Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9K3pwy3cmW50uYEUGLyxI49Fq30.roa
File:                     9K3pwy3cmW50uYEUGLyxI49Fq30.roa (raw, json)
Hash identifier:          Jou0pXDiaekjQh4aamugTMK29O9svAZjD4ibu3k6aUk=
Subject key identifier:   F4:AD:E9:C3:2D:DC:99:6E:74:B9:81:14:18:BC:B1:23:8F:45:AB:7D
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB487A6C4F6E7468B6D6EF1355E57
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9K3pwy3cmW50uYEUGLyxI49Fq30.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48920
IP address blocks:        193.23.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b4:87:a6:c4:f6:e7:46:8b:6d:6e:f1:35:5e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4ade9c32ddc996e74b9811418bcb1238f45ab7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:84:67:e5:30:7d:b5:75:27:bd:7f:39:a3:df:
                    ed:f2:4b:09:a7:86:76:2f:10:6d:71:aa:82:c7:89:
                    86:12:93:bf:4e:e8:0a:cb:d8:ab:6b:0e:ac:59:da:
                    1e:e1:dc:a4:96:03:2a:c9:c7:58:7e:f6:ff:2d:f4:
                    17:f4:1e:93:e2:2e:55:e0:b6:3a:b9:11:f8:5a:1a:
                    9d:0a:f0:0d:92:b4:2c:c7:53:9d:ed:ab:58:13:12:
                    ed:16:14:29:f3:ba:ba:4b:1c:07:7c:5b:c9:06:78:
                    02:04:57:78:24:c2:ed:60:a6:36:29:2c:fd:af:c9:
                    f7:cf:fd:52:4e:c6:7d:2e:00:b6:8d:01:13:df:f4:
                    99:fa:e1:c0:3f:6d:83:03:f0:8b:1f:be:c0:fa:e9:
                    67:63:f1:30:9d:ec:e7:49:40:37:44:20:25:be:6f:
                    89:3e:4c:d2:f5:d8:ac:12:ac:9e:9a:92:00:a4:39:
                    98:c8:44:03:0f:6b:f3:ed:c9:84:e0:e4:59:e9:c4:
                    c1:98:bb:e2:30:61:dc:56:1a:7e:bd:2b:4b:8d:e9:
                    71:e1:3f:b7:e1:c5:57:2f:19:1d:7d:96:f7:05:36:
                    d6:f8:06:87:9d:d2:b1:90:95:77:35:cb:1d:22:90:
                    08:7f:9f:ef:5b:c8:cf:8c:3b:ce:18:4b:1b:4d:36:
                    3f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AD:E9:C3:2D:DC:99:6E:74:B9:81:14:18:BC:B1:23:8F:45:AB:7D
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9K3pwy3cmW50uYEUGLyxI49Fq30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:bd:ea:f6:ad:14:90:d4:ef:f3:d1:e5:98:fc:39:41:49:
         f4:cb:76:ba:4d:ae:67:cb:8c:83:ee:d5:37:51:9d:6e:5e:ff:
         5d:0c:e0:73:9b:b1:2b:ed:35:a8:fa:8a:f9:bd:63:c4:08:88:
         a9:37:68:6b:4c:3b:0f:9b:18:d9:f7:70:aa:99:ac:a3:32:54:
         ab:57:ce:54:fa:82:3e:6a:ca:12:79:2f:70:01:98:bd:00:e9:
         8f:ef:1d:f2:95:cc:27:33:99:e6:96:c9:50:5c:99:de:62:71:
         d7:fc:f4:bc:4d:cc:b5:42:22:9b:89:09:c6:d2:70:93:ff:dc:
         d3:27:bc:cd:4c:95:d3:ff:a7:8c:36:12:9b:35:8f:01:5e:34:
         5c:b1:0f:68:e8:5d:80:00:47:98:f6:a3:6f:6f:fa:91:d5:2c:
         e3:4a:4e:5a:cd:93:41:a7:22:26:8e:91:2e:9b:b0:69:ef:cb:
         3a:45:9e:a7:a7:3e:ac:9d:67:90:5c:6b:83:1d:61:5e:e5:ea:
         a3:d1:41:30:24:a8:91:75:43:ab:4d:73:37:8f:20:50:de:a0:
         36:e1:4b:0a:44:bb:80:95:06:6b:9b:19:3a:c5:e7:5a:b8:a9:
         c2:78:49:52:5b:68:39:86:4c:d7:7e:23:58:80:6d:82:0f:f0:
         fb:6e:e5:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7SHpsT250aLbW7xNV5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFkZTljMzJkZGM5OTZlNzRiOTgxMTQxOGJjYjEyMzhmNDVhYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4Rn5TB9tXUnvX85o9/t8ksJp4Z2
LxBtcaqCx4mGEpO/TugKy9iraw6sWdoe4dyklgMqycdYfvb/LfQX9B6T4i5V4LY6
uRH4WhqdCvANkrQsx1Od7atYExLtFhQp87q6SxwHfFvJBngCBFd4JMLtYKY2KSz9
r8n3z/1STsZ9LgC2jQET3/SZ+uHAP22DA/CLH77A+ulnY/EwneznSUA3RCAlvm+J
PkzS9disEqyempIApDmYyEQDD2vz7cmE4ORZ6cTBmLviMGHcVhp+vStLjelx4T+3
4cVXLxkdfZb3BTbW+AaHndKxkJV3NcsdIpAIf5/vW8jPjDvOGEsbTTY/fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSt6cMt3JludLmBFBi8sSOPRat9MB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvOUszcHd5M2NtVzUwdVlFVUdMeXhJNDlGcTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBS3b3q9q0UkNTv89HlmPw5QUn0y3a6Ta5ny4yD7tU3
UZ1uXv9dDOBzm7Er7TWo+or5vWPECIipN2hrTDsPmxjZ93CqmayjMlSrV85U+oI+
asoSeS9wAZi9AOmP7x3ylcwnM5nmlslQXJneYnHX/PS8Tcy1QiKbiQnG0nCT/9zT
J7zNTJXT/6eMNhKbNY8BXjRcsQ9o6F2AAEeY9qNvb/qR1SzjSk5azZNBpyImjpEu
m7Bp78s6RZ6npz6snWeQXGuDHWFe5eqj0UEwJKiRdUOrTXM3jyBQ3qA24UsKRLuA
lQZrmxk6xedauKnCeElSW2g5hkzXfiNYgG2CD/D7buWU
-----END CERTIFICATE-----