Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/31ZwNrP5Hi-QY9WNxmNCXj48saY.roa
File:                     31ZwNrP5Hi-QY9WNxmNCXj48saY.roa (raw, json)
Hash identifier:          nf76tkncSAwe8YEEOCkrd7gs72j1d4uYvrtr+LQqZUQ=
Subject key identifier:   DF:56:70:36:B3:F9:1E:2F:90:63:D5:8D:C6:63:42:5E:3E:3C:B1:A6
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       018CC7936A16109C93E4A8A71451A7D0A4E8
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/31ZwNrP5Hi-QY9WNxmNCXj48saY.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395747
IP address blocks:        2a06:98c0:1c0b::/48 maxlen: 48
                          2a06:98c0:1c01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6a:16:10:9c:93:e4:a8:a7:14:51:a7:d0:a4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df567036b3f91e2f9063d58dc663425e3e3cb1a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:0e:6e:68:81:ae:fa:3f:2c:e5:9e:ce:e3:97:
                    42:58:80:f2:27:54:2a:b7:ee:d2:f9:73:22:40:a3:
                    b9:97:fe:34:55:d1:02:47:16:3b:71:55:63:ce:93:
                    23:17:33:f0:49:09:e9:e6:7b:32:78:cd:4f:ea:53:
                    70:dd:38:a2:95:13:b1:b6:f3:b5:85:32:f5:f9:34:
                    dd:a1:19:05:0b:53:72:2b:f7:5b:89:09:6e:72:f2:
                    36:19:4f:77:7a:b5:61:32:87:b3:e8:4a:1f:9c:04:
                    44:4e:51:44:35:05:f0:ef:82:95:0a:7f:d6:1f:2f:
                    4d:fc:42:14:16:a7:74:5b:5d:40:3a:68:10:2f:35:
                    a8:c0:35:e0:6d:07:10:29:4e:0d:fc:56:24:e9:98:
                    19:d9:8b:1b:40:ac:89:bf:83:fb:87:c4:74:a5:e6:
                    a1:58:51:8f:f8:82:9e:fc:76:7f:bb:24:55:95:8c:
                    b0:f9:10:77:14:0e:24:d9:32:ba:37:0c:9f:b6:a9:
                    bf:c4:a5:f7:80:d5:0b:1b:29:c4:01:b8:50:6c:df:
                    18:d0:14:08:38:1f:62:c2:93:fe:4e:d4:48:41:68:
                    a6:17:90:db:12:47:fc:e9:81:d4:a2:3c:2f:9e:bd:
                    bd:77:26:57:42:00:51:ce:bb:62:75:dc:dd:f6:e6:
                    b0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:56:70:36:B3:F9:1E:2F:90:63:D5:8D:C6:63:42:5E:3E:3C:B1:A6
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/31ZwNrP5Hi-QY9WNxmNCXj48saY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:98c0:1c01::/48
                  2a06:98c0:1c0b::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:c2:7a:37:2e:d2:5a:f0:1f:aa:1d:52:76:70:6f:b4:e7:a8:
         30:94:1c:28:7e:75:6a:2f:c4:73:8c:e2:98:5d:87:c9:6f:6a:
         c2:b2:8a:0c:fb:7e:2e:77:fd:c2:f4:5a:80:d8:d3:82:95:89:
         b6:37:9b:d8:d8:51:f8:30:6c:b9:a4:95:07:2a:80:36:e4:3b:
         5d:85:17:fe:16:f3:d6:58:ad:ba:57:08:ec:f2:05:c0:5b:8d:
         ac:88:95:45:f4:64:f1:49:fa:84:61:a9:04:cc:24:88:08:45:
         88:f9:87:a5:b4:f3:71:06:bc:44:12:9e:1e:90:94:d8:3a:63:
         eb:81:1d:7f:b6:39:99:69:25:a9:d6:2a:1c:15:4f:78:76:70:
         c6:ed:e8:20:79:7d:44:de:c0:ec:2e:72:f7:bf:d8:d1:ec:fc:
         71:3f:45:7c:8a:8e:81:b3:17:cc:bf:a6:e9:b4:6f:f7:8c:47:
         f3:2c:85:66:9a:b7:a3:f5:c9:76:71:d0:09:e6:47:bb:45:86:
         0a:8c:33:db:69:99:bd:cb:7f:48:f5:52:b1:98:e1:32:65:48:
         1d:7a:23:83:dc:8f:0f:de:7e:54:75:cd:e4:9a:01:6d:fc:cd:
         55:36:54:0b:05:63:35:2a:3c:e5:ae:2f:17:6a:2d:42:72:d1:
         fd:ed:bc:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHk2oWEJyT5KinFFGn0KToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjU2NzAzNmIzZjkxZTJmOTA2M2Q1OGRjNjYzNDI1ZTNlM2NiMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8w5uaIGu+j8s5Z7O45dCWIDyJ1Qq
t+7S+XMiQKO5l/40VdECRxY7cVVjzpMjFzPwSQnp5nsyeM1P6lNw3TiilROxtvO1
hTL1+TTdoRkFC1NyK/dbiQlucvI2GU93erVhMoez6EofnARETlFENQXw74KVCn/W
Hy9N/EIUFqd0W11AOmgQLzWowDXgbQcQKU4N/FYk6ZgZ2YsbQKyJv4P7h8R0peah
WFGP+IKe/HZ/uyRVlYyw+RB3FA4k2TK6Nwyftqm/xKX3gNULGynEAbhQbN8Y0BQI
OB9iwpP+TtRIQWimF5DbEkf86YHUojwvnr29dyZXQgBRzrtiddzd9uawZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN9WcDaz+R4vkGPVjcZjQl4+PLGmMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvMzFad05yUDVIaS1RWTlXTnhtTkNYajQ4c2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYwBwB
AwcAKgaYwBwLMA0GCSqGSIb3DQEBCwUAA4IBAQAWwno3LtJa8B+qHVJ2cG+056gw
lBwofnVqL8RzjOKYXYfJb2rCsooM+34ud/3C9FqA2NOClYm2N5vY2FH4MGy5pJUH
KoA25DtdhRf+FvPWWK26Vwjs8gXAW42siJVF9GTxSfqEYakEzCSICEWI+YeltPNx
BrxEEp4ekJTYOmPrgR1/tjmZaSWp1iocFU94dnDG7eggeX1E3sDsLnL3v9jR7Pxx
P0V8io6BsxfMv6bptG/3jEfzLIVmmrej9cl2cdAJ5ke7RYYKjDPbaZm9y39I9VKx
mOEyZUgdeiOD3I8P3n5Udc3kmgFt/M1VNlQLBWM1Kjzlri8Xai1CctH97bzO
-----END CERTIFICATE-----