Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/BTkflkbGtnrHd74dqHU1bZHXiYU.roa
File:                     BTkflkbGtnrHd74dqHU1bZHXiYU.roa (raw, json)
Hash identifier:          vzO65Hle7Le3/OCYR1O6tcJEcwTLwW44Ey0hZ9GuIhI=
Subject key identifier:   05:39:1F:96:46:C6:B6:7A:C7:77:BE:1D:A8:75:35:6D:91:D7:89:85
Certificate issuer:       /CN=398f7106bed10fe7ffc65bbd64adbedc9dbd525e
Certificate serial:       018CC56E4D2964C7790F84825BA77D436B42
Authority key identifier: 39:8F:71:06:BE:D1:0F:E7:FF:C6:5B:BD:64:AD:BE:DC:9D:BD:52:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/BTkflkbGtnrHd74dqHU1bZHXiYU.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57715
IP address blocks:        194.31.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4d:29:64:c7:79:0f:84:82:5b:a7:7d:43:6b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=398f7106bed10fe7ffc65bbd64adbedc9dbd525e
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05391f9646c6b67ac777be1da875356d91d78985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3b:97:6a:8b:29:52:bc:ae:95:be:51:1a:6a:
                    d4:9e:cf:d5:49:b3:49:b4:de:d3:31:c0:0c:cb:0a:
                    b7:9d:a7:8f:e3:4b:1a:28:38:b6:56:14:33:6e:25:
                    3a:17:0a:23:80:11:4d:aa:71:4e:94:82:36:8e:8b:
                    76:d0:60:69:9c:49:95:4d:f6:84:94:4f:75:db:4d:
                    02:16:36:dc:46:d5:b6:ac:30:c8:89:c1:7d:86:2d:
                    e8:1b:f4:f5:53:21:9c:41:05:01:77:a6:a8:bb:ad:
                    c6:d6:d5:3f:7a:0c:58:72:98:cd:1c:64:96:be:93:
                    cf:24:20:a4:00:7e:cd:0a:4e:22:fc:ef:15:59:60:
                    ef:40:46:fe:e2:93:16:01:95:6d:93:fe:29:5d:45:
                    1c:df:dd:07:a5:0c:e1:fc:6e:79:19:69:3c:9f:31:
                    3c:0c:d0:e0:6d:91:98:ef:bb:df:ee:6d:c1:25:12:
                    7f:af:8f:d0:76:e6:ea:47:f0:4f:f0:05:e0:e8:d4:
                    5c:56:7c:9c:2a:d0:eb:2a:ba:16:a8:37:c4:0a:95:
                    cf:2a:9e:b3:08:aa:7f:ea:05:f8:a4:fe:20:53:d0:
                    ef:b6:de:ec:26:42:2a:4a:33:7f:8c:f4:d6:70:eb:
                    95:da:ad:f5:d9:3d:92:ef:9d:c0:fc:30:97:36:9a:
                    ef:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:39:1F:96:46:C6:B6:7A:C7:77:BE:1D:A8:75:35:6D:91:D7:89:85
            X509v3 Authority Key Identifier:
                keyid:39:8F:71:06:BE:D1:0F:E7:FF:C6:5B:BD:64:AD:BE:DC:9D:BD:52:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/BTkflkbGtnrHd74dqHU1bZHXiYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f3d2f4-9263-4ece-9db3-e081a5b41432/1/OY9xBr7RD-f_xlu9ZK2-3J29Ul4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:e5:3e:55:b3:ad:19:73:c0:b9:3d:bb:35:9f:c2:d0:ca:8b:
