Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/pb3r17m8vBbhVBFKgjOlj6OczQw.roa
File:                     pb3r17m8vBbhVBFKgjOlj6OczQw.roa (raw, json)
Hash identifier:          4oNNbds0f5l3hDFpE6uGedVEsBwPGf4emDS3B/crCbY=
Subject key identifier:   A5:BD:EB:D7:B9:BC:BC:16:E1:54:11:4A:82:33:A5:8F:A3:9C:CD:0C
Certificate issuer:       /CN=ab91d5262561a9dd713dfa39163dec849fee4636
Certificate serial:       018CC3B73305379C4C847100088CED7D0943
Authority key identifier: AB:91:D5:26:25:61:A9:DD:71:3D:FA:39:16:3D:EC:84:9F:EE:46:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/pb3r17m8vBbhVBFKgjOlj6OczQw.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197943
IP address blocks:        31.211.168.0/22 maxlen: 22
                          31.211.172.0/24 maxlen: 24
                          2a03:7360:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:33:05:37:9c:4c:84:71:00:08:8c:ed:7d:09:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab91d5262561a9dd713dfa39163dec849fee4636
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5bdebd7b9bcbc16e154114a8233a58fa39ccd0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8b:06:9a:61:0a:d2:b2:63:69:b4:72:b3:70:
                    78:cd:61:4c:76:cf:0a:fb:57:3d:0a:7f:19:bb:24:
                    3a:30:39:b9:69:11:aa:09:0a:25:4d:a0:53:3a:d4:
                    06:cc:c3:dd:2d:73:e3:4f:02:56:20:7a:48:6f:fd:
                    61:cb:78:58:13:6e:04:f0:6c:23:21:9c:52:2f:11:
                    ef:ee:a7:84:a8:af:7e:9c:f7:c2:c2:23:ac:4d:e4:
                    87:47:f5:f6:9c:55:c0:f2:d9:4d:04:32:94:3c:85:
                    a5:47:d2:18:6a:e9:82:7c:8f:54:91:8a:c6:2c:6e:
                    59:38:2f:08:01:09:db:b4:e3:86:04:da:d4:da:98:
                    10:9d:d3:99:4f:c7:23:46:31:96:74:6e:6f:29:56:
                    dc:5f:ab:e0:c7:d2:10:55:4f:62:95:b1:6d:cb:3d:
                    29:ad:35:e6:13:97:a9:bf:8c:f1:c7:bc:58:76:e3:
                    62:1a:c8:53:79:12:ec:22:74:6f:11:90:8a:21:93:
                    db:fd:a9:f8:f7:f4:5d:67:e3:a8:47:75:fe:5c:01:
                    62:4c:fc:92:44:86:ed:ba:4c:2f:7d:5e:c3:96:96:
                    10:e5:d5:0b:21:a2:d8:c1:e1:96:65:18:e3:17:d6:
                    f2:ab:6e:68:8f:37:d1:b4:fc:4e:1b:1d:3c:e0:42:
                    af:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:BD:EB:D7:B9:BC:BC:16:E1:54:11:4A:82:33:A5:8F:A3:9C:CD:0C
            X509v3 Authority Key Identifier:
                keyid:AB:91:D5:26:25:61:A9:DD:71:3D:FA:39:16:3D:EC:84:9F:EE:46:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/pb3r17m8vBbhVBFKgjOlj6OczQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91e882-ba8a-44c5-9b0d-275242aa6775/1/q5HVJiVhqd1xPfo5Fj3shJ_uRjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.211.168.0-31.211.172.255
