Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/FOBtaKi6ynnWkWebIsY-Pt8fXac.roa
File:                     FOBtaKi6ynnWkWebIsY-Pt8fXac.roa (raw, json)
Hash identifier:          yBG/Qjs5nLc+SmD6zPFLH/7YrsmhmtryLym7mbtm1MQ=
Subject key identifier:   14:E0:6D:68:A8:BA:CA:79:D6:91:67:9B:22:C6:3E:3E:DF:1F:5D:A7
Certificate issuer:       /CN=895364dd8ff730a908b09b5f9913c153fc16aa3c
Certificate serial:       018CC348C3C15CF5C71022D051785224B92C
Authority key identifier: 89:53:64:DD:8F:F7:30:A9:08:B0:9B:5F:99:13:C1:53:FC:16:AA:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/FOBtaKi6ynnWkWebIsY-Pt8fXac.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44129
IP address blocks:        193.169.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c3:c1:5c:f5:c7:10:22:d0:51:78:52:24:b9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=895364dd8ff730a908b09b5f9913c153fc16aa3c
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e06d68a8baca79d691679b22c63e3edf1f5da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:84:f8:86:74:da:05:06:93:c5:d0:d2:5d:cc:
                    79:ec:07:21:be:96:aa:b0:61:a7:1f:80:92:75:13:
                    79:2f:a4:14:31:f1:83:ce:6f:0f:57:b1:1d:db:77:
                    b7:cd:97:e2:96:14:e7:8e:0b:a9:bb:40:c3:51:74:
                    2d:eb:ff:97:8f:db:7c:39:9a:97:62:ac:f4:71:d2:
                    d6:86:07:03:5b:61:b6:66:cb:c7:86:f0:ca:f4:1c:
                    c5:95:8e:57:e8:16:e5:ad:28:9b:42:bd:f5:0f:48:
                    8c:b6:59:01:84:0d:5a:bc:7b:fe:99:d9:55:af:84:
                    c6:7d:23:2c:6b:bf:62:b3:48:17:d6:2d:4c:55:ef:
                    b0:37:99:cf:89:b2:b9:76:15:cb:b6:8a:1a:78:c1:
                    39:94:f9:73:c9:de:c1:3a:7c:97:bc:86:6a:58:01:
                    ce:7b:4d:5b:78:27:f1:86:4a:01:ef:72:a5:72:c7:
                    bd:dc:9d:b9:3a:a4:8e:e2:b7:ee:2e:d4:be:a3:9b:
                    4d:74:e2:8d:78:db:d7:f5:6e:3e:e7:4f:0d:d9:ad:
                    f9:30:62:1f:96:37:74:f7:8e:35:9a:09:a3:22:ac:
                    8b:fa:fa:bf:e3:26:19:c9:2b:d0:81:bb:ca:8c:50:
                    b4:9c:5e:da:37:26:73:25:14:84:58:15:60:87:86:
                    bd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E0:6D:68:A8:BA:CA:79:D6:91:67:9B:22:C6:3E:3E:DF:1F:5D:A7
            X509v3 Authority Key Identifier:
                keyid:89:53:64:DD:8F:F7:30:A9:08:B0:9B:5F:99:13:C1:53:FC:16:AA:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/FOBtaKi6ynnWkWebIsY-Pt8fXac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/922bcd-f1ad-4d63-8243-294b1aa14866/1/iVNk3Y_3MKkIsJtfmRPBU_wWqjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:81:f3:49:58:b1:6e:7e:6e:33:7a:3a:73:fd:f6:1b:6b:96:
