Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/THD4qP8abUJIJGzVMel1I-jGq2w.roa
File:                     THD4qP8abUJIJGzVMel1I-jGq2w.roa (raw, json)
Hash identifier:          F6HMQEfiaBU1KP91+AcRU1YB73IAk4jC2TbEFMDxqDs=
Subject key identifier:   4C:70:F8:A8:FF:1A:6D:42:48:24:6C:D5:31:E9:75:23:E8:C6:AB:6C
Certificate issuer:       /CN=3f56231e7ef53181b630260f5739a939980bce0f
Certificate serial:       018DE731F8E1D0765892A7501909004F559C
Authority key identifier: 3F:56:23:1E:7E:F5:31:81:B6:30:26:0F:57:39:A9:39:98:0B:CE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/THD4qP8abUJIJGzVMel1I-jGq2w.roa
Signing time:             Mon 26 Feb 2024 20:53:48 +0000
ROA not before:           Mon 26 Feb 2024 20:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        193.106.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e7:31:f8:e1:d0:76:58:92:a7:50:19:09:00:4f:55:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f56231e7ef53181b630260f5739a939980bce0f
        Validity
            Not Before: Feb 26 20:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c70f8a8ff1a6d4248246cd531e97523e8c6ab6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:69:46:11:e8:40:44:94:89:f4:13:7d:a6:9f:
                    bb:e6:93:7a:79:76:c4:ab:3e:e7:fe:f6:ff:0e:f5:
                    c3:c5:88:49:b8:de:16:7e:20:e8:bd:ef:b8:1a:2e:
                    5c:d5:62:6c:6f:a2:7b:8a:67:62:21:d9:76:6b:68:
                    39:12:80:53:63:aa:17:a5:52:8c:27:19:7f:f2:73:
                    27:ed:e1:d5:d9:d4:32:61:12:bd:71:25:fd:81:c4:
                    b6:14:8f:71:5f:3d:9c:62:c6:f5:ca:83:d1:fe:c8:
                    fb:45:3d:09:bd:9f:1e:c4:38:1c:53:78:66:40:62:
                    8b:bd:30:07:dd:74:06:ff:58:cd:a1:a9:8c:6d:a9:
                    39:e5:55:21:3f:bd:82:ef:aa:cb:94:e8:e5:6f:eb:
                    d6:23:e1:a8:96:90:b8:45:86:b0:9c:0c:39:e0:9d:
                    c8:05:5b:2d:a0:9d:07:28:e2:14:f9:8a:8a:0d:55:
                    56:8d:81:18:67:b1:59:78:27:4a:13:62:26:83:9f:
                    60:78:a5:05:42:5c:3a:97:1e:47:d4:33:4c:c1:ae:
                    fd:4a:62:97:d1:8b:a5:ee:83:14:12:d4:64:a4:40:
                    13:db:09:b2:fe:e2:ae:33:d8:2a:fd:9b:78:dd:25:
                    ba:1c:e0:1f:fa:fd:2b:af:1a:8d:f7:ac:b2:d7:31:
                    fd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:70:F8:A8:FF:1A:6D:42:48:24:6C:D5:31:E9:75:23:E8:C6:AB:6C
            X509v3 Authority Key Identifier:
                keyid:3F:56:23:1E:7E:F5:31:81:B6:30:26:0F:57:39:A9:39:98:0B:CE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1YjHn71MYG2MCYPVzmpOZgLzg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/THD4qP8abUJIJGzVMel1I-jGq2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c2e36-a9db-4522-a63e-455ddc7d9e38/1/P1YjHn71MYG2MCYPVzmpOZgLzg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:eb:4d:73:45:54:b7:4b:77:e9:4c:de:53:49:51:49:39:0c:
