:c4:18:56:4e:0c:34:54:4c:66:11:71:64:
         d0:95:67:1a:0d:6b:c2:72:38:f1:96:3b:c0:1a:87:5a:23:6b:
         d7:9f:f8:c5:23:5d:ff:05:40:66:08:10:30:b8:85:ec:40:de:
         79:d4:70:b7:1b:95:c7:27:2d:af:9f:e6:ac:8c:19:a7:e1:90:
         e5:e4:0f:b3:af:f7:5d:84:ab:82:76:d4:d5:50:08:82:ce:2f:
         b1:8c:2c:8b:9a:ef:3a:c7:73:f8:1f:ae:4b:0d:0a:0d:2d:3b:
         b1:7e:db:d1:7e:a2:6f:ed:aa:12:b0:45:3c:88:00:60:7c:f6:
         ef:2c:bd:52:45:d2:87:af:5a:a4:2e:9e:69:90:df:74:ed:eb:
         52:4f:3d:fa:4b:ba:98:d7:b6:4c:ad:d9:eb:1e:a1:4f:d3:87:
         ba:b5:55:0d:2a:bb:8e:85:f9:4d:05:51:02:ca:0e:a4:7c:18:
         c8:d9:ae:b4:41:a7:2d:b6:01:bb:c5:6f:b6:86:42:a8:ba:b8:
         95:2b:55:6e:1a:b4:a3:04:3d:25:9e:64:9c:09:66:5a:9e:4d:
         ed:c5:1f:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qr/xXuzjFO3DoFk5Q2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNDk5ZWVhMWYwOWQwMTEyMjUyOGQ0MTc1NGQzN2M1Y2Fh
MzRiYTcwHhcNMjQwMTAyMDYzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjU4NjUwMjFmNmFjOTk2NjdjMmY5NDdjNWI2NDAwOWJlYzc0ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlPRUB36GEdLs7cW8zoXA/H29wso
oWHBV2nluRa6UadBpYS+AMfuF1IVqM/WK2yHOutbOlvrZgaoRiS5e17QRbLkH4KM
r6amuxe3dKjzycbShFApiL9m/OYlAa5J5gWEXDULsBBoYOAcVgGjxt0pfoVdJaUI
ltwBj+dAz2mRf2JWU++t+gflnr+9HoXFKug/PvYqVYDzEFKzg5hDlumzOLWlygur
HqMKXpndDGqTn3CIZxyyiI9fBLhcBDWV1pXnyEqJX1yheb6P39Ic1CdvnkPTpNIr
NMyFube1mjOGH0Anml+Rv4ZOvfF8I3bVup8a7Rzg7wdlGn2atUJ+hYlAMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9YZQIfasmWZ8L5R8W2QAm+x0iPMB8GA1UdIwQY
MBaAFGxJnuofCdARIlKNQXVNN8XKo0unMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkVtZTZoOEowQkVpVW8xQmRVMDN4Y3FqUzZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iZGViMjctMzQzNC00MjU0LTgyNDEt
N2ZkZGQyMjIwMmJmLzEvMzFobEFoOXF5Wlpud3ZsSHhiWkFDYjdIU0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iZGViMjctMzQzNC00MjU0LTgyNDEtN2ZkZGQyMjIwMmJm
LzEvYkVtZTZoOEowQkVpVW8xQmRVMDN4Y3FqUzZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XXMA0G
CSqGSIb3DQEBCwUAA4IBAQAo3q9nsLETEKZ7g2FmVgZn83Eql6GuUMkXcR0iyCic
z1b33PeGDqmd5JjEGFZODDRUTGYRcWTQlWcaDWvCcjjxljvAGodaI2vXn/jFI13/
BUBmCBAwuIXsQN551HC3G5XHJy2vn+asjBmn4ZDl5A+zr/ddhKuCdtTVUAiCzi+x
jCyLmu86x3P4H65LDQoNLTuxftvRfqJv7aoSsEU8iABgfPbvLL1SRdKHr1qkLp5p
kN907etSTz36S7qY17ZMrdnrHqFP04e6tVUNKruOhflNBVECyg6kfBjI2a60Qact
tgG7xW+2hkKouriVK1VuGrSjBD0lnmScCWZank3txR8b
-----END CERTIFICATE-----