Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/tYsd1Z0PviLU9jOb8iR6GY412b4.roa
File:                     tYsd1Z0PviLU9jOb8iR6GY412b4.roa (raw, json)
Hash identifier:          qSPUHwSNY4XPxLtkWI4tLjAhHAkJ146npjI7riyn2Z4=
Subject key identifier:   B5:8B:1D:D5:9D:0F:BE:22:D4:F6:33:9B:F2:24:7A:19:8E:35:D9:BE
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       018CC34931DF79721E07B744602CC5014638
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/tYsd1Z0PviLU9jOb8iR6GY412b4.roa
Signing time:             Mon 01 Jan 2024 04:30:03 +0000
ROA not before:           Mon 01 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        193.31.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:31:df:79:72:1e:07:b7:44:60:2c:c5:01:46:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b58b1dd59d0fbe22d4f6339bf2247a198e35d9be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:65:99:d5:e9:0f:2f:40:68:c9:5c:33:c1:fe:
                    82:f4:6d:17:d4:b3:06:e8:72:3a:94:bb:91:d4:b5:
                    19:56:c8:9a:bc:3d:1a:97:e8:e3:b2:40:39:93:4d:
                    5b:a0:ec:aa:fd:97:80:79:73:78:94:60:b0:0b:88:
                    56:cd:0d:2e:91:64:99:5e:20:1b:74:e2:44:70:b4:
                    29:cb:51:6d:b7:47:37:61:b9:60:ba:51:54:2d:ca:
                    1e:49:9c:bd:cd:7a:0a:f3:30:2b:04:81:b0:47:5a:
                    23:4e:b5:70:76:ed:b1:c5:64:d3:8d:b8:4d:0f:52:
                    27:98:5b:b9:39:74:79:cb:59:e4:3c:00:6e:cc:c1:
                    df:0c:00:0e:20:55:f0:89:e8:a2:5b:57:ee:76:7c:
                    5b:d8:62:00:f3:68:62:2f:6a:7c:32:bd:01:e6:6b:
                    90:3d:92:35:65:a2:67:39:ab:b8:9a:af:ac:52:b8:
                    b3:be:d3:0b:ec:de:b1:99:cb:f9:c8:d7:92:0b:1e:
                    0a:06:2c:57:65:41:c7:30:23:a1:73:83:2b:b8:83:
                    9f:54:13:7f:1c:49:de:e7:2b:b2:72:e4:87:ae:4b:
                    15:a9:ef:71:7f:70:6a:de:f5:92:30:b1:b1:90:da:
                    b1:e8:84:e5:51:aa:95:5b:14:a5:9d:bd:56:1e:70:
                    b8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8B:1D:D5:9D:0F:BE:22:D4:F6:33:9B:F2:24:7A:19:8E:35:D9:BE
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/tYsd1Z0PviLU9jOb8iR6GY412b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:da:40:b1:bc:d4:8a:5e:f4:f0:94:6f:1f:0f:f5:19:66:43:
         d4:00:e6:07:bb:10:3d:35:c2:8f:e6:51:15:d3:1d:42:01:f2:
         c3:df:50:ac:77:08:33:48:ba:d1:3f:f2:c0:8b:c5:f8:db:2f:
         8b:1f:11:ae:9c:e7:9d:97:86:5d:06:f2:8c:c1:77:75:4e:06:
         cf:61:c9:09:eb:79:6e:45:a1:e3:5d:7e:9c:03:fe:ae:6b:ac:
         cc:cc:3b:e2:97:2b:8f:d9:3a:4c:cf:a5:f3:61:ef:c6:08:4f:
         71:61:42:9d:6c:ce:79:31:56:95:f1:de:09:16:cf:0b:3c:f7:
         4c:85:a9:3b:a7:17:6a:07:96:89:3b:cd:83:c2:cd:61:d2:d8:
         dc:0c:4a:85:f6:d6:8f:2d:50:15:e3:77:ef:e9:22:f0:65:10:
         43:c8:6d:91:a7:b1:eb:c3:b0:b6:c5:40:9f:6b:ab:c2:28:e1:
         85:ed:c0:07:41:f5:45:e2:aa:28:06:4a:56:9b:1a:2b:6b:2d:
         e5:2c:61:79:5f:71:84:7c:65:ac:67:e6:e5:3a:44:8c:cb:50:
         58:6f:01:12:be:50:b6:89:60:1f:ab:c9:35:3a:8a:a9:e3:60:
         a2:79:44:60:6a:ad:13:c1:fb:89:0f:8a:24:12:c2:df:19:6a:
         97:2f:8d:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTHfeXIeB7dEYCzFAUY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwMTAxMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThiMWRkNTlkMGZiZTIyZDRmNjMzOWJmMjI0N2ExOThlMzVkOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2WZ1ekPL0BoyVwzwf6C9G0X1LMG
6HI6lLuR1LUZVsiavD0al+jjskA5k01boOyq/ZeAeXN4lGCwC4hWzQ0ukWSZXiAb
dOJEcLQpy1Ftt0c3YblgulFULcoeSZy9zXoK8zArBIGwR1ojTrVwdu2xxWTTjbhN
D1InmFu5OXR5y1nkPABuzMHfDAAOIFXwieiiW1fudnxb2GIA82hiL2p8Mr0B5muQ
PZI1ZaJnOau4mq+sUrizvtML7N6xmcv5yNeSCx4KBixXZUHHMCOhc4MruIOfVBN/
HEne5yuycuSHrksVqe9xf3Bq3vWSMLGxkNqx6ITlUaqVWxSlnb1WHnC4OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWLHdWdD74i1PYzm/IkehmONdm+MB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvdFlzZDFaMFB2aUxVOWpPYjhpUjZHWTQxMmI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR88MA0G
CSqGSIb3DQEBCwUAA4IBAQBn2kCxvNSKXvTwlG8fD/UZZkPUAOYHuxA9NcKP5lEV
0x1CAfLD31CsdwgzSLrRP/LAi8X42y+LHxGunOedl4ZdBvKMwXd1TgbPYckJ63lu
RaHjXX6cA/6ua6zMzDvilyuP2TpMz6XzYe/GCE9xYUKdbM55MVaV8d4JFs8LPPdM
hak7pxdqB5aJO82Dws1h0tjcDEqF9taPLVAV43fv6SLwZRBDyG2Rp7Hrw7C2xUCf
a6vCKOGF7cAHQfVF4qooBkpWmxoray3lLGF5X3GEfGWsZ+blOkSMy1BYbwESvlC2
iWAfq8k1Ooqp42CieURgaq0TwfuJD4okEsLfGWqXL43J
-----END CERTIFICATE-----