Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/laT6cLR_CsAMLDNRuHbw-QE9_Lg.roa
File:                     laT6cLR_CsAMLDNRuHbw-QE9_Lg.roa (raw, json)
Hash identifier:          /As0MXu+Jd4Zfmw66mysjQFz8bFMgrz+a8Z5fFD5uCE=
Subject key identifier:   95:A4:FA:70:B4:7F:0A:C0:0C:2C:33:51:B8:76:F0:F9:01:3D:FC:B8
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       0195383476B8A7FDA8F16BFB77A104136B1A
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/laT6cLR_CsAMLDNRuHbw-QE9_Lg.roa
Signing time:             Mon 24 Feb 2025 13:45:17 +0000
ROA not before:           Mon 24 Feb 2025 13:45:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        193.31.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:34:76:b8:a7:fd:a8:f1:6b:fb:77:a1:04:13:6b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Feb 24 13:45:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95a4fa70b47f0ac00c2c3351b876f0f9013dfcb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:d2:f7:49:27:e4:e2:41:9a:31:ba:1b:2f:d8:
                    65:dd:27:e6:91:93:cd:6d:77:48:6f:be:00:df:6e:
                    4a:d3:ba:d8:cd:56:95:fa:11:39:3d:d1:74:71:b6:
                    14:f9:73:c0:a6:c4:37:50:44:a6:50:22:6d:b1:3d:
                    65:94:61:8a:f9:a9:01:9d:00:c4:e1:c0:59:97:ad:
                    b1:f9:75:34:82:ec:81:1c:2f:b9:2b:96:73:e6:8b:
                    3b:e4:88:40:d7:e8:5d:32:7b:84:db:9f:dc:b3:53:
                    43:87:da:37:56:53:7e:2a:6b:7a:eb:75:6f:7b:f3:
                    55:a2:c9:eb:7b:32:b7:dc:4f:4d:8b:f0:a3:aa:7c:
                    d7:49:de:80:86:c2:1c:ca:f2:14:6f:b4:38:23:5b:
                    2c:b2:c2:03:55:36:8e:df:18:1a:5f:ff:97:8f:d5:
                    6f:b6:01:c8:f6:50:50:9f:fa:bf:3d:fd:e6:1b:3f:
                    e5:87:e9:5b:b2:fc:47:a1:e1:6a:42:4e:80:8e:7a:
                    20:6e:e0:67:36:ee:63:a1:e7:4c:ee:30:f0:27:e0:
                    8b:7a:6a:4e:23:66:5d:ac:31:19:e9:82:e7:ea:f1:
                    79:de:5f:cf:b6:00:b2:10:b7:0d:6d:a3:e3:45:1f:
                    3e:f9:79:37:e8:bf:8a:07:0d:92:97:13:11:c7:c2:
                    b4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A4:FA:70:B4:7F:0A:C0:0C:2C:33:51:B8:76:F0:F9:01:3D:FC:B8
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/laT6cLR_CsAMLDNRuHbw-QE9_Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:19:d5:9a:e9:2d:3c:14:3c:55:5d:2d:74:d4:e1:24:ea:70:
         c6:b9:d1:16:02:46:fc:3f:9f:01:b2:d6:29:8d:6b:21:e7:f9:
         e7:a6:8e:cc:e9:9f:b2:60:12:c4:75:e5:fc:cb:85:24:42:9a:
         be:1c:90:89:e2:62:36:a5:25:b6:2d:f0:76:88:40:76:cc:58:
         18:81:7a:92:87:38:21:43:21:25:23:19:b6:e9:0d:c3:80:3f:
         6a:7b:9e:50:8c:d4:e7:68:44:24:fe:1b:b1:64:ad:80:b1:b3:
         36:0a:df:40:84:33:3b:e1:4e:0a:e1:92:6d:1c:c3:e4:e4:71:
         c9:16:7d:25:3a:02:64:c0:6d:d7:2c:ac:1a:c4:3b:72:81:2f:
         69:f0:b8:fc:aa:78:c1:9b:cc:41:78:d9:6a:22:f3:88:06:2c:
         1a:36:f7:9b:d2:bb:c3:bd:bf:0e:e6:11:0a:43:ae:c4:d0:57:
         e9:e5:33:3d:78:ed:6d:25:b9:43:ca:a8:7d:2d:bb:a4:71:8f:
         fa:91:04:ce:dd:33:93:f2:84:44:bf:48:4b:ec:2d:9d:1f:a6:
         af:07:73:65:55:8d:15:a1:7c:3a:56:2c:f3:4e:6b:e4:d4:a1:
         ec:cd:17:ee:d6:fb:b5:0a:46:0e:87:56:26:dd:50:eb:2e:7a:
         25:1c:b1:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU4NHa4p/2o8Wv7d6EEE2saMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjUwMjI0MTM0NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWE0ZmE3MGI0N2YwYWMwMGMyYzMzNTFiODc2ZjBmOTAxM2RmY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59L3SSfk4kGaMbobL9hl3SfmkZPN
bXdIb74A325K07rYzVaV+hE5PdF0cbYU+XPApsQ3UESmUCJtsT1llGGK+akBnQDE
4cBZl62x+XU0guyBHC+5K5Zz5os75IhA1+hdMnuE25/cs1NDh9o3VlN+Kmt663Vv
e/NVosnrezK33E9Ni/CjqnzXSd6AhsIcyvIUb7Q4I1ssssIDVTaO3xgaX/+Xj9Vv
tgHI9lBQn/q/Pf3mGz/lh+lbsvxHoeFqQk6AjnogbuBnNu5joedM7jDwJ+CLempO
I2ZdrDEZ6YLn6vF53l/PtgCyELcNbaPjRR8++Xk36L+KBw2SlxMRx8K0YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWk+nC0fwrADCwzUbh28PkBPfy4MB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvbGFUNmNMUl9Dc0FNTEROUnVIYnctUUU5X0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR88MA0G
CSqGSIb3DQEBCwUAA4IBAQBLGdWa6S08FDxVXS101OEk6nDGudEWAkb8P58BstYp
jWsh5/nnpo7M6Z+yYBLEdeX8y4UkQpq+HJCJ4mI2pSW2LfB2iEB2zFgYgXqShzgh
QyElIxm26Q3DgD9qe55QjNTnaEQk/huxZK2AsbM2Ct9AhDM74U4K4ZJtHMPk5HHJ
Fn0lOgJkwG3XLKwaxDtygS9p8Lj8qnjBm8xBeNlqIvOIBiwaNveb0rvDvb8O5hEK
Q67E0Ffp5TM9eO1tJblDyqh9LbukcY/6kQTO3TOT8oREv0hL7C2dH6avB3NlVY0V
oXw6VizzTmvk1KHszRfu1vu1CkYOh1Ym3VDrLnolHLGy
-----END CERTIFICATE-----