Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dfx8ZiiuaPMAgLjuSiMeTb8Zvzo.roa
File:                     dfx8ZiiuaPMAgLjuSiMeTb8Zvzo.roa (raw, json)
Hash identifier:          gp+2r1txZisE8gcUpV4tiiyoi5ICAc1Q84LHMfiYtvw=
Subject key identifier:   75:FC:7C:66:28:AE:68:F3:00:80:B8:EE:4A:23:1E:4D:BF:19:BF:3A
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FA9D48D927A87C31B3534ACDD0DB
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dfx8ZiiuaPMAgLjuSiMeTb8Zvzo.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39153
IP address blocks:        31.24.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fa:9d:48:d9:27:a8:7c:31:b3:53:4a:cd:d0:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75fc7c6628ae68f30080b8ee4a231e4dbf19bf3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:84:60:23:88:4b:5b:66:ec:86:62:cd:86:6d:
                    51:1f:6f:f9:87:61:80:f9:1b:2b:3e:ba:51:0b:3f:
                    32:49:0b:27:13:58:05:b4:db:6d:bc:2e:2f:d8:38:
                    a1:d1:2b:9a:07:97:fb:e9:d4:df:e8:e8:66:bc:99:
                    cc:78:95:74:4d:9f:b2:37:8c:8e:42:9f:7c:b5:09:
                    41:71:c1:16:2e:89:01:e3:62:37:71:91:4c:a2:0f:
                    b7:1d:b2:1d:21:5d:06:77:0c:ed:5e:9d:c8:be:3f:
                    5d:29:b1:ac:3d:0f:a4:a6:91:f2:ea:90:45:78:24:
                    1e:aa:e7:cc:f1:a5:f7:46:33:ac:25:63:09:7a:70:
                    4e:ee:07:ce:21:11:9e:e8:0a:09:ac:cf:44:c5:5c:
                    a4:1a:c9:19:b6:c4:f1:da:87:a7:06:31:9f:db:04:
                    6d:74:96:90:bd:11:69:8f:8f:98:4d:49:14:a8:0b:
                    9c:b4:a2:ce:a3:63:6f:d9:ed:4f:6b:cd:48:42:29:
                    81:47:a4:72:ed:89:3c:fc:39:37:e2:ec:9c:88:41:
                    9b:7d:d8:52:39:8a:2c:40:e7:b1:6d:3c:86:4a:75:
                    2f:ab:b4:9b:0e:96:34:bb:4d:87:58:9b:19:b6:de:
                    9f:ed:83:03:21:c1:b1:80:f1:18:1a:d9:9d:72:f5:
                    44:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FC:7C:66:28:AE:68:F3:00:80:B8:EE:4A:23:1E:4D:BF:19:BF:3A
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dfx8ZiiuaPMAgLjuSiMeTb8Zvzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:36:0e:6b:19:fa:54:fd:d9:15:de:c4:c9:f2:f1:1e:96:24:
         b7:ff:a4:fc:1e:25:29:b8:96:82:19:eb:c9:f0:86:6e:87:23:
         db:bd:a3:83:fa:69:28:4e:bc:f6:91:32:93:48:ed:5a:9f:76:
         8f:f0:6f:9b:28:bb:34:e4:d7:a0:08:55:fa:24:6e:80:e0:15:
         d0:4a:72:a3:fd:dc:62:01:dd:63:76:e3:3c:7a:0a:09:a0:1d:
         35:51:22:60:9a:48:cd:e6:39:8f:41:a8:93:17:53:d3:4f:81:
         96:61:2b:87:cf:5c:69:cd:5e:43:73:f4:67:e4:3e:43:7c:1d:
         0b:e4:15:a1:a9:13:83:f6:6f:5c:88:e4:e8:97:59:da:cd:75:
         13:98:27:6d:ef:1e:6d:e3:8d:79:ed:12:60:c0:9a:3f:8b:0a:
         e1:e3:38:f4:76:35:bf:97:7e:bc:c6:13:8e:cd:d4:7a:7c:f7:
         7d:09:46:dd:bb:e5:f8:cd:4d:0b:eb:e3:29:b1:9f:40:6e:63:
         19:09:ef:bc:3c:06:1f:2e:72:e2:b6:e0:59:5e:47:5e:4f:0b:
         e1:93:26:7c:81:3a:e4:3f:eb:e7:1c:3a:84:45:aa:26:18:31:
         a3:09:f8:69:ff:21:10:ea:41:56:df:75:e3:b0:41:46:d5:a2:
         39:b4:8c:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/qdSNknqHwxs1NKzdDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZjN2M2NjI4YWU2OGYzMDA4MGI4ZWU0YTIzMWU0ZGJmMTliZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYRgI4hLW2bshmLNhm1RH2/5h2GA
+RsrPrpRCz8ySQsnE1gFtNttvC4v2Dih0SuaB5f76dTf6OhmvJnMeJV0TZ+yN4yO
Qp98tQlBccEWLokB42I3cZFMog+3HbIdIV0GdwztXp3Ivj9dKbGsPQ+kppHy6pBF
eCQequfM8aX3RjOsJWMJenBO7gfOIRGe6AoJrM9ExVykGskZtsTx2oenBjGf2wRt
dJaQvRFpj4+YTUkUqAuctKLOo2Nv2e1Pa81IQimBR6Ry7Yk8/Dk34uyciEGbfdhS
OYosQOexbTyGSnUvq7SbDpY0u02HWJsZtt6f7YMDIcGxgPEYGtmdcvVEBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX8fGYormjzAIC47kojHk2/Gb86MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZGZ4OFppaXVhUE1BZ0xqdVNpTWVUYjhadnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj/MA0G
CSqGSIb3DQEBCwUAA4IBAQA1Ng5rGfpU/dkV3sTJ8vEeliS3/6T8HiUpuJaCGevJ
8IZuhyPbvaOD+mkoTrz2kTKTSO1an3aP8G+bKLs05NegCFX6JG6A4BXQSnKj/dxi
Ad1jduM8egoJoB01USJgmkjN5jmPQaiTF1PTT4GWYSuHz1xpzV5Dc/Rn5D5DfB0L
5BWhqROD9m9ciOTol1nazXUTmCdt7x5t44157RJgwJo/iwrh4zj0djW/l368xhOO
zdR6fPd9CUbdu+X4zU0L6+MpsZ9AbmMZCe+8PAYfLnLituBZXkdeTwvhkyZ8gTrk
P+vnHDqERaomGDGjCfhp/yEQ6kFW33XjsEFG1aI5tIzI
-----END CERTIFICATE-----