Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/pRPURAPDB-4qt3RtLSmiH27Dp4I.roa
File:                     pRPURAPDB-4qt3RtLSmiH27Dp4I.roa (raw, json)
Hash identifier:          F6sTRAN2uKHoU9FaPVsIVwxkM/ICvYb0PnxQRiz1BRM=
Subject key identifier:   A5:13:D4:44:03:C3:07:EE:2A:B7:74:6D:2D:29:A2:1F:6E:C3:A7:82
Certificate issuer:       /CN=bf7ae3669f847fa27a69b14bb87f8c7bfd799ee0
Certificate serial:       018CC2DB3924B3BD27469E1D2D05E5623282
Authority key identifier: BF:7A:E3:66:9F:84:7F:A2:7A:69:B1:4B:B8:7F:8C:7B:FD:79:9E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v3rjZp-Ef6J6abFLuH-Me_15nuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/pRPURAPDB-4qt3RtLSmiH27Dp4I.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208309
IP address blocks:        91.231.34.0/24 maxlen: 24
                          2a12:88c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/v3rjZp-Ef6J6abFLuH-Me_15nuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/v3rjZp-Ef6J6abFLuH-Me_15nuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v3rjZp-Ef6J6abFLuH-Me_15nuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:39:24:b3:bd:27:46:9e:1d:2d:05:e5:62:32:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf7ae3669f847fa27a69b14bb87f8c7bfd799ee0
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a513d44403c307ee2ab7746d2d29a21f6ec3a782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:87:5d:33:65:02:4b:28:fd:0f:6a:d8:6c:51:
                    d8:96:dd:84:77:a1:f8:3b:ad:f9:a6:64:03:2e:dc:
                    37:66:87:a9:80:9e:b5:1b:ee:fe:ec:99:00:67:10:
                    55:f4:3a:4d:32:92:5e:10:1b:57:27:3a:df:95:9f:
                    22:d1:74:35:c5:b8:f3:6c:55:7d:70:4e:97:a2:8b:
                    fe:f4:26:b7:3f:64:fa:0d:cd:10:dc:44:8f:2e:19:
                    3b:b1:ea:c8:76:a8:8c:e9:88:07:5a:f8:24:b4:3d:
                    fc:87:5b:28:89:06:e8:ee:46:26:fe:43:d3:5f:d0:
                    ea:5e:f2:cd:7b:0c:c3:f9:a6:42:38:16:58:3f:dd:
                    74:3f:95:65:21:77:30:42:4d:b0:93:49:01:e7:04:
                    91:69:89:2c:12:dd:c3:09:cf:92:16:ce:59:2f:80:
                    e7:e1:b2:6f:2b:6b:71:8d:a2:03:73:0c:e6:0c:9a:
                    a5:ba:c2:d0:3a:68:40:f1:4f:c7:c0:0a:8f:73:c5:
                    65:87:60:c9:33:f1:d6:06:43:48:9e:53:b3:24:57:
                    20:ab:37:38:93:68:3b:a1:d9:c6:73:1c:56:ac:3a:
                    75:9c:23:4b:3f:24:1a:dd:08:0d:13:56:0a:b4:85:
                    d3:4c:0b:4e:fe:12:c3:22:fb:51:08:9f:ca:42:96:
                    6e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:13:D4:44:03:C3:07:EE:2A:B7:74:6D:2D:29:A2:1F:6E:C3:A7:82
            X509v3 Authority Key Identifier:
