Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/r_Z7OYtba1P4_awi4xJ1FN8aqfI.roa
File:                     r_Z7OYtba1P4_awi4xJ1FN8aqfI.roa (raw, json)
Hash identifier:          RPruRzib53i7Aab/w8EvgBFXjCKUTDt0Wz+vHIedgtA=
Subject key identifier:   AF:F6:7B:39:8B:5B:6B:53:F8:FD:AC:22:E3:12:75:14:DF:1A:A9:F2
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       018CC3492FD6C2E34D55A13669FEED1DDE55
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/r_Z7OYtba1P4_awi4xJ1FN8aqfI.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.31.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2f:d6:c2:e3:4d:55:a1:36:69:fe:ed:1d:de:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aff67b398b5b6b53f8fdac22e3127514df1aa9f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9d:3c:ad:fa:db:d0:e6:45:42:77:96:f9:24:
                    6e:bb:30:bf:24:6a:c6:62:c3:33:59:07:bf:5a:0a:
                    14:37:27:77:24:27:c7:12:e2:b1:1c:8d:4b:ce:9d:
                    46:eb:83:fa:66:f0:c2:10:e5:da:10:b3:ba:0a:8b:
                    8a:03:93:63:5f:df:4e:56:aa:24:6f:64:0b:d0:d0:
                    97:c2:55:a7:47:e3:57:9e:85:5f:0e:f2:61:a1:cd:
                    cc:9b:8e:39:fc:97:69:68:5e:08:96:56:65:db:da:
                    fd:b8:f2:96:2b:f7:7d:8d:62:1f:bb:14:66:a0:ba:
                    79:81:d6:0b:4a:6e:c2:ee:32:33:9f:9a:84:a0:01:
                    e0:f5:24:3e:fa:0b:b5:e2:39:90:4d:86:81:f3:4a:
                    b7:2a:2f:91:64:6f:3b:a8:01:a6:d0:56:62:25:cc:
                    9c:d3:67:4e:76:e6:b2:81:2e:05:bf:2e:4a:91:85:
                    6b:8e:b6:34:bf:b8:31:6c:3e:d1:02:11:4f:58:25:
                    0a:23:03:88:e4:59:a7:48:76:c2:ae:04:e3:29:b5:
                    88:e7:c3:63:b7:78:62:73:31:80:66:75:b7:1e:b8:
                    69:29:75:d7:98:08:c8:7b:88:83:a6:c9:aa:86:a3:
                    3c:8c:70:d5:26:ec:9f:3e:aa:29:5f:96:40:9e:d2:
                    06:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F6:7B:39:8B:5B:6B:53:F8:FD:AC:22:E3:12:75:14:DF:1A:A9:F2
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/r_Z7OYtba1P4_awi4xJ1FN8aqfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:49:56:7a:b4:fd:a6:7e:3d:fb:6c:1b:0d:ed:90:a2:de:0c:
         8e:f3:8c:e9:11:10:da:22:3d:19:44:83:b4:a7:6e:5b:f8:61:
         06:82:e0:60:46:ac:5c:ed:5d:b7:be:db:02:a4:3a:8b:d4:56:
         cf:a8:4f:71:5b:bf:21:d8:29:c8:47:fa:38:73:e9:97:4a:df:
         11:84:eb:7a:ba:88:8c:5c:6b:af:6c:d3:4c:90:00:6c:ff:f5:
         78:12:6c:7a:1b:b7:a7:9f:66:95:08:3c:d2:70:3b:4f:29:35:
         7c:f7:13:5a:54:58:13:76:81:3a:59:84:b0:c0:bb:25:f7:35:
         30:47:ac:1f:ac:a6:19:a2:6f:87:7f:10:77:b1:22:75:0b:39:
         d0:3a:fe:d3:8b:83:ca:d6:bd:bd:b7:21:75:37:2d:b8:8d:ff:
         9c:07:d5:44:ad:29:db:24:f2:0f:4c:4f:b5:ca:b4:a0:97:de:
         43:0f:80:0e:ce:de:e7:98:0b:9c:6e:29:0c:8a:0a:d6:8a:42:
         a1:0f:19:f0:37:18:1a:77:ff:9a:31:a7:92:fb:ec:9a:df:12:
         0d:fe:ea:ce:86:fe:7b:c1:3e:35:af:3d:37:b7:d9:85:0f:0d:
         f8:81:20:c9:9a:2f:a3:c5:5d:7d:a8:be:32:cb:8e:89:6d:49:
         c4:15:37:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSS/WwuNNVaE2af7tHd5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY2N2IzOThiNWI2YjUzZjhmZGFjMjJlMzEyNzUxNGRmMWFhOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp08rfrb0OZFQneW+SRuuzC/JGrG
YsMzWQe/WgoUNyd3JCfHEuKxHI1Lzp1G64P6ZvDCEOXaELO6CouKA5NjX99OVqok
b2QL0NCXwlWnR+NXnoVfDvJhoc3Mm445/JdpaF4IllZl29r9uPKWK/d9jWIfuxRm
oLp5gdYLSm7C7jIzn5qEoAHg9SQ++gu14jmQTYaB80q3Ki+RZG87qAGm0FZiJcyc
02dOduaygS4Fvy5KkYVrjrY0v7gxbD7RAhFPWCUKIwOI5FmnSHbCrgTjKbWI58Nj
t3hiczGAZnW3HrhpKXXXmAjIe4iDpsmqhqM8jHDVJuyfPqopX5ZAntIGtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/2ezmLW2tT+P2sIuMSdRTfGqnyMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvcl9aN09ZdGJhMVA0X2F3aTR4SjFGTjhhcWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8PMA0G
CSqGSIb3DQEBCwUAA4IBAQBHSVZ6tP2mfj37bBsN7ZCi3gyO84zpERDaIj0ZRIO0
p25b+GEGguBgRqxc7V23vtsCpDqL1FbPqE9xW78h2CnIR/o4c+mXSt8RhOt6uoiM
XGuvbNNMkABs//V4Emx6G7enn2aVCDzScDtPKTV89xNaVFgTdoE6WYSwwLsl9zUw
R6wfrKYZom+HfxB3sSJ1CznQOv7Ti4PK1r29tyF1Ny24jf+cB9VErSnbJPIPTE+1
yrSgl95DD4AOzt7nmAucbikMigrWikKhDxnwNxgad/+aMaeS++ya3xIN/urOhv57
wT41rz03t9mFDw34gSDJmi+jxV19qL4yy46JbUnEFTdI
-----END CERTIFICATE-----