Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/TsLKSime8MU1Smh8H7c8YadRt9k.roa
File:                     TsLKSime8MU1Smh8H7c8YadRt9k.roa (raw, json)
Hash identifier:          ijo53mYgJ+K+kt7iH0CRasOnZHhbRBYgdCds1hlAKFU=
Subject key identifier:   4E:C2:CA:4A:29:9E:F0:C5:35:4A:68:7C:1F:B7:3C:61:A7:51:B7:D9
Certificate issuer:       /CN=4e15df688c3aeae3f685ed44b396c2198395861d
Certificate serial:       018E1CE2FB52FC446FA8C0F83FC8E215112B
Authority key identifier: 4E:15:DF:68:8C:3A:EA:E3:F6:85:ED:44:B3:96:C2:19:83:95:86:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/TsLKSime8MU1Smh8H7c8YadRt9k.roa
Signing time:             Fri 08 Mar 2024 07:07:01 +0000
ROA not before:           Fri 08 Mar 2024 07:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8374
IP address blocks:        31.6.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1c:e2:fb:52:fc:44:6f:a8:c0:f8:3f:c8:e2:15:11:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e15df688c3aeae3f685ed44b396c2198395861d
        Validity
            Not Before: Mar  8 07:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ec2ca4a299ef0c5354a687c1fb73c61a751b7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bc:fc:c0:88:2b:2e:d9:87:04:e5:b2:53:04:
                    50:9a:b2:94:14:51:47:59:fd:36:04:eb:f3:cf:9c:
                    bf:99:fd:76:d9:39:ff:fa:d5:52:42:d3:c2:7f:c7:
                    ec:be:24:20:3f:c7:69:ea:59:5d:aa:38:1e:a0:62:
                    26:e0:1f:8a:e2:f2:ec:9b:f4:4f:63:d5:8b:61:9e:
                    56:06:72:26:ce:5d:31:c9:59:68:90:bd:2a:8d:fc:
                    8b:e9:78:14:74:51:05:09:60:0b:cd:06:d6:42:ba:
                    5a:54:24:4d:a1:28:96:ea:f6:b9:a8:bf:1e:02:21:
                    46:51:2b:f2:31:5b:44:a5:c1:78:f2:61:c9:dc:c7:
                    fe:d4:e7:3e:c6:8d:39:a8:8d:34:38:31:84:5a:d3:
                    5f:e9:d4:61:96:98:f4:2f:4e:6c:b7:4c:48:c0:03:
                    38:17:67:9a:19:d2:0e:61:46:f8:45:a9:3b:f2:92:
                    fe:f3:c0:54:48:b4:53:00:87:6b:16:7f:6c:32:88:
                    31:e9:06:9c:4e:fc:61:6e:0b:07:2a:95:99:60:6e:
                    5d:db:53:8b:dd:d0:a6:4b:17:8b:ff:90:4a:ff:be:
                    dc:81:b3:71:14:1c:70:d5:c4:86:16:c5:f9:a5:6d:
                    a8:e6:bf:f6:fd:ec:2e:01:f8:06:bc:d5:1c:15:de:
                    2a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C2:CA:4A:29:9E:F0:C5:35:4A:68:7C:1F:B7:3C:61:A7:51:B7:D9
            X509v3 Authority Key Identifier:
                keyid:4E:15:DF:68:8C:3A:EA:E3:F6:85:ED:44:B3:96:C2:19:83:95:86:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/TsLKSime8MU1Smh8H7c8YadRt9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3d:34:8e:22:0b:c0:31:ad:ef:6f:a1:7f:40:23:76:b8:b6:
