Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TkkNraMpj2kPwql4rv9zCk8sXpI.roa
File:                     TkkNraMpj2kPwql4rv9zCk8sXpI.roa (raw, json)
Hash identifier:          f9WQ4R1gZt+ZJ0SIm8bcyv6dQkzV8akCmn0pib7YoRQ=
Subject key identifier:   4E:49:0D:AD:A3:29:8F:69:0F:C2:A9:78:AE:FF:73:0A:4F:2C:5E:92
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FDCDE19721873ED7B8ABAC90E94E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TkkNraMpj2kPwql4rv9zCk8sXpI.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43830
IP address blocks:        31.40.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fd:cd:e1:97:21:87:3e:d7:b8:ab:ac:90:e9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e490dada3298f690fc2a978aeff730a4f2c5e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f1:aa:b1:2d:37:dd:c5:4d:03:09:30:a7:f6:
                    88:2e:84:a5:c1:77:5c:ef:c3:85:e0:7c:3b:cb:28:
                    7e:9a:d5:11:86:a1:b2:78:d0:b1:14:6a:82:3d:27:
                    de:91:ca:21:a7:fb:34:ab:60:cd:84:ee:34:65:2c:
                    25:ef:34:18:14:e3:2e:76:fb:be:4f:cf:2c:21:c9:
                    fe:86:c5:0d:02:c3:2a:c3:4f:72:71:ce:9d:36:14:
                    64:ce:7b:ec:20:fe:c8:da:15:1d:01:07:e3:84:8d:
                    9c:7a:ec:73:3f:f6:c7:0b:65:2d:26:48:37:06:5f:
                    56:54:c4:04:e0:49:6b:74:9d:33:7f:ec:0d:c7:a1:
                    eb:b2:98:b2:9e:37:fc:b4:84:f6:c0:20:b9:d4:a4:
                    80:b5:13:78:02:ae:71:e4:5a:df:8a:36:56:0b:63:
                    ac:ab:60:28:d7:3e:55:05:bf:66:d0:33:4c:bf:fd:
                    a4:12:77:7f:c3:ff:b5:e0:74:56:10:bf:ca:40:4f:
                    21:43:68:9e:06:e8:46:a8:60:a1:fc:08:59:d8:6c:
                    10:14:2b:37:b5:fc:ea:e9:7f:7d:f7:6e:d8:57:f0:
                    dc:97:80:36:11:0b:d2:3c:e8:ed:46:61:d9:8b:f3:
                    c3:fc:10:8e:87:86:46:45:fe:1a:20:18:4e:da:d8:
                    83:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:49:0D:AD:A3:29:8F:69:0F:C2:A9:78:AE:FF:73:0A:4F:2C:5E:92
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TkkNraMpj2kPwql4rv9zCk8sXpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:61:9b:d1:c9:90:3e:19:bd:fc:f7:3a:98:b0:f1:e1:13:39:
         eb:25:c5:05:f9:b8:07:cb:70:d2:1d:b4:20:ae:4e:ff:75:13:
         99:02:f4:c2:89:e4:98:65:30:c7:ea:5c:1c:93:bb:1f:a6:de:
         55:70:76:f5:15:74:01:ea:aa:1f:a4:d8:e3:2e:05:e0:e9:24:
         9e:95:5a:0e:7e:77:12:8c:32:83:3a:1a:e1:53:28:4d:21:2a:
         bf:2d:09:73:36:c7:15:07:4b:87:e4:4d:b0:2d:b4:70:0d:fe:
         3b:68:df:47:1d:e2:7d:f2:f7:9f:89:91:96:43:f1:34:18:f9:
         9b:2c:77:75:5b:b5:5d:6f:92:82:12:8d:95:38:64:b3:88:92:
         d7:b1:55:0f:9b:a2:65:03:43:60:de:e4:61:7c:eb:0f:91:95:
         e9:0c:51:44:0f:86:1e:af:bc:35:09:46:4a:2b:c4:d5:5f:6d:
         15:78:d7:27:35:5a:a0:a6:43:4b:9e:5d:cd:5c:df:a5:f1:ba:
         22:30:f1:af:a1:ce:2b:2d:e6:36:bd:3e:29:4f:c9:a6:5f:71:
         27:a8:24:a0:c1:85:b2:2b:fa:db:5f:00:e0:c3:c3:72:4f:98:
         cd:a3:fe:08:44:7c:65:de:0a:07:95:05:3e:d7:d9:ee:53:b4:
         0e:72:3c:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/3N4Zchhz7XuKuskOlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ5MGRhZGEzMjk4ZjY5MGZjMmE5NzhhZWZmNzMwYTRmMmM1ZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/GqsS033cVNAwkwp/aILoSlwXdc
78OF4Hw7yyh+mtURhqGyeNCxFGqCPSfekcohp/s0q2DNhO40ZSwl7zQYFOMudvu+
T88sIcn+hsUNAsMqw09ycc6dNhRkznvsIP7I2hUdAQfjhI2ceuxzP/bHC2UtJkg3
Bl9WVMQE4ElrdJ0zf+wNx6Hrspiynjf8tIT2wCC51KSAtRN4Aq5x5FrfijZWC2Os
q2Ao1z5VBb9m0DNMv/2kEnd/w/+14HRWEL/KQE8hQ2ieBuhGqGCh/AhZ2GwQFCs3
tfzq6X99927YV/Dcl4A2EQvSPOjtRmHZi/PD/BCOh4ZGRf4aIBhO2tiDJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5JDa2jKY9pD8KpeK7/cwpPLF6SMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVGtrTnJhTXBqMmtQd3FsNHJ2OXpDazhzWHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyj7MA0G
CSqGSIb3DQEBCwUAA4IBAQA5YZvRyZA+Gb389zqYsPHhEznrJcUF+bgHy3DSHbQg
rk7/dROZAvTCieSYZTDH6lwck7sfpt5VcHb1FXQB6qofpNjjLgXg6SSelVoOfncS
jDKDOhrhUyhNISq/LQlzNscVB0uH5E2wLbRwDf47aN9HHeJ98vefiZGWQ/E0GPmb
LHd1W7Vdb5KCEo2VOGSziJLXsVUPm6JlA0Ng3uRhfOsPkZXpDFFED4Yer7w1CUZK
K8TVX20VeNcnNVqgpkNLnl3NXN+l8boiMPGvoc4rLeY2vT4pT8mmX3EnqCSgwYWy
K/rbXwDgw8NyT5jNo/4IRHxl3goHlQU+19nuU7QOcjx2
-----END CERTIFICATE-----