         83:df:f4:85:27:4f:cf:08:f9:82:55:ec:3d:4a:62:23:fa:6d:
         69:2c:13:fa:4a:3d:8e:b2:c2:1e:9d:b4:d4:73:13:30:43:b1:
         19:08:c1:1e:a0:8b:42:3c:13:f9:3a:53:3c:af:bf:e1:05:99:
         ed:6f:78:45:2f:f7:f3:9b:3e:b3:21:d8:25:be:f5:9a:d8:a5:
         6d:8c:5c:b2:b7:ee:be:96:c4:ee:91:17:fa:46:fc:05:b3:c9:
         98:6b:22:ae:1f:12:0e:60:dc:12:79:f5:e2:e2:fe:61:2c:7f:
         81:3f:88:02:57:a7:dc:f8:fb:01:4d:c2:88:57:13:96:8c:01:
         5c:59:d2:4c:b1:53:43:6b:0e:d7:42:3f:0b:20:3a:bb:38:91:
         e0:31:48:fa:52:b6:92:3c:5d:94:5f:35:49:ca:a8:d1:43:75:
         ac:a1:87:c7:2f:c5:e0:50:e5:41:63:f9:5b:cf:2d:bc:32:2b:
         df:52:66:2e:ec:ea:8f:a2:99:3b:ac:5c:a2:fb:25:a4:8c:5e:
         54:28:78:75:c9:e5:89:ee:ee:aa:3c:f2:c9:b2:f3:62:9e:12:
         4d:6e:b6:53:2e:2f:4d:46:d7:06:78:e3:19:34:3a:50:8a:ab:
         d4:8f:76:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMPBXPXHECLQUXhSJLksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTM2NGRkOGZmNzMwYTkwOGIwOWI1Zjk5MTNjMTUzZmMx
NmFhM2MwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGUwNmQ2OGE4YmFjYTc5ZDY5MTY3OWIyMmM2M2UzZWRmMWY1ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4T4hnTaBQaTxdDSXcx57Achvpaq
sGGnH4CSdRN5L6QUMfGDzm8PV7Ed23e3zZfilhTnjgupu0DDUXQt6/+Xj9t8OZqX
Yqz0cdLWhgcDW2G2ZsvHhvDK9BzFlY5X6BblrSibQr31D0iMtlkBhA1avHv+mdlV
r4TGfSMsa79is0gX1i1MVe+wN5nPibK5dhXLtooaeME5lPlzyd7BOnyXvIZqWAHO
e01beCfxhkoB73Klcse93J25OqSO4rfuLtS+o5tNdOKNeNvX9W4+508N2a35MGIf
ljd09441mgmjIqyL+vq/4yYZySvQgbvKjFC0nF7aNyZzJRSEWBVgh4a9dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTgbWiousp51pFnmyLGPj7fH12nMB8GA1UdIwQY
MBaAFIlTZN2P9zCpCLCbX5kTwVP8Fqo8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZOazNZXzNNS2tJc0p0Zm1SUEJVX3dXcWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy85MjJiY2QtZjFhZC00ZDYzLTgyNDMt
Mjk0YjFhYTE0ODY2LzEvRk9CdGFLaTZ5bm5Xa1dlYklzWS1QdDhmWGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy85MjJiY2QtZjFhZC00ZDYzLTgyNDMtMjk0YjFhYTE0ODY2
LzEvaVZOazNZXzNNS2tJc0p0Zm1SUEJVX3dXcWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwakfMA0G
CSqGSIb3DQEBCwUAA4IBAQB8gfNJWLFufm4zejpz/fYba5aD3/SFJ0/PCPmCVew9
SmIj+m1pLBP6Sj2OssIenbTUcxMwQ7EZCMEeoItCPBP5OlM8r7/hBZntb3hFL/fz
mz6zIdglvvWa2KVtjFyyt+6+lsTukRf6RvwFs8mYayKuHxIOYNwSefXi4v5hLH+B
P4gCV6fc+PsBTcKIVxOWjAFcWdJMsVNDaw7XQj8LIDq7OJHgMUj6UraSPF2UXzVJ
yqjRQ3WsoYfHL8XgUOVBY/lbzy28MivfUmYu7OqPopk7rFyi+yWkjF5UKHh1yeWJ
7u6qPPLJsvNinhJNbrZTLi9NRtcGeOMZNDpQiqvUj3bE
-----END CERTIFICATE-----