         40:b7:99:f6:df:de:f8:a6:20:bf:93:c2:b6:23:4c:4d:e1:76:
         2f:d0:8c:bc:8f:c9:38:47:a0:c9:cf:46:07:53:f3:19:3f:63:
         ed:69:e2:e8:e1:73:0e:ce:b1:fe:43:73:d5:22:20:60:55:61:
         40:34:a8:66:28:c1:c2:1b:d5:f1:2b:ca:44:92:c5:ae:a1:a0:
         0d:47:a2:7e:fe:04:29:e8:5f:9e:0f:1d:68:e1:2f:11:8e:1d:
         7e:6e:0a:be:65:d0:42:3a:1d:0f:b8:31:15:3a:1a:6a:21:08:
         ab:e8:e1:45:cc:ba:d0:b9:0c:ea:dc:e3:92:0b:e0:2e:3d:5b:
         77:22:f0:8e:38:54:eb:8f:9c:4b:85:70:83:d0:12:21:3d:9d:
         40:65:78:7b:36:70:62:d9:82:7a:58:41:f6:42:af:c3:bb:1c:
         df:06:94:aa:f0:f8:2f:ac:2b:d7:d8:ee:f7:d2:51:80:77:27:
         bf:ae:9c:30:9b:26:e4:fb:c8:7e:df:51:16:a3:a0:22:7f:ae:
         93:c1:38:c2:87:93:7b:20:9a:82:07:09:ef:a1:77:02:e6:a3:
         fd:51:65:44:10:95:cf:12:3d:51:3e:46:12:16:d2:af:46:ba:
         6c:93:2a:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4c4vtS/ERvqMD4P8jiFRErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTVkZjY4OGMzYWVhZTNmNjg1ZWQ0NGIzOTZjMjE5ODM5
NTg2MWQwHhcNMjQwMzA4MDcwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWMyY2E0YTI5OWVmMGM1MzU0YTY4N2MxZmI3M2M2MWE3NTFiN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrz8wIgrLtmHBOWyUwRQmrKUFFFH
Wf02BOvzz5y/mf122Tn/+tVSQtPCf8fsviQgP8dp6lldqjgeoGIm4B+K4vLsm/RP
Y9WLYZ5WBnImzl0xyVlokL0qjfyL6XgUdFEFCWALzQbWQrpaVCRNoSiW6va5qL8e
AiFGUSvyMVtEpcF48mHJ3Mf+1Oc+xo05qI00ODGEWtNf6dRhlpj0L05st0xIwAM4
F2eaGdIOYUb4Rak78pL+88BUSLRTAIdrFn9sMogx6QacTvxhbgsHKpWZYG5d21OL
3dCmSxeL/5BK/77cgbNxFBxw1cSGFsX5pW2o5r/2/ewuAfgGvNUcFd4qBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7CykopnvDFNUpofB+3PGGnUbfZMB8GA1UdIwQY
MBaAFE4V32iMOurj9oXtRLOWwhmDlYYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhYZmFJdzY2dVAyaGUxRXM1YkNHWU9WaGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYmY3YWItNWFhYi00MzM3LWEwMmEt
OGE2ZTU1NDE5NmJiLzEvVHNMS1NpbWU4TVUxU21oOEg3YzhZYWRSdDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYmY3YWItNWFhYi00MzM3LWEwMmEtOGE2ZTU1NDE5NmJi
LzEvVGhYZmFJdzY2dVAyaGUxRXM1YkNHWU9WaGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwb2MA0G
CSqGSIb3DQEBCwUAA4IBAQBpPTSOIgvAMa3vb6F/QCN2uLZAt5n23974piC/k8K2
I0xN4XYv0Iy8j8k4R6DJz0YHU/MZP2PtaeLo4XMOzrH+Q3PVIiBgVWFANKhmKMHC
G9XxK8pEksWuoaANR6J+/gQp6F+eDx1o4S8Rjh1+bgq+ZdBCOh0PuDEVOhpqIQir
6OFFzLrQuQzq3OOSC+AuPVt3IvCOOFTrj5xLhXCD0BIhPZ1AZXh7NnBi2YJ6WEH2
Qq/DuxzfBpSq8PgvrCvX2O730lGAdye/rpwwmybk+8h+31EWo6Aif66TwTjCh5N7
IJqCBwnvoXcC5qP9UWVEEJXPEj1RPkYSFtKvRrpskyru
-----END CERTIFICATE-----