Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/aM91ZduKUhbfA7uJHcrtFcppW10.roa
File:                     aM91ZduKUhbfA7uJHcrtFcppW10.roa (raw, json)
Hash identifier:          m72H5fjKZAAasOX54WxgOPkzWfQDD7d25eaasVhvDlg=
Subject key identifier:   68:CF:75:65:DB:8A:52:16:DF:03:BB:89:1D:CA:ED:15:CA:69:5B:5D
Certificate issuer:       /CN=e8c483b75c2db1cf9ff4e94c7a0fdf0db0000f00
Certificate serial:       018CC94D1CF19F71E0E482D0BE5E7D87D597
Authority key identifier: E8:C4:83:B7:5C:2D:B1:CF:9F:F4:E9:4C:7A:0F:DF:0D:B0:00:0F:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MSDt1wtsc-f9OlMeg_fDbAADwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/aM91ZduKUhbfA7uJHcrtFcppW10.roa
Signing time:             Tue 02 Jan 2024 08:32:03 +0000
ROA not before:           Tue 02 Jan 2024 08:32:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51069
IP address blocks:        193.194.108.0/22 maxlen: 23
                          178.219.80.0/20 maxlen: 24
                          31.129.64.0/19 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/6MSDt1wtsc-f9OlMeg_fDbAADwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/6MSDt1wtsc-f9OlMeg_fDbAADwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MSDt1wtsc-f9OlMeg_fDbAADwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:1c:f1:9f:71:e0:e4:82:d0:be:5e:7d:87:d5:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8c483b75c2db1cf9ff4e94c7a0fdf0db0000f00
        Validity
            Not Before: Jan  2 08:32:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68cf7565db8a5216df03bb891dcaed15ca695b5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9c:e9:6e:d7:27:31:22:98:5c:3d:52:d0:1c:
                    a3:30:67:a0:18:75:b3:ee:c4:68:fc:27:0d:d0:73:
                    38:cb:ff:43:65:a2:fb:ec:7e:02:65:9f:b0:86:84:
                    0d:63:0b:e8:0b:69:bb:1b:f0:88:ad:88:42:5b:22:
                    54:ac:92:c3:da:d9:e0:c5:33:ee:69:21:75:24:7f:
                    32:6b:c3:fa:19:87:d3:ec:51:ca:4b:6e:45:51:06:
                    82:c8:7f:b9:22:15:73:c4:cd:c2:fd:7b:9b:59:09:
                    da:b5:4a:0f:15:2a:6c:bd:cf:18:8a:a1:8c:e8:ec:
                    67:c4:ad:2c:66:be:19:f5:d3:9a:35:5e:ed:a4:5c:
                    bc:2b:73:d8:11:66:ae:b3:a5:4e:73:6d:cf:a5:cc:
                    20:4b:db:c7:23:f1:c4:3a:62:6c:79:e2:d9:5c:ac:
                    1b:22:ee:34:aa:3f:16:69:07:04:bd:f1:1a:88:4d:
                    10:57:bb:64:47:c2:30:82:4c:46:34:55:b9:e2:2d:
                    0a:93:87:d9:06:a8:4e:95:e3:19:18:83:7a:77:c0:
                    fc:99:b3:79:1e:94:52:6c:19:ce:dc:a2:97:81:09:
                    3d:32:a6:f7:7d:7b:64:78:21:58:f8:3c:24:01:fb:
                    da:92:54:fc:0c:4f:73:97:8a:56:26:54:be:6f:87:
                    77:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CF:75:65:DB:8A:52:16:DF:03:BB:89:1D:CA:ED:15:CA:69:5B:5D
            X509v3 Authority Key Identifier:
