Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/0tAMNJHAPUWwYsQxjrD6vpPIj_o.roa
File:                     0tAMNJHAPUWwYsQxjrD6vpPIj_o.roa (raw, json)
Hash identifier:          ytClwJp70ptDHEa6Frh4uVn4xshgJywtFnNWYaw2F3A=
Subject key identifier:   D2:D0:0C:34:91:C0:3D:45:B0:62:C4:31:8E:B0:FA:BE:93:C8:8F:FA
Certificate issuer:       /CN=f37063a85445019ab845a5b7e54395cdd39927f6
Certificate serial:       018CCA2BAF46C889585191F04CCA24D9297C
Authority key identifier: F3:70:63:A8:54:45:01:9A:B8:45:A5:B7:E5:43:95:CD:D3:99:27:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83BjqFRFAZq4RaW35UOVzdOZJ_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/0tAMNJHAPUWwYsQxjrD6vpPIj_o.roa
Signing time:             Tue 02 Jan 2024 12:35:09 +0000
ROA not before:           Tue 02 Jan 2024 12:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212476
IP address blocks:        193.3.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/83BjqFRFAZq4RaW35UOVzdOZJ_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/83BjqFRFAZq4RaW35UOVzdOZJ_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83BjqFRFAZq4RaW35UOVzdOZJ_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:af:46:c8:89:58:51:91:f0:4c:ca:24:d9:29:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f37063a85445019ab845a5b7e54395cdd39927f6
        Validity
            Not Before: Jan  2 12:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2d00c3491c03d45b062c4318eb0fabe93c88ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5b:22:fe:6a:b7:d3:9f:bd:1b:e5:29:4b:75:
                    b8:ad:6a:c1:38:9b:a0:96:df:7a:dd:4b:6e:5c:c5:
                    df:b2:cc:e4:2c:3b:06:fb:0f:ee:d7:9e:ee:a9:ef:
                    c7:36:83:b8:bc:ab:ce:56:e9:82:bb:94:af:f1:e4:
                    1b:4e:7a:75:9f:69:27:78:55:7b:52:16:f2:98:2e:
                    be:93:56:d7:db:c3:50:39:82:0d:2a:70:fa:13:05:
                    17:1b:4f:45:da:c4:a1:1d:5e:63:7c:07:5f:ca:ac:
                    73:3e:3f:5a:87:c3:1e:f9:e0:bb:77:13:33:3e:c5:
                    3f:78:9c:97:f1:27:d4:52:b8:bf:57:d8:20:9a:b4:
                    d8:f9:43:09:cc:7f:a2:51:2d:41:47:0f:82:82:9d:
                    0b:05:23:04:b4:32:4c:98:41:7f:ca:43:92:0d:98:
                    14:1b:7e:8f:9b:66:c1:b5:aa:20:31:5f:87:8f:b0:
                    eb:07:1e:c3:1a:25:75:e5:13:c8:8c:db:4f:6e:71:
                    95:de:05:b8:a9:34:a7:07:81:50:63:3e:bf:05:9c:
                    a2:6c:af:1c:04:0d:63:08:71:13:13:75:bc:41:3d:
                    86:db:19:c0:84:80:77:80:fb:57:bd:4b:c1:f6:e2:
                    6c:b4:56:92:38:5a:1e:a1:00:37:41:33:93:b4:e8:
                    e5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D0:0C:34:91:C0:3D:45:B0:62:C4:31:8E:B0:FA:BE:93:C8:8F:FA
            X509v3 Authority Key Identifier:
