Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/081ryxyj9w6cctmFl2mAufUbJWU.roa
File:                     081ryxyj9w6cctmFl2mAufUbJWU.roa (raw, json)
Hash identifier:          qCftz/7HqpQ8pk1Vgruue5fCBxqFA21jKAhbqU/kAEo=
Subject key identifier:   D3:CD:6B:CB:1C:A3:F7:0E:9C:72:D9:85:97:69:80:B9:F5:1B:25:65
Certificate issuer:       /CN=fb79c26f31575345159c840ed278a878a9256615
Certificate serial:       018CC3B6B1F362E2970C2543376AFCCECB19
Authority key identifier: FB:79:C2:6F:31:57:53:45:15:9C:84:0E:D2:78:A8:78:A9:25:66:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/081ryxyj9w6cctmFl2mAufUbJWU.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208685
IP address blocks:        31.3.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b1:f3:62:e2:97:0c:25:43:37:6a:fc:ce:cb:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb79c26f31575345159c840ed278a878a9256615
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3cd6bcb1ca3f70e9c72d985976980b9f51b2565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:77:7c:75:70:79:7d:fd:33:57:38:92:9a:3d:
                    5b:f1:d3:81:c0:be:50:71:ca:ac:0b:3c:9d:35:34:
                    f2:15:79:ff:82:cd:58:36:6c:ad:c8:a6:3f:48:29:
                    33:d6:b9:7d:16:97:a2:24:1b:2e:65:af:d2:ea:e6:
                    c7:04:2a:34:42:fb:15:18:5e:8c:be:db:3c:ef:b1:
                    e7:1b:a8:db:39:54:11:68:52:ef:5c:e4:14:88:a5:
                    47:65:d3:6e:1b:f5:e8:92:eb:e7:12:fb:bc:70:c5:
                    5e:41:fb:7c:3b:4b:9c:73:06:c3:25:6e:2b:b8:69:
                    a8:eb:0e:b6:b4:ed:dd:41:c9:3c:9c:93:d8:69:dc:
                    04:6b:40:74:c1:f1:d5:a7:ca:eb:36:c2:8f:e5:2c:
                    89:ae:4b:8b:37:7a:12:90:bb:80:43:bb:a8:f5:d8:
                    53:10:1b:e8:88:28:bf:bb:6e:77:04:7d:db:47:94:
                    05:54:8f:28:a2:bb:d8:62:7f:19:58:a8:73:d8:32:
                    71:88:ac:42:74:26:f6:dc:3e:e4:d6:24:84:2a:91:
                    c8:91:f5:6d:61:50:be:d8:fd:37:f9:8c:52:10:bb:
                    8e:c3:4b:aa:d3:59:82:93:15:c9:c1:0b:6a:27:18:
                    57:51:aa:6a:45:eb:2f:f5:86:d6:13:58:3b:bc:6d:
                    01:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CD:6B:CB:1C:A3:F7:0E:9C:72:D9:85:97:69:80:B9:F5:1B:25:65
            X509v3 Authority Key Identifier:
                keyid:FB:79:C2:6F:31:57:53:45:15:9C:84:0E:D2:78:A8:78:A9:25:66:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/081ryxyj9w6cctmFl2mAufUbJWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:91:49:78:8a:ae:97:34:a5:bf:42:15:53:57:71:24:28:77:
         7e:a4:38:36:44:46:ba:82:60:57:14:4c:91:c5:a9:b2:7f:47:
         ef:cd:8d:54:bd:76:41:83:e3:2a:b8:62:46:e0:b3:76:4c:cb:
         47:50:6f:dd:5e:83:e6:ef:36:f3:f6:04:3b:d5:1f:e7:4c:ec:
         11:e6:da:99:ec:10:57:31:11:2e:cb:69:7d:2b:df:fd:52:0e:
         45:db:77:df:bb:98:5e:df:44:43:64:30:de:92:be:72:34:a6:
         16:1d:25:0b:aa:79:c0:4f:6e:da:9f:27:03:01:3e:67:2f:ac:
         f0:24:28:dd:15:9b:a3:ed:86:96:8c:ed:ec:60:c9:b4:57:f8:
         e8:12:a1:37:9a:7f:71:7a:b3:7d:c3:4d:f4:db:a4:47:a2:30:
         5c:d2:98:0d:38:ab:38:15:a4:c3:86:6d:e8:af:7a:ce:bf:dc:
         8c:60:33:0b:05:a4:91:49:68:65:77:d9:77:a9:ca:b1:2e:0d:
         87:d6:6c:4e:e9:7e:26:0b:25:dc:63:02:19:59:4f:4d:96:af:
         45:92:eb:2d:0a:61:eb:85:5b:3d:7b:47:c5:a6:cf:72:eb:b2:
         cb:0d:f3:01:7e:84:ef:50:fc:d5:f5:82:49:93:c0:db:19:69:
         cd:a1:37:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtrHzYuKXDCVDN2r8zssZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzljMjZmMzE1NzUzNDUxNTljODQwZWQyNzhhODc4YTky
NTY2MTUwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2NkNmJjYjFjYTNmNzBlOWM3MmQ5ODU5NzY5ODBiOWY1MWIyNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3d8dXB5ff0zVziSmj1b8dOBwL5Q
ccqsCzydNTTyFXn/gs1YNmytyKY/SCkz1rl9FpeiJBsuZa/S6ubHBCo0QvsVGF6M
vts877HnG6jbOVQRaFLvXOQUiKVHZdNuG/XokuvnEvu8cMVeQft8O0uccwbDJW4r
uGmo6w62tO3dQck8nJPYadwEa0B0wfHVp8rrNsKP5SyJrkuLN3oSkLuAQ7uo9dhT
EBvoiCi/u253BH3bR5QFVI8oorvYYn8ZWKhz2DJxiKxCdCb23D7k1iSEKpHIkfVt
YVC+2P03+YxSELuOw0uq01mCkxXJwQtqJxhXUapqResv9YbWE1g7vG0BeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNPNa8sco/cOnHLZhZdpgLn1GyVlMB8GA1UdIwQY
MBaAFPt5wm8xV1NFFZyEDtJ4qHipJWYVMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zbkNiekZYVTBVVm5JUU8wbmlvZUtrbFpoVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAvMTJkNjkxLTM3YTQtNGIxNS1hN2Vh
LWJkMzdkYTBlNDQ3Yy8xLzA4MXJ5eHlqOXc2Y2N0bUZsMm1BdWZVYkpXVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvMTJkNjkxLTM3YTQtNGIxNS1hN2VhLWJkMzdkYTBlNDQ3
Yy8xLzEtM25DYnpGWFUwVVZuSVFPMG5pb2VLa2xaaFUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfA5ww
DQYJKoZIhvcNAQELBQADggEBAIKRSXiKrpc0pb9CFVNXcSQod36kODZERrqCYFcU
TJHFqbJ/R+/NjVS9dkGD4yq4Ykbgs3ZMy0dQb91eg+bvNvP2BDvVH+dM7BHm2pns
EFcxES7LaX0r3/1SDkXbd9+7mF7fRENkMN6SvnI0phYdJQuqecBPbtqfJwMBPmcv
rPAkKN0Vm6PthpaM7exgybRX+OgSoTeaf3F6s33DTfTbpEeiMFzSmA04qzgVpMOG
beives6/3IxgMwsFpJFJaGV32XepyrEuDYfWbE7pfiYLJdxjAhlZT02Wr0WS6y0K
YeuFWz17R8Wmz3LrsssN8wF+hO9Q/NX1gkmTwNsZac2hN6c=
-----END CERTIFICATE-----