Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/P22Xu7Odpb6rHs84C5Z0ip8hPqM.roa
File:                     P22Xu7Odpb6rHs84C5Z0ip8hPqM.roa (raw, json)
Hash identifier:          AYGw0zqszLh0A3A359kT4i4m2xr6R3QiaEpwdHejtU8=
Subject key identifier:   3F:6D:97:BB:B3:9D:A5:BE:AB:1E:CF:38:0B:96:74:8A:9F:21:3E:A3
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       018CC3493047471A245C8F3D4B4200108E9E
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/P22Xu7Odpb6rHs84C5Z0ip8hPqM.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.31.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:30:47:47:1a:24:5c:8f:3d:4b:42:00:10:8e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f6d97bbb39da5beab1ecf380b96748a9f213ea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:85:23:dd:11:8c:62:7d:55:d8:8a:20:07:ef:
                    82:68:46:be:ce:64:54:48:c2:51:0c:0b:88:12:30:
                    b7:5c:88:d7:fd:a6:9a:f0:e3:d9:19:1c:0d:a5:06:
                    01:72:44:80:af:15:76:22:06:77:8c:2d:c7:4e:82:
                    39:3a:44:e4:77:42:20:07:1d:ff:63:45:cf:ce:84:
                    c5:76:e9:65:48:f1:8b:5e:f7:dc:22:3f:6c:ea:6b:
                    ec:5b:90:10:07:b8:e9:00:86:e6:1f:01:8b:87:24:
                    e7:0e:f8:92:db:1b:3a:ee:41:6f:59:4f:4d:2a:0c:
                    17:3e:99:11:f4:19:a3:a8:ed:26:d0:81:c4:71:9c:
                    c8:43:79:71:38:51:87:4f:1a:94:13:77:bd:17:f9:
                    1e:29:53:81:08:ce:1d:47:a5:40:dc:72:25:76:72:
                    0d:22:3b:46:e4:c9:95:7f:e9:17:1f:11:e9:e3:84:
                    ba:c2:66:f1:e6:ac:3c:23:e7:c1:91:a5:0a:2d:a2:
                    01:b6:95:12:66:8b:77:b9:a3:08:2f:39:ba:24:4e:
                    71:b6:47:b3:99:14:4e:3c:81:e8:5d:22:5d:11:21:
                    1f:3d:62:49:85:22:e7:20:87:8c:35:52:98:92:07:
                    e9:81:c7:fe:34:a8:93:b0:ed:51:71:98:ff:c1:60:
                    4b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6D:97:BB:B3:9D:A5:BE:AB:1E:CF:38:0B:96:74:8A:9F:21:3E:A3
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/P22Xu7Odpb6rHs84C5Z0ip8hPqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:04:9d:2a:0b:37:a6:ac:e3:c7:93:81:86:7e:96:84:6c:e6:
         06:c2:3e:d8:4b:cf:c1:f9:b5:9b:19:8c:9f:f0:b4:9f:72:02:
         9f:13:af:ab:21:df:88:15:38:c7:bb:44:0e:a0:7f:15:8b:7c:
         d4:a2:9f:74:65:6d:11:d5:91:17:ef:7d:49:4b:a4:0f:9f:21:
         85:c8:cb:44:5b:46:32:a2:06:8c:27:80:cf:ec:5f:14:53:a2:
         20:86:0e:32:da:f4:aa:0d:8f:10:47:03:9d:32:3c:d4:f5:fd:
         be:d2:cd:92:83:0b:2e:12:e7:88:69:5a:82:63:2a:3e:a2:4f:
         c9:e1:5d:59:58:50:4c:24:5c:a2:54:8a:00:33:ee:15:55:7f:
         9f:79:52:7a:51:b1:2c:ab:85:2a:72:f5:c1:59:46:7c:87:fe:
         61:7a:b6:7a:dd:89:14:1a:f7:b3:b1:cb:44:00:7f:63:be:04:
         c8:10:56:cc:c9:fe:b5:d5:ce:69:40:37:a4:2f:da:a0:22:0c:
         68:9e:b8:d8:28:1c:e8:3f:0a:1a:dd:ce:74:86:da:69:db:9a:
         e7:20:73:56:9b:1d:2b:bd:0c:b9:5e:47:93:d4:59:67:19:1e:
         9c:4e:9d:29:40:d1:03:00:6d:44:24:65:5c:a0:de:a6:01:f8:
         2a:76:5f:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTBHRxokXI89S0IAEI6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZkOTdiYmIzOWRhNWJlYWIxZWNmMzgwYjk2NzQ4YTlmMjEzZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIUj3RGMYn1V2IogB++CaEa+zmRU
SMJRDAuIEjC3XIjX/aaa8OPZGRwNpQYBckSArxV2IgZ3jC3HToI5OkTkd0IgBx3/
Y0XPzoTFdullSPGLXvfcIj9s6mvsW5AQB7jpAIbmHwGLhyTnDviS2xs67kFvWU9N
KgwXPpkR9BmjqO0m0IHEcZzIQ3lxOFGHTxqUE3e9F/keKVOBCM4dR6VA3HIldnIN
IjtG5MmVf+kXHxHp44S6wmbx5qw8I+fBkaUKLaIBtpUSZot3uaMILzm6JE5xtkez
mRROPIHoXSJdESEfPWJJhSLnIIeMNVKYkgfpgcf+NKiTsO1RcZj/wWBLLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9tl7uznaW+qx7POAuWdIqfIT6jMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvUDIyWHU3T2RwYjZySHM4NEM1WjBpcDhoUHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8PMA0G
CSqGSIb3DQEBCwUAA4IBAQBWBJ0qCzemrOPHk4GGfpaEbOYGwj7YS8/B+bWbGYyf
8LSfcgKfE6+rId+IFTjHu0QOoH8Vi3zUop90ZW0R1ZEX731JS6QPnyGFyMtEW0Yy
ogaMJ4DP7F8UU6Ighg4y2vSqDY8QRwOdMjzU9f2+0s2SgwsuEueIaVqCYyo+ok/J
4V1ZWFBMJFyiVIoAM+4VVX+feVJ6UbEsq4UqcvXBWUZ8h/5herZ63YkUGvezsctE
AH9jvgTIEFbMyf611c5pQDekL9qgIgxonrjYKBzoPwoa3c50htpp25rnIHNWmx0r
vQy5XkeT1FlnGR6cTp0pQNEDAG1EJGVcoN6mAfgqdl+9
-----END CERTIFICATE-----