Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/Spyy1kXqDOK_hViNh2rFPki-k-Q.roa
File:                     Spyy1kXqDOK_hViNh2rFPki-k-Q.roa (raw, json)
Hash identifier:          7Ir2nYjEPeQ8tjOPYUX+fJe2JiV8L0A0aV/Aryr7mjI=
Subject key identifier:   4A:9C:B2:D6:45:EA:0C:E2:BF:85:58:8D:87:6A:C5:3E:48:BE:93:E4
Certificate issuer:       /CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
Certificate serial:       018CCA295635F92E0201BCAE1021A48C55F3
Authority key identifier: 2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/Spyy1kXqDOK_hViNh2rFPki-k-Q.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399587
IP address blocks:        193.3.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:56:35:f9:2e:02:01:bc:ae:10:21:a4:8c:55:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a9cb2d645ea0ce2bf85588d876ac53e48be93e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1a:d5:9f:e6:84:41:50:65:1d:2b:31:20:80:
                    7a:c6:71:85:19:7b:3a:8d:d1:b2:00:1c:62:92:28:
                    ff:cf:ee:cd:fb:93:3e:d8:82:7d:38:a9:af:58:28:
                    1c:05:41:85:1e:94:92:91:a8:0a:52:fc:39:78:7f:
                    73:34:31:fe:3b:fa:aa:25:32:16:66:e8:92:0b:3f:
                    eb:ad:2d:b2:51:20:d3:bd:fe:be:56:c1:7b:6e:3d:
                    64:7f:cb:68:8e:55:2a:6e:01:a1:6d:b5:1b:43:14:
                    4e:db:f5:7a:36:c4:af:2b:98:34:d0:a5:11:7a:9a:
                    8f:04:84:88:9e:1c:23:37:71:14:bd:50:75:4f:5a:
                    64:02:f3:75:ee:38:df:bf:ad:a7:c1:f8:19:0a:f6:
                    77:74:4b:87:cb:08:18:1a:d4:5e:a4:91:76:96:e7:
                    16:55:46:b6:92:a9:9c:20:8d:41:5d:2c:9d:dc:11:
                    c4:35:17:f5:99:63:06:ee:a1:ca:6d:38:3f:81:ff:
                    f5:8c:30:4e:2b:ff:bf:e7:3e:58:dd:e2:2d:77:57:
                    d2:cd:d5:57:b1:9c:71:d9:f0:aa:cc:55:96:9a:84:
                    30:c9:ed:10:c2:86:fc:0f:73:cc:98:da:2e:c4:c0:
                    46:96:7f:59:dc:ee:05:bf:11:b8:7f:1d:f3:18:8f:
                    e0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9C:B2:D6:45:EA:0C:E2:BF:85:58:8D:87:6A:C5:3E:48:BE:93:E4
            X509v3 Authority Key Identifier:
                keyid:2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/Spyy1kXqDOK_hViNh2rFPki-k-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:2f:d7:b1:26:fa:f1:fd:f7:2e:42:51:48:90:a3:09:a6:c1:
         4b:3c:f7:2c:45:1a:ac:a6:11:b3:52:6f:dd:6e:4e:cb:bb:c1:
         bb:1e:ae:d0:af:dd:df:81:6a:a0:d7:a8:99:cb:56:d6:2a:29:
         93:c6:44:3a:fc:2b:45:42:17:e7:c4:cb:a1:1e:67:0c:e0:3c:
         8e:c9:83:bf:d9:30:65:3c:d0:57:e3:54:5c:fb:3b:cc:c6:84:
         33:a0:7c:dc:e4:36:6b:68:d4:bc:42:9f:06:29:45:43:11:87:
         25:fe:9a:3b:8e:13:98:ea:06:8d:59:a7:43:24:60:f9:cf:5e:
         bd:2c:fc:c8:1a:45:fc:b5:f0:57:df:12:2f:4e:bc:72:de:d3:
         ca:fb:6a:89:21:32:d2:4a:99:9c:7b:b4:b3:44:4a:cb:22:e9:
         d0:fc:8d:fd:7c:bc:b8:2b:d9:83:45:88:ef:71:b2:b9:f3:f4:
         e4:55:1d:fd:78:e5:48:35:19:96:53:11:b2:dc:70:a2:37:15:
         33:0c:60:09:ef:00:1e:5f:1f:1a:36:cc:53:14:89:d9:1b:3f:
         f7:a2:21:45:6d:78:e8:96:bf:65:2c:11:87:4a:16:c6:6e:7b:
         a2:8c:28:cc:10:5b:cb:71:2e:1b:8a:e3:84:5b:bd:34:a2:87:
         72:cb:e3:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKVY1+S4CAbyuECGkjFXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTRlODcwYmMzN2FjOTczMWZlNmZjZjk2ODJlYjY1N2U1
MGJjYTMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTljYjJkNjQ1ZWEwY2UyYmY4NTU4OGQ4NzZhYzUzZTQ4YmU5M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRrVn+aEQVBlHSsxIIB6xnGFGXs6
jdGyABxikij/z+7N+5M+2IJ9OKmvWCgcBUGFHpSSkagKUvw5eH9zNDH+O/qqJTIW
ZuiSCz/rrS2yUSDTvf6+VsF7bj1kf8tojlUqbgGhbbUbQxRO2/V6NsSvK5g00KUR
epqPBISInhwjN3EUvVB1T1pkAvN17jjfv62nwfgZCvZ3dEuHywgYGtRepJF2lucW
VUa2kqmcII1BXSyd3BHENRf1mWMG7qHKbTg/gf/1jDBOK/+/5z5Y3eItd1fSzdVX
sZxx2fCqzFWWmoQwye0Qwob8D3PMmNouxMBGln9Z3O4FvxG4fx3zGI/g/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqcstZF6gziv4VYjYdqxT5IvpPkMB8GA1UdIwQY
MBaAFC+k6HC8N6yXMf5vz5aC62V+ULyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUt
OWI4N2YyYWZiZDdmLzEvU3B5eTFrWHFET0tfaFZpTmgyckZQa2ktay1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUtOWI4N2YyYWZiZDdm
LzEvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQM2MA0G
CSqGSIb3DQEBCwUAA4IBAQBlL9exJvrx/fcuQlFIkKMJpsFLPPcsRRqsphGzUm/d
bk7Lu8G7Hq7Qr93fgWqg16iZy1bWKimTxkQ6/CtFQhfnxMuhHmcM4DyOyYO/2TBl
PNBX41Rc+zvMxoQzoHzc5DZraNS8Qp8GKUVDEYcl/po7jhOY6gaNWadDJGD5z169
LPzIGkX8tfBX3xIvTrxy3tPK+2qJITLSSpmce7SzRErLIunQ/I39fLy4K9mDRYjv
cbK58/TkVR39eOVINRmWUxGy3HCiNxUzDGAJ7wAeXx8aNsxTFInZGz/3oiFFbXjo
lr9lLBGHShbGbnuijCjMEFvLcS4biuOEW700oodyy+Na
-----END CERTIFICATE-----