Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/6pEprIaYNvv46u_4lsggE1PJ9XM.roa
File:                     6pEprIaYNvv46u_4lsggE1PJ9XM.roa (raw, json)
Hash identifier:          SI7Z/iTK8PMsWDHsiZI6tUWa66D7oLLWiym2uW8IJXQ=
Subject key identifier:   EA:91:29:AC:86:98:36:FB:F8:EA:EF:F8:96:C8:20:13:53:C9:F5:73
Certificate issuer:       /CN=515585aca423697c62236e2b5f91b41e4be7ae58
Certificate serial:       018CC9BC1B5F97E56A02654479AF1CC83350
Authority key identifier: 51:55:85:AC:A4:23:69:7C:62:23:6E:2B:5F:91:B4:1E:4B:E7:AE:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UVWFrKQjaXxiI24rX5G0Hkvnrlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/6pEprIaYNvv46u_4lsggE1PJ9XM.roa
Signing time:             Tue 02 Jan 2024 10:33:17 +0000
ROA not before:           Tue 02 Jan 2024 10:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56546
IP address blocks:        31.41.20.0/22 maxlen: 22
                          31.41.21.0/24 maxlen: 24
                          31.41.22.0/24 maxlen: 24
                          31.41.23.0/24 maxlen: 24
                          31.41.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/UVWFrKQjaXxiI24rX5G0Hkvnrlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/UVWFrKQjaXxiI24rX5G0Hkvnrlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UVWFrKQjaXxiI24rX5G0Hkvnrlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1b:5f:97:e5:6a:02:65:44:79:af:1c:c8:33:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=515585aca423697c62236e2b5f91b41e4be7ae58
        Validity
            Not Before: Jan  2 10:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea9129ac869836fbf8eaeff896c8201353c9f573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4e:21:45:2e:11:42:80:fd:64:02:fe:cf:4d:
                    fb:b2:80:3d:84:7e:d0:12:a5:b4:8c:e6:92:33:05:
                    dc:4e:e7:1a:e5:1e:5c:65:e8:76:0e:e1:01:52:9e:
                    0f:f7:22:21:e0:6c:a3:db:2b:df:98:30:51:54:9b:
                    42:3f:5b:43:07:c7:5e:28:6c:d2:39:d7:0f:d1:1d:
                    eb:37:03:57:b3:04:60:cd:2d:ab:ba:f2:2b:c3:8a:
                    58:da:3c:9b:da:5f:b1:85:be:87:70:49:33:28:6f:
                    18:ba:57:62:65:1d:a2:da:25:79:f3:57:66:a0:60:
                    a7:8c:77:fd:38:d3:36:d2:02:a4:ad:21:77:10:b5:
                    5d:d0:c2:2d:59:3c:3b:b0:00:46:91:59:91:69:70:
                    23:e0:c3:35:f3:49:c1:1e:28:4b:45:50:20:b9:b3:
                    ad:88:b3:04:cf:a8:43:06:10:04:06:ce:7a:89:0f:
                    2c:f3:55:9d:19:c7:cf:e2:84:6c:10:ec:4e:0a:8d:
                    05:be:64:14:14:2c:73:d7:93:57:67:fc:2b:97:94:
                    28:0f:5d:03:2d:e9:89:09:00:d1:61:c4:00:9b:ee:
                    90:20:7c:0e:1c:3d:64:5a:79:20:0b:b9:f0:99:57:
                    f4:dd:3f:5d:2a:93:49:8e:85:f5:2a:8e:8d:3f:c7:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:91:29:AC:86:98:36:FB:F8:EA:EF:F8:96:C8:20:13:53:C9:F5:73
            X509v3 Authority Key Identifier:
