Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nY7wosVXcOg8aZlJzaLuJHLx14A.roa
File:                     nY7wosVXcOg8aZlJzaLuJHLx14A.roa (raw, json)
Hash identifier:          D/AdXbUYwGLJkSCAiInhZGsni2lgNcMOMGs25F/RTJc=
Subject key identifier:   9D:8E:F0:A2:C5:57:70:E8:3C:69:99:49:CD:A2:EE:24:72:F1:D7:80
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E104A22520B2DA3FF84C1166AE6BA
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nY7wosVXcOg8aZlJzaLuJHLx14A.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51621
IP address blocks:        185.71.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:10:4a:22:52:0b:2d:a3:ff:84:c1:16:6a:e6:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d8ef0a2c55770e83c699949cda2ee2472f1d780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:38:bf:f1:3b:af:6d:0e:06:b3:3c:68:5f:f8:
                    91:83:ee:07:8a:2f:b2:f5:d8:3f:16:09:3c:97:89:
                    02:63:61:a8:d2:ad:df:3a:d7:1b:23:80:6e:2a:7e:
                    43:2a:fb:7d:41:ec:77:7f:3a:22:0f:c6:76:e5:83:
                    a3:a1:46:ea:a2:33:1e:25:8e:e0:4d:bc:ea:45:ca:
                    dd:9b:32:6e:65:c3:8e:12:7f:c7:0a:82:c4:0c:7a:
                    bf:19:d0:35:fd:9f:43:ce:98:9a:7a:a1:eb:44:5f:
                    c0:36:f3:96:59:f8:66:d7:e5:b8:8e:1b:7a:7a:75:
                    19:8d:fe:7a:88:5c:5b:49:d5:bb:86:7c:e7:97:ae:
                    60:9f:8f:fb:de:1c:66:dd:09:48:2b:60:12:07:ec:
                    58:11:43:e2:7f:03:e1:8b:bc:7a:77:cf:91:12:03:
                    94:7a:3c:a7:b7:2d:b5:bb:00:fd:dc:36:81:7b:4f:
                    75:a5:2c:5d:a7:85:ac:74:18:94:bc:28:25:64:e6:
                    24:8e:8a:ea:e1:83:1a:e8:ed:9a:0f:0f:f8:d0:fb:
                    76:8b:e7:6f:b7:e1:44:d6:f6:44:73:9f:25:1d:19:
                    c0:b5:06:f3:80:67:bf:4c:56:20:54:eb:11:2c:d4:
                    c9:96:6f:80:8f:3d:cb:24:77:15:dd:09:a8:2f:4e:
                    bb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8E:F0:A2:C5:57:70:E8:3C:69:99:49:CD:A2:EE:24:72:F1:D7:80
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nY7wosVXcOg8aZlJzaLuJHLx14A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:93:d6:43:51:31:24:61:39:24:fe:a6:5c:8e:84:30:1a:2c:
         3d:1c:2b:30:d3:93:af:0b:84:b4:3c:52:78:92:cc:0c:6f:c7:
         43:33:6c:15:e4:63:27:e3:99:41:21:c1:7d:b7:67:44:3c:60:
         91:b1:5b:0e:6b:33:37:da:42:d5:49:2c:ce:e9:89:07:de:a0:
         c0:11:18:b5:33:00:55:34:a4:dd:2f:e6:15:e2:cd:e1:ce:a2:
         ce:de:3c:33:32:95:97:6c:b4:db:ab:0f:0a:4e:6c:f8:c0:90:
         58:87:12:51:43:4e:96:12:ca:6b:93:05:7d:c2:c8:45:2d:be:
         db:96:1c:bb:e0:1b:50:ee:99:c6:b6:38:56:be:37:e8:2b:be:
         63:97:fa:5c:e5:66:2a:cd:ab:9c:82:d0:7a:25:63:14:13:c2:
         39:34:16:e0:62:7d:14:0b:9f:a0:ad:18:2f:d0:78:e4:3e:93:
         de:74:fa:e2:36:e6:d2:0e:f4:b1:a9:82:4a:e0:2b:8b:0f:6f:
         94:77:a2:f2:d4:21:ea:da:9a:88:ef:3a:0e:e3:a4:fa:df:3f:
         08:d5:51:6b:bb:a6:2f:cc:f0:00:4f:61:fb:fc:6a:79:ac:37:
         c4:8b:77:1b:ba:bc:90:02:f0:55:8b:b6:cd:10:37:bb:63:46:
         8c:21:c8:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhBKIlILLaP/hMEWaua6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhlZjBhMmM1NTc3MGU4M2M2OTk5NDljZGEyZWUyNDcyZjFkNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzi/8TuvbQ4GszxoX/iRg+4Hii+y
9dg/Fgk8l4kCY2Go0q3fOtcbI4BuKn5DKvt9Qex3fzoiD8Z25YOjoUbqojMeJY7g
TbzqRcrdmzJuZcOOEn/HCoLEDHq/GdA1/Z9DzpiaeqHrRF/ANvOWWfhm1+W4jht6
enUZjf56iFxbSdW7hnznl65gn4/73hxm3QlIK2ASB+xYEUPifwPhi7x6d8+REgOU
ejynty21uwD93DaBe091pSxdp4WsdBiUvCglZOYkjorq4YMa6O2aDw/40Pt2i+dv
t+FE1vZEc58lHRnAtQbzgGe/TFYgVOsRLNTJlm+Ajz3LJHcV3QmoL067MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2O8KLFV3DoPGmZSc2i7iRy8deAMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvblk3d29zVlhjT2c4YVpsSnphTHVKSEx4MTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBDk9ZDUTEkYTkk/qZcjoQwGiw9HCsw05OvC4S0PFJ4
kswMb8dDM2wV5GMn45lBIcF9t2dEPGCRsVsOazM32kLVSSzO6YkH3qDAERi1MwBV
NKTdL+YV4s3hzqLO3jwzMpWXbLTbqw8KTmz4wJBYhxJRQ06WEsprkwV9wshFLb7b
lhy74BtQ7pnGtjhWvjfoK75jl/pc5WYqzaucgtB6JWMUE8I5NBbgYn0UC5+grRgv
0HjkPpPedPriNubSDvSxqYJK4CuLD2+Ud6Ly1CHq2pqI7zoO46T63z8I1VFru6Yv
zPAAT2H7/Gp5rDfEi3cburyQAvBVi7bNEDe7Y0aMIcga
-----END CERTIFICATE-----