Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/9R93BRYiUhTXz4R34SHURK_w4Lo.roa
File:                     9R93BRYiUhTXz4R34SHURK_w4Lo.roa (raw, json)
Hash identifier:          Ziy98E6vFlwqY+ktYHkmksSHpV22XXwdN3OvIlnNwdc=
Subject key identifier:   F5:1F:77:05:16:22:52:14:D7:CF:84:77:E1:21:D4:44:AF:F0:E0:BA
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018CC7271FF1DF6239EB205FD5A5A107F238
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/9R93BRYiUhTXz4R34SHURK_w4Lo.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34476
IP address blocks:        31.169.75.0/24 maxlen: 24
                          31.169.85.0/24 maxlen: 24
                          31.169.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1f:f1:df:62:39:eb:20:5f:d5:a5:a1:07:f2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f51f770516225214d7cf8477e121d444aff0e0ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:48:53:a6:95:41:83:9c:34:e0:43:61:3f:d3:
                    14:69:1e:a1:68:10:71:f7:d6:8b:19:b4:2e:fc:68:
                    02:6a:85:59:62:6f:5b:a3:a3:75:0b:71:55:a0:a8:
                    23:f2:3c:99:3b:64:41:e6:b9:ab:cc:09:52:7b:dd:
                    c9:f0:3e:f6:40:81:c9:61:4c:da:bb:09:f3:f7:b4:
                    a2:e2:ab:be:26:3c:6e:ad:c7:de:fb:3b:c9:20:20:
                    c5:41:55:f4:b9:dc:d9:38:bd:3e:71:11:d8:cd:dc:
                    32:9e:99:10:17:df:c4:55:f0:51:9f:1c:c3:83:69:
                    14:3c:d8:e5:80:a3:d3:39:0c:4b:a3:15:c3:9f:32:
                    7b:0f:b0:e1:83:e9:08:7e:dc:ba:a3:47:71:c6:ff:
                    0f:ca:65:83:4d:fb:5f:d6:55:2b:e8:f3:31:61:4b:
                    4b:5e:da:04:23:db:30:e8:e4:a5:5f:91:6b:c0:41:
                    6f:ad:ae:d5:59:dc:0a:e3:22:49:ee:0f:14:f1:7e:
                    01:60:73:78:6d:93:c8:cc:93:e9:fa:bd:cc:11:39:
                    de:ac:55:96:8a:9f:e9:cf:2a:12:de:03:6b:7c:0b:
                    cd:b1:1c:10:a7:0c:ea:f1:ee:13:e5:88:23:2e:c7:
                    64:ea:aa:91:36:34:e6:a2:65:db:52:fb:0e:71:1d:
                    3e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:1F:77:05:16:22:52:14:D7:CF:84:77:E1:21:D4:44:AF:F0:E0:BA
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/9R93BRYiUhTXz4R34SHURK_w4Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.75.0/24
                  31.169.85.0/24
                  31.169.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1c:aa:e0:ab:f7:4a:b1:f2:ac:31:bf:49:fd:54:d7:36:43:
         b4:80:92:93:63:d2:4e:8b:18:13:02:0a:bf:68:24:ae:5e:3c:
         1f:f4:53:49:98:8b:dd:59:7a:cd:33:a8:74:d2:f0:91:1b:d6:
         6e:bb:f4:d9:00:55:0e:4e:10:fc:12:59:04:f5:9e:80:e9:8e:
         f3:16:11:09:24:7a:bb:65:58:2b:67:25:30:98:dd:73:7c:42:
         88:81:38:d4:d2:36:94:12:7d:41:43:9c:84:31:f8:5a:03:a4:
         8b:32:6d:0a:d6:26:a1:a8:35:b4:dd:8a:ce:e0:ae:7b:85:55:
         f5:56:ed:f8:ff:33:a7:65:17:62:0a:a1:4f:f5:54:86:6b:0e:
         4f:6c:71:c8:4c:b9:a0:78:c5:31:d6:ce:3c:a8:10:5b:67:46:
         fe:46:54:5d:c5:88:f1:22:4d:b4:42:a8:01:56:c7:a4:eb:c5:
         fc:1d:41:4c:98:7a:2d:ec:a0:1a:eb:fa:2d:93:b4:3d:42:c9:
         3e:3d:ae:47:f3:65:95:5e:b1:c5:6f:0b:09:61:6d:76:ac:47:
         52:cf:ba:d7:d5:fe:b8:b3:67:48:8f:b8:06:63:9c:18:04:f4:
         c1:5e:19:de:8f:65:8e:9b:80:43:80:83:40:76:4f:67:7b:ec:
         7f:d6:7a:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJx/x32I56yBf1aWhB/I4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTFmNzcwNTE2MjI1MjE0ZDdjZjg0NzdlMTIxZDQ0NGFmZjBlMGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0hTppVBg5w04ENhP9MUaR6haBBx
99aLGbQu/GgCaoVZYm9bo6N1C3FVoKgj8jyZO2RB5rmrzAlSe93J8D72QIHJYUza
uwnz97Si4qu+Jjxurcfe+zvJICDFQVX0udzZOL0+cRHYzdwynpkQF9/EVfBRnxzD
g2kUPNjlgKPTOQxLoxXDnzJ7D7Dhg+kIfty6o0dxxv8PymWDTftf1lUr6PMxYUtL
XtoEI9sw6OSlX5FrwEFvra7VWdwK4yJJ7g8U8X4BYHN4bZPIzJPp+r3METnerFWW
ip/pzyoS3gNrfAvNsRwQpwzq8e4T5YgjLsdk6qqRNjTmomXbUvsOcR0+vQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUfdwUWIlIU18+Ed+Eh1ESv8OC6MB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvOVI5M0JSWWlVaFRYejRSMzRTSFVSS193NExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH6lLAwQA
H6lVAwQAH6lXMA0GCSqGSIb3DQEBCwUAA4IBAQB6HKrgq/dKsfKsMb9J/VTXNkO0
gJKTY9JOixgTAgq/aCSuXjwf9FNJmIvdWXrNM6h00vCRG9Zuu/TZAFUOThD8ElkE
9Z6A6Y7zFhEJJHq7ZVgrZyUwmN1zfEKIgTjU0jaUEn1BQ5yEMfhaA6SLMm0K1iah
qDW03YrO4K57hVX1Vu34/zOnZRdiCqFP9VSGaw5PbHHITLmgeMUx1s48qBBbZ0b+
RlRdxYjxIk20QqgBVsek68X8HUFMmHot7KAa6/otk7Q9Qsk+Pa5H82WVXrHFbwsJ
YW12rEdSz7rX1f64s2dIj7gGY5wYBPTBXhnej2WOm4BDgINAdk9ne+x/1noa
-----END CERTIFICATE-----