Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/BlPl9tMqzpyPmk5KgzzeKug8IMA.roa
File:                     BlPl9tMqzpyPmk5KgzzeKug8IMA.roa (raw, json)
Hash identifier:          ojy6HpVcW5GTs7IUBgIM8sLwSOUbMlfXdTji+WHjM40=
Subject key identifier:   06:53:E5:F6:D3:2A:CE:9C:8F:9A:4E:4A:83:3C:DE:2A:E8:3C:20:C0
Certificate issuer:       /CN=a93f3231c787f71dd2484ee002da73a7175bd249
Certificate serial:       018CC7270C8CF44636585A84805E86106E63
Authority key identifier: A9:3F:32:31:C7:87:F7:1D:D2:48:4E:E0:02:DA:73:A7:17:5B:D2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qT8yMceH9x3SSE7gAtpzpxdb0kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/BlPl9tMqzpyPmk5KgzzeKug8IMA.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209620
IP address blocks:        78.31.196.0/22 maxlen: 24
                          2a06:6880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/qT8yMceH9x3SSE7gAtpzpxdb0kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/qT8yMceH9x3SSE7gAtpzpxdb0kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qT8yMceH9x3SSE7gAtpzpxdb0kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0c:8c:f4:46:36:58:5a:84:80:5e:86:10:6e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a93f3231c787f71dd2484ee002da73a7175bd249
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0653e5f6d32ace9c8f9a4e4a833cde2ae83c20c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5d:70:7c:84:73:be:ee:cc:9f:14:83:44:0f:
                    d5:49:02:4a:6f:02:40:e4:5d:9b:91:d4:a1:c4:9e:
                    8c:c4:db:29:03:d0:8e:84:4c:4b:f7:bc:dc:a4:48:
                    1b:4b:78:fd:9b:e4:d3:7a:f5:67:88:49:16:89:a8:
                    28:1f:9c:fb:95:96:00:56:33:27:1d:25:2f:5e:b6:
                    d7:c9:68:40:95:5a:6d:67:97:25:8a:31:5c:f4:8c:
                    d7:33:c3:34:b2:58:45:b0:89:df:06:91:4d:83:8c:
                    14:1a:db:42:07:6d:32:eb:1c:69:6d:81:ee:c7:02:
                    74:81:84:75:a2:1c:dc:16:b5:85:81:4e:ee:6b:f8:
                    70:b8:be:e4:b4:b6:b5:f8:4a:e1:f0:de:e7:40:6b:
                    f2:8d:79:0b:34:e0:8b:63:ee:ac:62:0f:29:e3:60:
                    5a:44:65:29:8f:14:4e:01:dc:0a:52:b5:b4:db:60:
                    12:d9:e6:e8:67:b3:b2:c0:fd:93:3a:e7:d9:e9:53:
                    da:a2:68:12:f3:25:9a:28:bd:f2:bd:e5:b9:a2:78:
                    fc:5b:5c:06:8c:e8:ae:42:ca:ce:c6:0c:60:96:58:
                    1d:47:e7:04:08:e5:5b:3f:9c:b3:db:cb:54:c5:10:
                    f5:ba:47:b1:b3:04:87:20:94:3c:c4:43:c7:9e:b3:
                    cb:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:53:E5:F6:D3:2A:CE:9C:8F:9A:4E:4A:83:3C:DE:2A:E8:3C:20:C0
            X509v3 Authority Key Identifier:
