Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/r53OJMPJwDE3ZT7D0PQdKPUA0gY.roa
File:                     r53OJMPJwDE3ZT7D0PQdKPUA0gY.roa (raw, json)
Hash identifier:          cPwAraFEz9eoRgWeB4UshDGYJfd2OBTsslpfNN5iceE=
Subject key identifier:   AF:9D:CE:24:C3:C9:C0:31:37:65:3E:C3:D0:F4:1D:28:F5:00:D2:06
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       018CC94C2B1F575CBEF88CA174F58D9995BC
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/r53OJMPJwDE3ZT7D0PQdKPUA0gY.roa
Signing time:             Tue 02 Jan 2024 08:31:01 +0000
ROA not before:           Tue 02 Jan 2024 08:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203584
IP address blocks:        193.58.217.0/24 maxlen: 24
                          193.58.216.0/24 maxlen: 24
                          91.206.86.0/24 maxlen: 24
                          91.206.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:2b:1f:57:5c:be:f8:8c:a1:74:f5:8d:99:95:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  2 08:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af9dce24c3c9c03137653ec3d0f41d28f500d206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6a:90:04:82:f4:df:1a:71:86:d5:e0:dd:14:
                    92:d7:f3:41:84:9f:99:f9:04:64:e3:74:3c:fb:cd:
                    40:e8:e6:52:07:d8:5f:0d:45:63:3a:45:fd:58:e0:
                    bc:0a:ed:7a:7f:f6:2c:ad:9a:b7:d9:29:3c:39:21:
                    5a:5e:df:23:b9:c8:29:e1:2f:03:67:eb:13:8a:b6:
                    b6:07:50:2d:04:34:c7:42:01:73:9d:46:c2:46:c5:
                    3b:cc:3c:e5:2d:a7:da:6f:72:03:72:c5:a3:a4:cc:
                    49:b8:f1:83:7e:16:75:b7:2f:84:44:80:ef:20:96:
                    c0:5b:c9:8d:ff:dd:ed:a8:d0:92:b3:36:65:95:19:
                    f7:b3:84:d2:d7:6d:ff:0c:b0:69:e6:fb:2c:e5:0e:
                    39:ab:87:3b:02:dc:4b:8d:bc:e0:47:c2:62:b7:67:
                    5e:e8:78:cc:62:4e:87:47:db:ae:4c:de:b2:c5:fb:
                    50:31:67:92:44:06:34:bd:80:77:63:71:b1:39:62:
                    7d:e9:ba:73:3c:a5:ae:e2:75:8e:eb:46:b9:e2:c2:
                    29:05:6c:ca:73:ef:c2:b6:02:b8:05:17:ce:ff:12:
                    1e:26:35:07:08:c0:b2:da:b3:94:65:af:8e:7c:e8:
                    7f:52:f3:69:d1:e3:5f:37:dd:8c:27:2f:d2:6d:4e:
                    08:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:9D:CE:24:C3:C9:C0:31:37:65:3E:C3:D0:F4:1D:28:F5:00:D2:06
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/r53OJMPJwDE3ZT7D0PQdKPUA0gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.86.0/23
                  193.58.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:29:bc:39:d4:f8:50:f8:b2:87:a3:c0:41:00:9d:c3:61:b9:
         63:27:c6:6d:bc:14:de:60:aa:f1:d6:96:5d:dd:d0:e9:48:8b:
         38:96:a6:1d:12:d5:57:1c:af:7c:01:0a:c9:be:35:1e:0f:92:
         da:52:c5:68:ec:80:f0:86:6f:3e:1e:e0:1c:d1:36:0e:de:c7:
         06:78:3d:9a:b4:60:61:46:7d:63:2f:1c:a5:b0:b5:d2:9d:06:
         10:b2:94:7f:f3:a0:77:ad:c8:26:26:08:1e:05:e4:9e:77:9b:
         ca:03:48:11:6d:46:df:26:c4:0e:37:eb:3b:3d:2d:a6:c9:28:
         43:dc:bc:00:36:48:81:06:6e:1f:cf:37:19:6d:7e:30:58:1f:
         e7:8b:c8:6b:fc:95:f6:fc:d2:76:13:da:14:33:49:c4:3f:9c:
         13:d1:72:44:1c:35:fa:ab:a7:bf:69:56:54:37:2f:a3:59:6e:
         2f:4c:68:7d:97:72:3e:a0:1b:2f:b3:39:7c:27:7b:8d:a1:27:
         e1:b1:27:80:18:c5:97:50:e5:07:75:15:8e:d7:87:31:8f:17:
         6f:46:ea:29:ad:5b:a0:cc:75:5c:af:99:48:82:29:d5:34:ce:
         d9:62:58:00:47:5a:ec:ff:ac:7a:d6:66:2d:49:ff:9b:65:29:
         c7:b3:a7:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTCsfV1y++IyhdPWNmZW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjQwMTAyMDgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjlkY2UyNGMzYzljMDMxMzc2NTNlYzNkMGY0MWQyOGY1MDBkMjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2qQBIL03xpxhtXg3RSS1/NBhJ+Z
+QRk43Q8+81A6OZSB9hfDUVjOkX9WOC8Cu16f/YsrZq32Sk8OSFaXt8jucgp4S8D
Z+sTira2B1AtBDTHQgFznUbCRsU7zDzlLafab3IDcsWjpMxJuPGDfhZ1ty+ERIDv
IJbAW8mN/93tqNCSszZllRn3s4TS123/DLBp5vss5Q45q4c7AtxLjbzgR8Jit2de
6HjMYk6HR9uuTN6yxftQMWeSRAY0vYB3Y3GxOWJ96bpzPKWu4nWO60a54sIpBWzK
c+/CtgK4BRfO/xIeJjUHCMCy2rOUZa+OfOh/UvNp0eNfN92MJy/SbU4I7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK+dziTDycAxN2U+w9D0HSj1ANIGMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvcjUzT0pNUEp3REUzWlQ3RDBQUWRLUFVBMGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW85WAwQB
wTrYMA0GCSqGSIb3DQEBCwUAA4IBAQAyKbw51PhQ+LKHo8BBAJ3DYbljJ8ZtvBTe
YKrx1pZd3dDpSIs4lqYdEtVXHK98AQrJvjUeD5LaUsVo7IDwhm8+HuAc0TYO3scG
eD2atGBhRn1jLxylsLXSnQYQspR/86B3rcgmJggeBeSed5vKA0gRbUbfJsQON+s7
PS2myShD3LwANkiBBm4fzzcZbX4wWB/ni8hr/JX2/NJ2E9oUM0nEP5wT0XJEHDX6
q6e/aVZUNy+jWW4vTGh9l3I+oBsvszl8J3uNoSfhsSeAGMWXUOUHdRWO14cxjxdv
RuoprVugzHVcr5lIginVNM7ZYlgAR1rs/6x61mYtSf+bZSnHs6cg
-----END CERTIFICATE-----