                keyid:BF:7A:E3:66:9F:84:7F:A2:7A:69:B1:4B:B8:7F:8C:7B:FD:79:9E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3rjZp-Ef6J6abFLuH-Me_15nuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/pRPURAPDB-4qt3RtLSmiH27Dp4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/3493f6-9636-4fa3-be56-db8030879f51/1/v3rjZp-Ef6J6abFLuH-Me_15nuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.34.0/24
                IPv6:
                  2a12:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:3b:61:b2:7b:c6:83:79:f6:bd:e8:67:ae:a1:bb:a0:da:02:
         8b:f5:b5:07:1a:aa:a8:82:b1:27:ad:ba:95:85:20:32:d4:6c:
         27:14:00:ce:15:d6:59:7b:00:5d:9f:11:65:fa:7d:4d:37:5e:
         93:51:8d:24:6b:e9:c9:26:13:a3:ab:97:58:86:74:18:48:d9:
         5c:07:7c:d7:c8:8e:cb:80:91:a7:e7:13:7e:b3:24:73:1e:cd:
         6c:22:41:3b:cb:a8:67:e6:a8:f1:08:f2:84:75:d2:cd:28:7d:
         5b:37:47:93:ec:ca:38:e4:51:53:a8:5b:e1:67:72:a4:f8:87:
         23:fc:bb:6b:fa:63:04:e3:6e:ca:8b:8d:52:65:f2:64:0e:96:
         0e:a5:0f:96:25:c5:c0:34:6c:34:85:27:cb:73:e8:dc:87:65:
         3f:69:58:97:68:60:55:0d:80:7d:12:fe:75:db:c6:da:20:65:
         73:b2:27:bb:9e:1a:a7:c0:ae:49:86:93:d5:f2:ac:16:58:f0:
         6e:13:71:29:62:eb:a8:03:63:cb:0c:2d:6c:5d:91:5c:97:7e:
         31:68:1f:91:be:7c:92:b1:1f:24:76:82:e2:65:2e:43:73:50:
         e1:13:ca:0e:f4:a9:44:b0:08:8d:95:dc:f2:6a:3b:dd:30:73:
         77:2f:6c:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2zkks70nRp4dLQXlYjKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmN2FlMzY2OWY4NDdmYTI3YTY5YjE0YmI4N2Y4YzdiZmQ3
OTllZTAwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTEzZDQ0NDAzYzMwN2VlMmFiNzc0NmQyZDI5YTIxZjZlYzNhNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4ddM2UCSyj9D2rYbFHYlt2Ed6H4
O635pmQDLtw3ZoepgJ61G+7+7JkAZxBV9DpNMpJeEBtXJzrflZ8i0XQ1xbjzbFV9
cE6Xoov+9Ca3P2T6Dc0Q3ESPLhk7serIdqiM6YgHWvgktD38h1soiQbo7kYm/kPT
X9DqXvLNewzD+aZCOBZYP910P5VlIXcwQk2wk0kB5wSRaYksEt3DCc+SFs5ZL4Dn
4bJvK2txjaIDcwzmDJqlusLQOmhA8U/HwAqPc8Vlh2DJM/HWBkNInlOzJFcgqzc4
k2g7odnGcxxWrDp1nCNLPyQa3QgNE1YKtIXTTAtO/hLDIvtRCJ/KQpZuYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKUT1EQDwwfuKrd0bS0poh9uw6eCMB8GA1UdIwQY
MBaAFL9642afhH+iemmxS7h/jHv9eZ7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNyalpwLUVmNko2YWJGTHVILU1lXzE1bnVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8zNDkzZjYtOTYzNi00ZmEzLWJlNTYt
ZGI4MDMwODc5ZjUxLzEvcFJQVVJBUERCLTRxdDNSdExTbWlIMjdEcDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8zNDkzZjYtOTYzNi00ZmEzLWJlNTYtZGI4MDMwODc5ZjUx
LzEvdjNyalpwLUVmNko2YWJGTHVILU1lXzE1bnVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+ciMA0E
AgACMAcDBQMqEojAMA0GCSqGSIb3DQEBCwUAA4IBAQCBO2Gye8aDefa96Geuobug
2gKL9bUHGqqogrEnrbqVhSAy1GwnFADOFdZZewBdnxFl+n1NN16TUY0ka+nJJhOj
q5dYhnQYSNlcB3zXyI7LgJGn5xN+syRzHs1sIkE7y6hn5qjxCPKEddLNKH1bN0eT
7Mo45FFTqFvhZ3Kk+Icj/Ltr+mME427Ki41SZfJkDpYOpQ+WJcXANGw0hSfLc+jc
h2U/aViXaGBVDYB9Ev5128baIGVzsie7nhqnwK5JhpPV8qwWWPBuE3EpYuuoA2PL
DC1sXZFcl34xaB+RvnySsR8kdoLiZS5Dc1DhE8oO9KlEsAiNldzyajvdMHN3L2xy
-----END CERTIFICATE-----