                keyid:A9:3F:32:31:C7:87:F7:1D:D2:48:4E:E0:02:DA:73:A7:17:5B:D2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qT8yMceH9x3SSE7gAtpzpxdb0kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/BlPl9tMqzpyPmk5KgzzeKug8IMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4dc795-8956-4408-a5cc-b54bcae17d40/1/qT8yMceH9x3SSE7gAtpzpxdb0kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.196.0/22
                IPv6:
                  2a06:6880::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:cc:77:d3:78:1f:1c:76:a8:2a:10:69:cf:5c:49:1e:75:6f:
         64:aa:4f:3d:c1:fe:50:a4:5f:72:a5:42:28:44:82:4b:93:9e:
         90:1a:0d:6b:ef:e4:6a:a6:e1:2b:6e:43:61:50:86:33:6e:73:
         82:a2:58:5e:9e:b2:d6:3e:5b:bb:03:5b:92:9a:18:5e:82:45:
         6e:4e:fb:62:8e:4f:92:c9:87:77:1b:aa:70:d6:2c:dc:7f:56:
         0f:61:67:d0:37:74:15:3c:7e:74:25:bd:d2:97:1c:e9:10:d9:
         b8:34:21:c7:40:12:dc:a7:04:52:24:29:74:2e:1b:df:e8:6b:
         70:27:01:28:d0:a8:02:ea:78:ea:0a:56:b0:5f:fd:1e:cb:92:
         e5:2a:7b:34:a3:39:2f:2d:7d:a6:99:71:9a:f8:f7:55:c3:0a:
         38:b4:e9:19:5d:42:06:fd:43:aa:4e:b8:69:40:7e:6d:16:e0:
         10:0e:6e:78:7f:89:e7:23:22:4b:0b:82:24:a3:da:53:c9:7a:
         31:4a:e0:71:0f:0b:45:08:ff:ad:9f:21:96:89:f9:00:12:02:
         a8:f5:c5:dc:fa:b6:c5:cd:a8:c1:04:b4:1e:69:02:fc:e0:67:
         e8:e0:0c:f0:6d:6e:e9:31:1c:bb:e9:49:97:ad:96:02:f6:55:
         4f:a1:cc:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJwyM9EY2WFqEgF6GEG5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5M2YzMjMxYzc4N2Y3MWRkMjQ4NGVlMDAyZGE3M2E3MTc1
YmQyNDkwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjUzZTVmNmQzMmFjZTljOGY5YTRlNGE4MzNjZGUyYWU4M2MyMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh11wfIRzvu7MnxSDRA/VSQJKbwJA
5F2bkdShxJ6MxNspA9COhExL97zcpEgbS3j9m+TTevVniEkWiagoH5z7lZYAVjMn
HSUvXrbXyWhAlVptZ5clijFc9IzXM8M0slhFsInfBpFNg4wUGttCB20y6xxpbYHu
xwJ0gYR1ohzcFrWFgU7ua/hwuL7ktLa1+Erh8N7nQGvyjXkLNOCLY+6sYg8p42Ba
RGUpjxROAdwKUrW022AS2eboZ7OywP2TOufZ6VPaomgS8yWaKL3yveW5onj8W1wG
jOiuQsrOxgxgllgdR+cECOVbP5yz28tUxRD1ukexswSHIJQ8xEPHnrPLjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAZT5fbTKs6cj5pOSoM83iroPCDAMB8GA1UdIwQY
MBaAFKk/MjHHh/cd0khO4ALac6cXW9JJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVQ4eU1jZUg5eDNTU0U3Z0F0cHpweGRiMGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80ZGM3OTUtODk1Ni00NDA4LWE1Y2Mt
YjU0YmNhZTE3ZDQwLzEvQmxQbDl0TXF6cHlQbWs1S2d6emVLdWc4SU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80ZGM3OTUtODk1Ni00NDA4LWE1Y2MtYjU0YmNhZTE3ZDQw
LzEvcVQ4eU1jZUg5eDNTU0U3Z0F0cHpweGRiMGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCTh/EMA0E
AgACMAcDBQMqBmiAMA0GCSqGSIb3DQEBCwUAA4IBAQAJzHfTeB8cdqgqEGnPXEke
dW9kqk89wf5QpF9ypUIoRIJLk56QGg1r7+RqpuErbkNhUIYzbnOColhenrLWPlu7
A1uSmhhegkVuTvtijk+SyYd3G6pw1izcf1YPYWfQN3QVPH50Jb3SlxzpENm4NCHH
QBLcpwRSJCl0Lhvf6GtwJwEo0KgC6njqClawX/0ey5LlKns0ozkvLX2mmXGa+PdV
wwo4tOkZXUIG/UOqTrhpQH5tFuAQDm54f4nnIyJLC4Iko9pTyXoxSuBxDwtFCP+t
nyGWifkAEgKo9cXc+rbFzajBBLQeaQL84Gfo4AzwbW7pMRy76UmXrZYC9lVPocw5
-----END CERTIFICATE-----