         ae:8b:c0:5e:4b:6d:16:ba:52:c0:0a:d6:af:6a:0c:8a:c2:5b:
         a5:8b:59:41:5b:e8:aa:6c:b4:88:4e:8d:6c:23:13:e7:b0:2f:
         5c:3d:44:d4:cb:59:67:f8:b2:a0:aa:24:11:0b:86:0e:8a:c4:
         26:be:20:9e:f9:de:ca:87:5d:e7:28:a0:cc:60:85:3f:59:50:
         c0:e7:59:b1:4b:55:5f:6b:47:e5:8e:1f:1c:87:93:61:1e:ee:
         ef:13:c0:94:d9:fd:ff:30:f4:f8:3d:6c:91:ef:fb:1b:f1:d8:
         af:a7:23:89:95:21:86:f0:ba:64:69:a8:c3:09:a7:4e:ee:03:
         5e:9c:39:a5:a6:45:36:23:70:72:ea:57:57:6c:5e:c6:02:72:
         db:2d:36:10:33:80:2f:9a:7e:90:d3:91:34:66:b2:a9:84:16:
         66:49:67:67:53:e5:88:1d:b7:98:06:c7:a0:f7:b6:05:3e:14:
         7e:24:b3:bb:92:12:de:a7:c7:dc:b0:cf:44:12:b7:5a:0e:cd:
         e2:be:52:1e:b6:b6:8c:87:8a:f2:97:f5:0e:a7:b1:32:cf:7e:
         06:ce:c7:27:2e:c8:58:8d:54:c0:01:fe:16:2b:d7:a5:d0:29:
         ef:bf:a7:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbk0pZMd5D4SCW6d9Q2tCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OGY3MTA2YmVkMTBmZTdmZmM2NWJiZDY0YWRiZWRjOWRi
ZDUyNWUwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTM5MWY5NjQ2YzZiNjdhYzc3N2JlMWRhODc1MzU2ZDkxZDc4OTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TuXaospUryulb5RGmrUns/VSbNJ
tN7TMcAMywq3naeP40saKDi2VhQzbiU6FwojgBFNqnFOlII2jot20GBpnEmVTfaE
lE91200CFjbcRtW2rDDIicF9hi3oG/T1UyGcQQUBd6aou63G1tU/egxYcpjNHGSW
vpPPJCCkAH7NCk4i/O8VWWDvQEb+4pMWAZVtk/4pXUUc390HpQzh/G55GWk8nzE8
DNDgbZGY77vf7m3BJRJ/r4/QdubqR/BP8AXg6NRcVnycKtDrKroWqDfECpXPKp6z
CKp/6gX4pP4gU9Dvtt7sJkIqSjN/jPTWcOuV2q312T2S753A/DCXNprv3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAU5H5ZGxrZ6x3e+Hah1NW2R14mFMB8GA1UdIwQY
MBaAFDmPcQa+0Q/n/8ZbvWStvtydvVJeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1k5eEJyN1JELWZfeGx1OVpLMi0zSjI5VWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mM2QyZjQtOTI2My00ZWNlLTlkYjMt
ZTA4MWE1YjQxNDMyLzEvQlRrZmxrYkd0bnJIZDc0ZHFIVTFiWkhYaVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mM2QyZjQtOTI2My00ZWNlLTlkYjMtZTA4MWE1YjQxNDMy
LzEvT1k5eEJyN1JELWZfeGx1OVpLMi0zSjI5VWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwh8wMA0G
CSqGSIb3DQEBCwUAA4IBAQCi5T5Vs60Zc8C5Pbs1n8LQyouui8BeS20WulLACtav
agyKwluli1lBW+iqbLSITo1sIxPnsC9cPUTUy1ln+LKgqiQRC4YOisQmviCe+d7K
h13nKKDMYIU/WVDA51mxS1Vfa0fljh8ch5NhHu7vE8CU2f3/MPT4PWyR7/sb8div
pyOJlSGG8LpkaajDCadO7gNenDmlpkU2I3By6ldXbF7GAnLbLTYQM4Avmn6Q05E0
ZrKphBZmSWdnU+WIHbeYBseg97YFPhR+JLO7khLep8fcsM9EErdaDs3ivlIetraM
h4ryl/UOp7Eyz34GzscnLshYjVTAAf4WK9el0Cnvv6eU
-----END CERTIFICATE-----