Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r4dYKzZZeD-_x-NBeaeGDzhVzD0.roa
File:                     r4dYKzZZeD-_x-NBeaeGDzhVzD0.roa (raw, json)
Hash identifier:          vTzNmlcDm+2c834NrzRCoPMvZr2cnvqhj501pL8Y+6c=
Subject key identifier:   AF:87:58:2B:36:59:78:3F:BF:C7:E3:41:79:A7:86:0F:38:55:CC:3D
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019421440686481F652963B93CDE56EEAD56
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r4dYKzZZeD-_x-NBeaeGDzhVzD0.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57271
IP address blocks:        31.24.251.0/24 maxlen: 24
                          45.90.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:06:86:48:1f:65:29:63:b9:3c:de:56:ee:ad:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af87582b3659783fbfc7e34179a7860f3855cc3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:45:3e:8a:4e:99:be:80:d7:4b:b3:6f:c3:b1:
                    8e:20:6c:24:7c:b6:9b:c0:19:a4:4e:6e:f7:72:c2:
                    c6:1b:ce:ac:59:07:b9:be:da:31:fd:9a:96:f8:6f:
                    cc:cf:14:a0:e6:e9:5d:6d:b8:4d:b7:ba:30:e5:35:
                    e7:ce:18:aa:4e:55:5a:45:90:32:79:fb:d2:a5:89:
                    d3:80:98:94:d6:48:af:1d:e5:cc:d0:0a:b5:0e:83:
                    cd:5c:69:c4:6c:8b:07:91:5f:27:06:be:32:a2:96:
                    96:d4:6e:5b:75:79:14:a8:9b:3a:a3:be:04:94:9e:
                    10:63:cc:9b:9f:a3:d1:8d:f4:c0:7f:48:9d:39:5e:
                    09:00:26:ee:dc:21:04:91:20:08:3f:c6:c4:9b:a8:
                    55:f1:b1:c9:fa:75:89:39:86:c0:dc:e1:62:c6:4b:
                    31:9d:78:96:a4:72:4c:15:39:1e:0f:10:8b:9e:1f:
                    18:67:4a:23:76:ad:82:3a:30:d3:51:7d:94:41:04:
                    b6:99:9f:eb:5e:0c:7b:3f:83:59:3f:8b:e6:09:f3:
                    0a:09:e6:e5:a3:40:00:0b:73:a4:3e:93:07:31:94:
                    4f:8f:3f:50:24:7d:94:6c:a2:d0:28:d3:1b:9e:26:
                    f3:f4:95:d4:ed:77:8d:ee:a1:be:79:5a:1a:88:cb:
                    55:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:87:58:2B:36:59:78:3F:BF:C7:E3:41:79:A7:86:0F:38:55:CC:3D
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r4dYKzZZeD-_x-NBeaeGDzhVzD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.251.0/24
                  45.90.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:6d:e7:d0:8a:b1:ee:82:c5:ed:9f:28:8d:ac:74:00:7c:71:
         b0:19:7e:87:80:10:73:1e:72:73:51:2a:a3:0f:39:af:e2:81:
         6c:87:7b:6d:5a:9b:f8:8a:4b:04:3a:c1:e8:5b:f3:90:3e:b0:
         82:40:46:f0:52:e0:0a:a5:f3:10:59:6f:3b:a1:3a:42:c4:38:
         52:be:29:a4:1b:bb:fc:a0:16:6d:95:18:ad:3b:94:3a:28:1d:
         1d:bf:f4:14:46:62:28:f1:6f:5e:14:4a:dd:3a:0c:4c:96:31:
         ac:b3:2e:75:14:87:aa:c0:3d:ad:b1:45:e5:37:73:8a:f3:01:
         e1:fb:96:3d:1f:f7:b5:d6:0e:9c:61:ba:7f:3d:7e:9f:d8:f7:
         5c:9d:37:28:61:79:2a:af:56:d6:d2:e8:95:97:41:74:28:af:
         76:aa:1d:7a:18:48:23:81:51:42:7b:c3:2a:82:cf:5d:f6:41:
         3a:4a:88:0e:7c:46:a4:1f:c0:dd:8a:6c:e9:4a:2f:f7:99:48:
         72:b7:e0:f5:c9:9c:e1:1b:80:f3:72:a6:31:23:db:9c:bb:4f:
         aa:1d:25:f6:e6:73:9f:20:57:12:14:6c:a7:9b:96:0c:ee:2b:
         36:7b:f1:af:6c:30:04:6b:0c:bb:78:f7:d0:b5:b7:90:c3:e1:
         da:29:63:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRAaGSB9lKWO5PN5W7q1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg3NTgyYjM2NTk3ODNmYmZjN2UzNDE3OWE3ODYwZjM4NTVjYzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUU+ik6ZvoDXS7Nvw7GOIGwkfLab
wBmkTm73csLGG86sWQe5vtox/ZqW+G/MzxSg5uldbbhNt7ow5TXnzhiqTlVaRZAy
efvSpYnTgJiU1kivHeXM0Aq1DoPNXGnEbIsHkV8nBr4yopaW1G5bdXkUqJs6o74E
lJ4QY8ybn6PRjfTAf0idOV4JACbu3CEEkSAIP8bEm6hV8bHJ+nWJOYbA3OFixksx
nXiWpHJMFTkeDxCLnh8YZ0ojdq2COjDTUX2UQQS2mZ/rXgx7P4NZP4vmCfMKCebl
o0AAC3OkPpMHMZRPjz9QJH2UbKLQKNMbnibz9JXU7XeN7qG+eVoaiMtVvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK+HWCs2WXg/v8fjQXmnhg84Vcw9MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvcjRkWUt6WlplRC1feC1OQmVhZUdEemhWekQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxj7AwQA
LVouMA0GCSqGSIb3DQEBCwUAA4IBAQA7befQirHugsXtnyiNrHQAfHGwGX6HgBBz
HnJzUSqjDzmv4oFsh3ttWpv4iksEOsHoW/OQPrCCQEbwUuAKpfMQWW87oTpCxDhS
vimkG7v8oBZtlRitO5Q6KB0dv/QURmIo8W9eFErdOgxMljGssy51FIeqwD2tsUXl
N3OK8wHh+5Y9H/e11g6cYbp/PX6f2PdcnTcoYXkqr1bW0uiVl0F0KK92qh16GEgj
gVFCe8Mqgs9d9kE6SogOfEakH8DdimzpSi/3mUhyt+D1yZzhG4DzcqYxI9ucu0+q
HSX25nOfIFcSFGynm5YM7is2e/GvbDAEawy7ePfQtbeQw+HaKWM6
-----END CERTIFICATE-----