Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/H5jBzmuvgg1UI7u6oY0OMApxw50.roa
File:                     H5jBzmuvgg1UI7u6oY0OMApxw50.roa (raw, json)
Hash identifier:          DU28hnXnXpUzQyF5BA0pWega40rY88GiUTKL/HbSpiM=
Subject key identifier:   1F:98:C1:CE:6B:AF:82:0D:54:23:BB:BA:A1:8D:0E:30:0A:71:C3:9D
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FEFB1AF7F398B9FAB6F66EE1FB1F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/H5jBzmuvgg1UI7u6oY0OMApxw50.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44149
IP address blocks:        31.222.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fe:fb:1a:f7:f3:98:b9:fa:b6:f6:6e:e1:fb:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f98c1ce6baf820d5423bbbaa18d0e300a71c39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:96:f7:16:b3:d4:fa:a3:95:1c:7f:ab:c8:5e:
                    d1:8f:a5:4e:d9:98:7c:78:ee:78:ab:d5:a7:17:d3:
                    4b:1d:1f:5e:a3:5e:66:8a:89:8e:db:4c:d1:e8:9f:
                    2f:b2:ed:c4:d3:36:28:c2:72:24:46:0a:c8:41:1d:
                    61:60:17:95:c1:92:08:ae:e9:41:86:a2:1c:a8:6f:
                    67:68:e1:dc:70:14:f7:f8:e5:c7:af:bd:d5:71:77:
                    ee:a8:3c:5c:30:c1:01:dd:46:6c:e2:b9:65:8e:8b:
                    4d:a4:f6:3b:c1:68:25:2e:ae:4f:4a:c5:ee:ab:2b:
                    cc:8c:8d:7d:d0:d9:82:26:e8:8c:b4:90:c3:33:56:
                    b7:3d:ea:4c:21:77:2a:81:c1:49:66:1c:47:ce:7a:
                    d5:ad:a2:eb:7b:10:b1:8f:f5:f9:94:8d:34:cc:b5:
                    94:04:3d:f6:83:cf:2c:c3:87:98:5b:41:05:1b:8d:
                    a6:84:6b:b8:2b:7b:b3:53:ad:54:4e:79:37:c3:10:
                    b1:2c:84:7c:e9:3e:49:81:80:69:a8:63:e9:2b:cf:
                    41:8a:fb:f3:21:03:5f:6e:cb:23:03:d1:4b:0a:b0:
                    84:b9:4b:5a:8f:cb:51:e3:7d:9d:e0:54:db:0b:37:
                    b9:dc:30:6e:87:8a:50:e0:5d:3c:e2:65:a7:8a:53:
                    38:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:98:C1:CE:6B:AF:82:0D:54:23:BB:BA:A1:8D:0E:30:0A:71:C3:9D
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/H5jBzmuvgg1UI7u6oY0OMApxw50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:92:dc:df:53:e3:81:d3:93:5a:aa:df:28:9f:a2:df:69:84:
         f7:c6:c2:c0:99:93:12:2d:dd:56:1f:7e:c7:69:61:5e:17:83:
         60:b7:d5:42:bb:30:10:5c:28:9e:ee:48:69:c4:15:7b:1e:97:
         fe:38:cb:0d:34:d9:96:d8:26:8f:6b:05:c1:1c:6c:13:a1:5e:
         0b:79:b5:cc:ed:57:df:07:68:ea:6e:89:a3:9d:62:51:6d:d2:
         b3:9c:b5:b0:09:2a:64:f4:51:7c:c6:2e:49:73:9f:b5:3a:f0:
         47:ee:30:53:c6:bf:9c:c0:6d:73:29:73:c7:52:cb:c1:82:30:
         21:bb:70:f7:4c:d8:5a:03:53:f2:06:c2:00:25:9f:41:e3:1a:
         3d:fc:b0:90:fb:93:aa:e0:01:90:b4:aa:6e:a9:dc:49:dc:0c:
         1c:8a:35:76:8f:95:97:82:2a:ca:a2:8e:33:77:67:10:39:6f:
         1a:6b:32:b3:fd:44:f3:26:bb:49:97:25:26:90:f2:1b:16:b2:
         02:67:f3:a3:3a:9b:a4:1a:77:40:8a:67:02:0d:0c:30:1e:c6:
         9c:3b:f6:11:00:6e:b0:64:6c:97:3a:e8:c5:10:79:99:58:49:
         3a:9c:e2:13:08:22:14:5a:f4:79:eb:14:1d:bc:54:c5:eb:59:
         1a:4f:fb:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/77GvfzmLn6tvZu4fsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjk4YzFjZTZiYWY4MjBkNTQyM2JiYmFhMThkMGUzMDBhNzFjMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15b3FrPU+qOVHH+ryF7Rj6VO2Zh8
eO54q9WnF9NLHR9eo15miomO20zR6J8vsu3E0zYownIkRgrIQR1hYBeVwZIIrulB
hqIcqG9naOHccBT3+OXHr73VcXfuqDxcMMEB3UZs4rlljotNpPY7wWglLq5PSsXu
qyvMjI190NmCJuiMtJDDM1a3PepMIXcqgcFJZhxHznrVraLrexCxj/X5lI00zLWU
BD32g88sw4eYW0EFG42mhGu4K3uzU61UTnk3wxCxLIR86T5JgYBpqGPpK89Bivvz
IQNfbssjA9FLCrCEuUtaj8tR432d4FTbCze53DBuh4pQ4F084mWnilM4XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+Ywc5rr4INVCO7uqGNDjAKccOdMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvSDVqQnptdXZnZzFVSTd1Nm9ZME9NQXB4dzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97gMA0G
CSqGSIb3DQEBCwUAA4IBAQASktzfU+OB05Naqt8on6LfaYT3xsLAmZMSLd1WH37H
aWFeF4Ngt9VCuzAQXCie7khpxBV7Hpf+OMsNNNmW2CaPawXBHGwToV4LebXM7Vff
B2jqbomjnWJRbdKznLWwCSpk9FF8xi5Jc5+1OvBH7jBTxr+cwG1zKXPHUsvBgjAh
u3D3TNhaA1PyBsIAJZ9B4xo9/LCQ+5Oq4AGQtKpuqdxJ3AwcijV2j5WXgirKoo4z
d2cQOW8aazKz/UTzJrtJlyUmkPIbFrICZ/OjOpukGndAimcCDQwwHsacO/YRAG6w
ZGyXOujFEHmZWEk6nOITCCIUWvR56xQdvFTF61kaT/u2
-----END CERTIFICATE-----