                keyid:51:55:85:AC:A4:23:69:7C:62:23:6E:2B:5F:91:B4:1E:4B:E7:AE:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UVWFrKQjaXxiI24rX5G0Hkvnrlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/6pEprIaYNvv46u_4lsggE1PJ9XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/9d3f15-47d0-4069-b596-51a0f6bde4f6/1/UVWFrKQjaXxiI24rX5G0Hkvnrlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:b9:55:80:36:20:37:e0:9b:50:1b:9e:8c:9c:87:2b:78:c1:
         9b:98:a5:32:d0:1a:24:dc:bb:f8:92:51:a9:47:6f:9e:2a:fd:
         7a:ee:18:39:32:90:d6:43:05:9f:f4:16:82:30:d8:d8:62:30:
         ef:04:f3:a3:a8:6a:89:0f:63:9d:3b:b9:a3:77:57:69:f9:de:
         c0:0f:d7:22:c4:48:58:63:10:44:2b:49:27:cb:ea:f3:ce:06:
         45:c1:66:27:dc:a0:28:fa:47:16:c9:8b:65:30:e0:3c:bb:d2:
         f2:34:4a:81:f9:62:b6:c4:1d:d8:68:ac:21:4f:32:d3:30:06:
         4b:c3:44:42:1f:21:76:d4:3c:e5:fe:03:4e:c2:1f:ff:8f:1f:
         6f:9b:92:cc:08:96:9a:65:2f:bf:bc:24:53:8e:19:2a:d7:a1:
         30:7c:2f:2f:c3:c7:21:ba:b2:49:78:f9:62:e1:ad:01:af:24:
         0c:ba:30:1e:41:e1:0c:f0:30:8c:a5:36:98:e3:c2:87:1b:cc:
         a9:dd:40:e7:6a:96:70:fc:5c:83:96:6e:7b:48:09:f6:f7:d9:
         c6:2d:f5:ee:ca:44:3d:e8:25:74:e8:d0:c6:75:82:51:b7:5a:
         f1:60:a2:15:e9:00:f6:c2:86:f3:73:6e:2e:d9:d5:e3:c5:37:
         08:34:ef:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvBtfl+VqAmVEea8cyDNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNTU4NWFjYTQyMzY5N2M2MjIzNmUyYjVmOTFiNDFlNGJl
N2FlNTgwHhcNMjQwMTAyMTAzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTkxMjlhYzg2OTgzNmZiZjhlYWVmZjg5NmM4MjAxMzUzYzlmNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlk4hRS4RQoD9ZAL+z037soA9hH7Q
EqW0jOaSMwXcTuca5R5cZeh2DuEBUp4P9yIh4Gyj2yvfmDBRVJtCP1tDB8deKGzS
OdcP0R3rNwNXswRgzS2ruvIrw4pY2jyb2l+xhb6HcEkzKG8YuldiZR2i2iV581dm
oGCnjHf9ONM20gKkrSF3ELVd0MItWTw7sABGkVmRaXAj4MM180nBHihLRVAgubOt
iLMEz6hDBhAEBs56iQ8s81WdGcfP4oRsEOxOCo0FvmQUFCxz15NXZ/wrl5QoD10D
LemJCQDRYcQAm+6QIHwOHD1kWnkgC7nwmVf03T9dKpNJjoX1Ko6NP8fBOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqRKayGmDb7+Orv+JbIIBNTyfVzMB8GA1UdIwQY
MBaAFFFVhaykI2l8YiNuK1+RtB5L565YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVZXRnJLUWphWHhpSTI0clg1RzBIa3ZucmxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85ZDNmMTUtNDdkMC00MDY5LWI1OTYt
NTFhMGY2YmRlNGY2LzEvNnBFcHJJYVlOdnY0NnVfNGxzZ2dFMVBKOVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85ZDNmMTUtNDdkMC00MDY5LWI1OTYtNTFhMGY2YmRlNGY2
LzEvVVZXRnJLUWphWHhpSTI0clg1RzBIa3ZucmxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHykUMA0G
CSqGSIb3DQEBCwUAA4IBAQCCuVWANiA34JtQG56MnIcreMGbmKUy0Bok3Lv4klGp
R2+eKv167hg5MpDWQwWf9BaCMNjYYjDvBPOjqGqJD2OdO7mjd1dp+d7AD9cixEhY
YxBEK0kny+rzzgZFwWYn3KAo+kcWyYtlMOA8u9LyNEqB+WK2xB3YaKwhTzLTMAZL
w0RCHyF21Dzl/gNOwh//jx9vm5LMCJaaZS+/vCRTjhkq16EwfC8vw8churJJePli
4a0BryQMujAeQeEM8DCMpTaY48KHG8yp3UDnapZw/FyDlm57SAn299nGLfXuykQ9
6CV06NDGdYJRt1rxYKIV6QD2wobzc24u2dXjxTcINO/J
-----END CERTIFICATE-----