Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/47zZ0lB1uFaFED_oqSMoFLrpZJI.roa
File:                     47zZ0lB1uFaFED_oqSMoFLrpZJI.roa (raw, json)
Hash identifier:          57mk5kQigGV7Uka/C/oVfrZA218HHA71ureBZfpco7Q=
Subject key identifier:   E3:BC:D9:D2:50:75:B8:56:85:10:3F:E8:A9:23:28:14:BA:E9:64:92
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       019001635ED219BF3C467730981748E104A9
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/47zZ0lB1uFaFED_oqSMoFLrpZJI.roa
Signing time:             Mon 10 Jun 2024 09:03:27 +0000
ROA not before:           Mon 10 Jun 2024 09:03:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.31.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:63:5e:d2:19:bf:3c:46:77:30:98:17:48:e1:04:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jun 10 09:03:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3bcd9d25075b85685103fe8a9232814bae96492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:87:c4:12:ff:87:8d:0b:1f:0c:75:37:8c:02:
                    b5:12:bf:81:d8:82:bf:dd:48:cd:5f:d6:a6:fb:d5:
                    1c:c0:13:70:27:28:10:22:14:fb:7f:bc:2f:30:cf:
                    6c:63:53:2a:19:a4:34:29:27:f7:c8:a4:32:04:44:
                    dc:5c:f1:ce:fa:2c:b8:7d:f3:b4:46:50:a1:43:5e:
                    1f:76:e1:4b:a4:7e:cc:d5:71:03:0c:c8:74:47:ef:
                    7c:61:8b:08:b2:e6:19:ac:f2:98:b4:3e:70:f1:45:
                    c0:3a:21:a0:76:ec:d7:00:29:a5:dc:2a:51:9d:a0:
                    75:27:94:a7:04:62:d3:21:32:c6:31:67:da:c7:e3:
                    2f:23:d7:df:c0:e2:07:c4:b1:6e:3b:75:be:b1:38:
                    6d:62:e5:1d:ce:85:ba:dd:17:ca:f6:88:7c:a3:4e:
                    3d:49:32:0b:7a:a9:86:81:99:26:21:49:99:c5:aa:
                    62:e3:5e:12:cd:ab:18:e6:78:39:01:d3:e7:18:23:
                    ba:a6:ef:dc:47:e5:d0:05:d0:1a:8c:8c:7a:59:86:
                    1c:9b:75:44:18:49:38:79:ae:41:58:8e:42:40:53:
                    56:9d:76:03:f3:28:97:6b:fa:c0:9a:78:6f:16:39:
                    18:8d:64:f4:fd:ab:8e:95:2e:82:8f:4c:12:f6:b1:
                    90:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BC:D9:D2:50:75:B8:56:85:10:3F:E8:A9:23:28:14:BA:E9:64:92
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/47zZ0lB1uFaFED_oqSMoFLrpZJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:eb:3a:f9:d4:09:56:2b:bf:2b:b4:8f:0f:5c:74:02:87:65:
         2a:86:04:1e:ce:eb:e8:57:87:e0:53:f4:7c:31:c9:48:20:bb:
         4a:aa:09:85:8c:d8:7a:9c:59:89:7c:2a:c5:a2:39:57:c2:86:
         a7:aa:f8:3e:57:9f:d1:39:05:80:fe:46:d1:9b:81:30:98:7a:
         d8:d1:ac:30:7e:9b:fe:80:51:59:5f:0a:a6:c3:a1:d1:4f:e9:
         6c:e8:47:8c:40:88:6c:87:d6:5b:9d:40:9e:8d:c9:7c:28:9c:
         7a:d8:28:e6:e4:11:e9:05:33:16:24:83:1e:24:d1:59:1a:60:
         69:74:bc:1b:3a:26:60:8c:52:26:73:b4:5d:4c:b8:9a:5b:06:
         2a:49:ca:fa:32:5e:46:c4:ee:07:5f:75:53:96:6b:7e:fa:e7:
         b2:52:d8:e1:5e:4c:42:70:ee:4f:89:10:77:13:fe:6f:a7:c2:
         78:7f:38:0f:59:aa:e5:8e:20:3f:fc:a4:f1:c6:97:cb:2f:a4:
         68:87:a6:77:46:3a:33:89:81:bb:62:ad:d0:a4:e1:a8:85:0e:
         5d:73:1a:6c:32:f3:32:bf:cc:35:d0:56:b8:af:bd:fb:e7:95:
         98:9f:9e:ca:25:f0:fb:7b:35:56:c9:78:b8:91:a7:62:09:73:
         2b:61:d3:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZABY17SGb88RncwmBdI4QSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwNjEwMDkwMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JjZDlkMjUwNzViODU2ODUxMDNmZThhOTIzMjgxNGJhZTk2NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYfEEv+HjQsfDHU3jAK1Er+B2IK/
3UjNX9am+9UcwBNwJygQIhT7f7wvMM9sY1MqGaQ0KSf3yKQyBETcXPHO+iy4ffO0
RlChQ14fduFLpH7M1XEDDMh0R+98YYsIsuYZrPKYtD5w8UXAOiGgduzXACml3CpR
naB1J5SnBGLTITLGMWfax+MvI9ffwOIHxLFuO3W+sThtYuUdzoW63RfK9oh8o049
STILeqmGgZkmIUmZxapi414SzasY5ng5AdPnGCO6pu/cR+XQBdAajIx6WYYcm3VE
GEk4ea5BWI5CQFNWnXYD8yiXa/rAmnhvFjkYjWT0/auOlS6Cj0wS9rGQywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOO82dJQdbhWhRA/6KkjKBS66WSSMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvNDd6WjBsQjF1RmFGRURfb3FTTW9GTHJwWkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR88MA0G
CSqGSIb3DQEBCwUAA4IBAQCG6zr51AlWK78rtI8PXHQCh2UqhgQezuvoV4fgU/R8
MclIILtKqgmFjNh6nFmJfCrFojlXwoanqvg+V5/ROQWA/kbRm4EwmHrY0awwfpv+
gFFZXwqmw6HRT+ls6EeMQIhsh9ZbnUCejcl8KJx62Cjm5BHpBTMWJIMeJNFZGmBp
dLwbOiZgjFImc7RdTLiaWwYqScr6Ml5GxO4HX3VTlmt++ueyUtjhXkxCcO5PiRB3
E/5vp8J4fzgPWarljiA//KTxxpfLL6Roh6Z3RjoziYG7Yq3QpOGohQ5dcxpsMvMy
v8w10Fa4r73755WYn57KJfD7ezVWyXi4kadiCXMrYdO2
-----END CERTIFICATE-----