                keyid:F3:70:63:A8:54:45:01:9A:B8:45:A5:B7:E5:43:95:CD:D3:99:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83BjqFRFAZq4RaW35UOVzdOZJ_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/0tAMNJHAPUWwYsQxjrD6vpPIj_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/220ce4-11a3-4d92-a488-c3947e76be75/1/83BjqFRFAZq4RaW35UOVzdOZJ_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:7e:b9:b5:b2:31:e8:8e:08:91:d0:86:4d:0c:9d:a2:ca:d7:
         3c:96:f2:db:43:56:44:74:4c:f4:40:fd:bb:dc:87:a6:2b:34:
         dd:5e:dc:b4:e1:d2:cb:5e:66:5e:88:27:4d:34:ec:fb:67:6a:
         05:b1:00:01:40:37:df:5f:75:cc:99:cd:60:8f:5a:af:7d:98:
         77:f2:48:1f:39:d2:ad:d3:37:50:d6:a6:d3:32:fb:a8:8c:61:
         3c:e8:b7:b7:fd:fc:8e:aa:23:7e:cc:56:82:56:56:bd:cb:a1:
         37:c0:30:0f:fc:59:68:e8:9c:63:2b:82:7c:ce:b5:ba:35:f3:
         f2:a5:1b:95:90:0d:f6:03:e2:71:3f:90:74:cc:73:78:94:ee:
         b3:82:3a:33:34:01:51:bf:01:bd:1d:ab:78:ba:23:c9:6c:ed:
         43:78:81:b0:bb:ac:27:1a:36:0d:6b:9c:87:e7:aa:0c:9c:ad:
         ec:1f:e2:1f:c4:64:ec:a0:8f:ef:4b:46:61:be:2a:ec:25:2a:
         ae:52:42:52:71:88:7b:99:aa:7d:a1:9a:25:48:db:75:56:61:
         20:23:cf:93:75:cd:4f:52:90:fa:b9:a6:6f:97:12:4d:22:84:
         4b:6d:dd:be:58:7c:96:80:79:5d:8d:d3:c7:c2:07:c8:9c:88:
         b1:27:0c:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK69GyIlYUZHwTMok2Sl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzA2M2E4NTQ0NTAxOWFiODQ1YTViN2U1NDM5NWNkZDM5
OTI3ZjYwHhcNMjQwMTAyMTIzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQwMGMzNDkxYzAzZDQ1YjA2MmM0MzE4ZWIwZmFiZTkzYzg4ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlsi/mq305+9G+UpS3W4rWrBOJug
lt963UtuXMXfsszkLDsG+w/u157uqe/HNoO4vKvOVumCu5Sv8eQbTnp1n2kneFV7
UhbymC6+k1bX28NQOYINKnD6EwUXG09F2sShHV5jfAdfyqxzPj9ah8Me+eC7dxMz
PsU/eJyX8SfUUri/V9ggmrTY+UMJzH+iUS1BRw+Cgp0LBSMEtDJMmEF/ykOSDZgU
G36Pm2bBtaogMV+Hj7DrBx7DGiV15RPIjNtPbnGV3gW4qTSnB4FQYz6/BZyibK8c
BA1jCHETE3W8QT2G2xnAhIB3gPtXvUvB9uJstFaSOFoeoQA3QTOTtOjltQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLQDDSRwD1FsGLEMY6w+r6TyI/6MB8GA1UdIwQY
MBaAFPNwY6hURQGauEWlt+VDlc3TmSf2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNCanFGUkZBWnE0UmFXMzVVT1Z6ZE9aSl9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8yMjBjZTQtMTFhMy00ZDkyLWE0ODgt
YzM5NDdlNzZiZTc1LzEvMHRBTU5KSEFQVVd3WXNReGpyRDZ2cFBJal9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8yMjBjZTQtMTFhMy00ZDkyLWE0ODgtYzM5NDdlNzZiZTc1
LzEvODNCanFGUkZBWnE0UmFXMzVVT1Z6ZE9aSl9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMfMA0G
CSqGSIb3DQEBCwUAA4IBAQCEfrm1sjHojgiR0IZNDJ2iytc8lvLbQ1ZEdEz0QP27
3IemKzTdXty04dLLXmZeiCdNNOz7Z2oFsQABQDffX3XMmc1gj1qvfZh38kgfOdKt
0zdQ1qbTMvuojGE86Le3/fyOqiN+zFaCVla9y6E3wDAP/Flo6JxjK4J8zrW6NfPy
pRuVkA32A+JxP5B0zHN4lO6zgjozNAFRvwG9Hat4uiPJbO1DeIGwu6wnGjYNa5yH
56oMnK3sH+IfxGTsoI/vS0ZhvirsJSquUkJScYh7map9oZolSNt1VmEgI8+Tdc1P
UpD6uaZvlxJNIoRLbd2+WHyWgHldjdPHwgfInIixJwxG
-----END CERTIFICATE-----