                IPv6:
                  2a03:7360:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:12:3e:2f:c6:2d:28:3b:d3:eb:3d:5b:0a:66:30:b7:fe:5f:
         bc:41:2d:36:4a:e5:19:03:48:ff:79:af:63:ea:c7:ab:de:60:
         8e:38:a8:39:c6:43:2c:ea:fb:67:f3:b7:97:98:10:53:7d:1a:
         76:58:24:6d:b2:98:e5:d6:c0:1e:b4:64:72:6e:d6:3e:83:e5:
         b7:0d:a4:c4:4a:17:79:d3:0e:6c:32:d2:3b:d8:96:d1:3e:43:
         e4:bc:c0:78:67:29:98:2c:fc:32:b9:4e:28:10:e5:d8:4b:24:
         97:dd:d0:20:43:a1:a2:15:51:39:6d:8e:9c:91:a2:f0:f6:66:
         25:64:4e:f7:c9:0a:cf:d5:4b:a0:c5:52:f6:05:be:15:51:f5:
         d4:54:77:14:2f:c2:5e:40:99:8a:0d:a6:6c:9c:7a:a2:97:ab:
         1f:12:69:cf:dd:30:34:fd:26:30:e9:e7:9a:59:6c:b1:58:e6:
         65:1f:cf:7a:7a:ca:df:ed:27:39:5e:55:25:d6:87:d8:9a:43:
         b2:20:03:d5:7d:5a:91:63:10:83:40:17:29:11:fd:9d:c8:c2:
         f3:d5:31:8f:f9:2a:10:0e:cc:1e:45:c6:84:89:2e:65:05:42:
         2a:a4:58:04:07:dc:cf:35:45:11:15:2e:1d:29:cd:ee:46:c4:
         49:04:2d:14
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzDtzMFN5xMhHEACIztfQlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOTFkNTI2MjU2MWE5ZGQ3MTNkZmEzOTE2M2RlYzg0OWZl
ZTQ2MzYwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWJkZWJkN2I5YmNiYzE2ZTE1NDExNGE4MjMzYTU4ZmEzOWNjZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYsGmmEK0rJjabRys3B4zWFMds8K
+1c9Cn8ZuyQ6MDm5aRGqCQolTaBTOtQGzMPdLXPjTwJWIHpIb/1hy3hYE24E8Gwj
IZxSLxHv7qeEqK9+nPfCwiOsTeSHR/X2nFXA8tlNBDKUPIWlR9IYaumCfI9UkYrG
LG5ZOC8IAQnbtOOGBNrU2pgQndOZT8cjRjGWdG5vKVbcX6vgx9IQVU9ilbFtyz0p
rTXmE5epv4zxx7xYduNiGshTeRLsInRvEZCKIZPb/an49/RdZ+OoR3X+XAFiTPyS
RIbtukwvfV7DlpYQ5dULIaLYweGWZRjjF9byq25ojzfRtPxOGx084EKvpwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKW969e5vLwW4VQRSoIzpY+jnM0MMB8GA1UdIwQY
MBaAFKuR1SYlYandcT36ORY97ISf7kY2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTVIVkppVmhxZDF4UGZvNUZqM3NoSl91UmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85MWU4ODItYmE4YS00NGM1LTliMGQt
Mjc1MjQyYWE2Nzc1LzEvcGIzcjE3bTh2QmJoVkJGS2dqT2xqNk9jelF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85MWU4ODItYmE4YS00NGM1LTliMGQtMjc1MjQyYWE2Nzc1
LzEvcTVIVkppVmhxZDF4UGZvNUZqM3NoSl91UmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAMf06gD
BAAf06wwDwQCAAIwCQMHACoDc2AAATANBgkqhkiG9w0BAQsFAAOCAQEAWBI+L8Yt
KDvT6z1bCmYwt/5fvEEtNkrlGQNI/3mvY+rHq95gjjioOcZDLOr7Z/O3l5gQU30a
dlgkbbKY5dbAHrRkcm7WPoPltw2kxEoXedMObDLSO9iW0T5D5LzAeGcpmCz8MrlO
KBDl2Eskl93QIEOhohVROW2OnJGi8PZmJWRO98kKz9VLoMVS9gW+FVH11FR3FC/C
XkCZig2mbJx6operHxJpz90wNP0mMOnnmllssVjmZR/PenrK3+0nOV5VJdaH2JpD
siAD1X1akWMQg0AXKRH9ncjC89Uxj/kqEA7MHkXGhIkuZQVCKqRYBAfczzVFERUu
HSnN7kbESQQtFA==
-----END CERTIFICATE-----