         50:e5:19:93:63:82:d0:f8:31:68:28:d4:56:f5:3b:d2:74:09:
         71:3c:5f:0a:10:ad:ab:b6:c7:4d:12:71:90:75:39:55:61:04:
         d0:cd:e8:d1:aa:90:de:6e:e6:cf:9b:53:0b:e3:d1:49:45:f0:
         18:ae:b5:ca:05:21:56:39:cd:d4:1b:88:7b:d2:52:52:f9:2c:
         84:87:3d:92:a9:90:6a:3e:17:77:25:f0:70:03:c3:20:7e:6d:
         72:7f:e4:1c:61:0a:bb:6a:84:f2:cc:d0:7b:2e:39:cd:3a:20:
         36:8a:03:70:67:0d:77:17:09:14:32:7e:9e:19:c6:a7:92:fd:
         9b:d4:20:ac:da:63:75:a7:b9:2d:bc:c3:f0:d2:7c:3f:8b:b9:
         72:e3:f4:8d:ec:0d:5a:b2:0f:96:e5:76:14:28:0b:db:d2:1f:
         5b:bf:46:34:b4:52:f7:4c:54:e7:da:26:88:29:92:7d:e9:ac:
         2f:0b:62:28:9e:a9:eb:8a:e7:57:52:3f:ce:0e:10:eb:2d:f2:
         79:59:13:02:70:d6:d9:8b:08:13:69:c5:c0:1d:1b:8b:21:72:
         fb:49:d6:c8:0b:82:10:ab:c6:a9:03:27:9d:9a:85:d2:4e:e7:
         c4:76:dc:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3nMfjh0HZYkqdQGQkAT1WcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNTYyMzFlN2VmNTMxODFiNjMwMjYwZjU3MzlhOTM5OTgw
YmNlMGYwHhcNMjQwMjI2MjA1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzcwZjhhOGZmMWE2ZDQyNDgyNDZjZDUzMWU5NzUyM2U4YzZhYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2lGEehARJSJ9BN9pp+75pN6eXbE
qz7n/vb/DvXDxYhJuN4WfiDove+4Gi5c1WJsb6J7imdiIdl2a2g5EoBTY6oXpVKM
Jxl/8nMn7eHV2dQyYRK9cSX9gcS2FI9xXz2cYsb1yoPR/sj7RT0JvZ8exDgcU3hm
QGKLvTAH3XQG/1jNoamMbak55VUhP72C76rLlOjlb+vWI+GolpC4RYawnAw54J3I
BVstoJ0HKOIU+YqKDVVWjYEYZ7FZeCdKE2Img59geKUFQlw6lx5H1DNMwa79SmKX
0Yul7oMUEtRkpEAT2wmy/uKuM9gq/Zt43SW6HOAf+v0rrxqN96yy1zH9aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExw+Kj/Gm1CSCRs1THpdSPoxqtsMB8GA1UdIwQY
MBaAFD9WIx5+9TGBtjAmD1c5qTmYC84PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDFZakhuNzFNWUcyTUNZUFZ6bXBPWmdMemc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81YzJlMzYtYTlkYi00NTIyLWE2M2Ut
NDU1ZGRjN2Q5ZTM4LzEvVEhENHFQOGFiVUpJSkd6Vk1lbDFJLWpHcTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81YzJlMzYtYTlkYi00NTIyLWE2M2UtNDU1ZGRjN2Q5ZTM4
LzEvUDFZakhuNzFNWUcyTUNZUFZ6bXBPWmdMemc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWq/MA0G
CSqGSIb3DQEBCwUAA4IBAQCs601zRVS3S3fpTN5TSVFJOQxQ5RmTY4LQ+DFoKNRW
9TvSdAlxPF8KEK2rtsdNEnGQdTlVYQTQzejRqpDebubPm1ML49FJRfAYrrXKBSFW
Oc3UG4h70lJS+SyEhz2SqZBqPhd3JfBwA8Mgfm1yf+QcYQq7aoTyzNB7LjnNOiA2
igNwZw13FwkUMn6eGcankv2b1CCs2mN1p7ktvMPw0nw/i7ly4/SN7A1asg+W5XYU
KAvb0h9bv0Y0tFL3TFTn2iaIKZJ96awvC2IonqnriudXUj/ODhDrLfJ5WRMCcNbZ
iwgTacXAHRuLIXL7SdbIC4IQq8apAyedmoXSTufEdtzJ
-----END CERTIFICATE-----