                keyid:E8:C4:83:B7:5C:2D:B1:CF:9F:F4:E9:4C:7A:0F:DF:0D:B0:00:0F:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MSDt1wtsc-f9OlMeg_fDbAADwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/aM91ZduKUhbfA7uJHcrtFcppW10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/6MSDt1wtsc-f9OlMeg_fDbAADwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.64.0/19
                  178.219.80.0/20
                  193.194.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:31:e3:13:de:4b:ea:a5:c5:d2:50:ca:c3:a0:54:10:b2:0a:
         ff:6f:2b:32:6e:d2:66:87:fd:e3:b8:02:54:10:40:04:1c:d8:
         58:66:79:02:65:0b:cb:69:7a:04:e8:5d:0d:76:0f:3f:85:15:
         46:20:e1:bb:76:17:cf:a3:4d:17:7c:c1:38:b4:d1:2c:09:16:
         53:39:80:30:f5:49:59:88:fb:bc:95:91:60:c8:a6:4f:40:81:
         0f:d8:c5:d2:0f:58:fe:f2:1c:7b:f8:fc:1e:6f:55:e3:86:75:
         1c:2b:77:fc:ac:86:4f:f7:13:f6:9b:38:2b:a8:db:ba:db:2f:
         7f:09:78:ac:0c:51:6b:39:d5:79:42:ef:2a:3d:d9:71:f8:2b:
         ad:34:ee:a9:7d:3a:e1:8a:89:a9:f6:90:b8:5d:c9:a0:e2:fc:
         60:a9:8c:66:e9:05:39:2f:52:42:a1:cb:59:99:46:e1:d9:a1:
         30:ff:23:03:f3:6c:0b:ee:4e:04:a6:2d:30:9c:e5:b3:d6:21:
         53:7c:fa:0d:28:7a:95:9d:86:74:83:c8:d7:6d:24:de:74:32:
         d8:00:e4:5e:b1:63:d2:7b:1e:56:c6:ff:a8:ed:f1:45:2f:23:
         16:a0:ea:bf:90:53:70:a8:19:8a:c7:1a:1a:fd:8d:b9:63:b5:
         3a:22:94:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTRzxn3Hg5ILQvl59h9WXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YzQ4M2I3NWMyZGIxY2Y5ZmY0ZTk0YzdhMGZkZjBkYjAw
MDBmMDAwHhcNMjQwMTAyMDgzMjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGNmNzU2NWRiOGE1MjE2ZGYwM2JiODkxZGNhZWQxNWNhNjk1YjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJzpbtcnMSKYXD1S0ByjMGegGHWz
7sRo/CcN0HM4y/9DZaL77H4CZZ+whoQNYwvoC2m7G/CIrYhCWyJUrJLD2tngxTPu
aSF1JH8ya8P6GYfT7FHKS25FUQaCyH+5IhVzxM3C/XubWQnatUoPFSpsvc8YiqGM
6OxnxK0sZr4Z9dOaNV7tpFy8K3PYEWaus6VOc23PpcwgS9vHI/HEOmJseeLZXKwb
Iu40qj8WaQcEvfEaiE0QV7tkR8IwgkxGNFW54i0Kk4fZBqhOleMZGIN6d8D8mbN5
HpRSbBnO3KKXgQk9Mqb3fXtkeCFY+DwkAfvaklT8DE9zl4pWJlS+b4d3BQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGjPdWXbilIW3wO7iR3K7RXKaVtdMB8GA1UdIwQY
MBaAFOjEg7dcLbHPn/TpTHoP3w2wAA8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1TRHQxd3RzYy1mOU9sTWVnX2ZEYkFBRHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zMWZkYTAtN2FhYS00NjFjLWEzNTIt
ZWIzNWJmYTA2NWFkLzEvYU05MVpkdUtVaGJmQTd1SkhjcnRGY3BwVzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zMWZkYTAtN2FhYS00NjFjLWEzNTItZWIzNWJmYTA2NWFk
LzEvNk1TRHQxd3RzYy1mOU9sTWVnX2ZEYkFBRHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFH4FAAwQE
sttQAwQCwcJsMA0GCSqGSIb3DQEBCwUAA4IBAQAvMeMT3kvqpcXSUMrDoFQQsgr/
bysybtJmh/3juAJUEEAEHNhYZnkCZQvLaXoE6F0Ndg8/hRVGIOG7dhfPo00XfME4
tNEsCRZTOYAw9UlZiPu8lZFgyKZPQIEP2MXSD1j+8hx7+Pweb1XjhnUcK3f8rIZP
9xP2mzgrqNu62y9/CXisDFFrOdV5Qu8qPdlx+CutNO6pfTrhiomp9pC4Xcmg4vxg
qYxm6QU5L1JCoctZmUbh2aEw/yMD82wL7k4Epi0wnOWz1iFTfPoNKHqVnYZ0g8jX
bSTedDLYAOResWPSex5Wxv+o7fFFLyMWoOq/kFNwqBmKxxoa/Y25Y7U6IpSV
-----END CERTIFICATE-----