Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/G1PI32vXIbkXgcKhQ0SHmsA-Lnw.roa
File:                     G1PI32vXIbkXgcKhQ0SHmsA-Lnw.roa (raw, json)
Hash identifier:          7Y963vtn61281jo1Uj8ZuCZ+/NEGmwjvGvcRTIydNM4=
Subject key identifier:   1B:53:C8:DF:6B:D7:21:B9:17:81:C2:A1:43:44:87:9A:C0:3E:2E:7C
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC330BC2DDB61519782EE2137313C4
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/G1PI32vXIbkXgcKhQ0SHmsA-Lnw.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51847
IP address blocks:        81.31.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:33:0b:c2:dd:b6:15:19:78:2e:e2:13:73:13:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b53c8df6bd721b91781c2a14344879ac03e2e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c6:38:52:98:48:72:0a:41:96:60:b4:6f:3e:
                    76:83:80:0e:47:96:15:18:fd:ae:6e:ad:fd:d1:f9:
                    11:79:83:52:31:20:b5:e8:58:2e:7b:34:94:0c:d0:
                    55:9a:82:df:68:88:91:dc:e4:9a:ea:99:78:f0:e0:
                    75:5a:8c:97:80:6d:50:bf:34:ae:4e:6e:af:d8:95:
                    88:a7:4d:6f:44:33:f1:4f:a3:7e:6e:e9:0c:11:0a:
                    de:e1:4c:ee:77:e1:20:08:e2:30:b0:c9:c4:b0:74:
                    84:c8:90:fe:aa:fb:9c:d1:d0:f3:be:45:97:7a:5e:
                    92:87:ee:e9:e8:3c:5c:1a:e3:46:19:92:4c:fe:28:
                    d6:92:fd:bf:58:86:8e:6f:1c:28:8f:50:7a:74:84:
                    d4:88:9b:57:04:51:50:80:db:ed:15:b7:30:86:5f:
                    d0:0c:5d:d1:1b:03:ea:f7:e4:e6:13:7e:af:95:94:
                    66:11:8e:61:a8:a3:cb:d0:27:9c:e0:90:b3:cb:d6:
                    c0:4a:85:c8:d8:12:18:92:f4:e4:fd:b3:b1:0d:98:
                    3c:70:91:d4:1e:16:eb:b5:24:b9:66:be:c1:85:c6:
                    cf:a3:52:09:7a:97:59:b7:89:d7:94:ba:5d:64:37:
                    d3:ff:80:1b:5b:33:03:aa:69:ce:f5:e7:db:e8:e8:
                    91:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:53:C8:DF:6B:D7:21:B9:17:81:C2:A1:43:44:87:9A:C0:3E:2E:7C
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/G1PI32vXIbkXgcKhQ0SHmsA-Lnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:8a:15:e6:f6:d9:91:0d:fc:07:fc:6c:79:ec:bb:69:3c:2a:
         60:91:a5:cc:54:b6:af:cf:ee:cc:ab:a8:a9:f8:0b:1a:86:23:
         98:26:77:9b:c4:46:67:14:0e:5c:9b:73:33:31:99:76:f8:5a:
         df:ee:84:dc:64:04:5a:bf:95:e6:37:07:57:c0:e6:5b:07:31:
         cf:09:8f:46:34:82:33:d7:91:98:a7:ec:1e:0f:34:09:8d:a0:
         70:68:31:a5:28:20:f9:0d:03:2c:3b:7d:8a:1a:fb:7a:b4:9b:
         a7:e4:b5:f3:d5:c1:82:5d:53:a2:01:bf:78:4f:eb:dc:3a:16:
         1a:fe:71:01:23:0a:8d:1e:3e:18:49:29:af:a6:f8:13:cd:76:
         74:5f:be:ef:49:b6:b4:59:21:5e:ce:81:81:34:1e:17:55:4d:
         43:c2:ad:65:80:5f:aa:00:17:16:34:1a:95:0d:e5:75:a0:66:
         e4:fc:38:7f:63:10:e6:cd:f1:52:ff:76:6b:01:c2:42:cc:e5:
         70:d3:74:f0:1b:3d:64:95:df:b7:32:7c:b5:4c:cc:a7:10:e5:
         7a:93:23:84:c0:0f:01:c8:59:28:48:bb:52:0e:22:9c:bb:0f:
         b1:c0:98:e0:db:c4:5d:51:8f:aa:c5:96:68:91:b9:82:94:36:
         cf:18:d7:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DMLwt22FRl4LuITcxPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjUzYzhkZjZiZDcyMWI5MTc4MWMyYTE0MzQ0ODc5YWMwM2UyZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsY4UphIcgpBlmC0bz52g4AOR5YV
GP2ubq390fkReYNSMSC16FguezSUDNBVmoLfaIiR3OSa6pl48OB1WoyXgG1QvzSu
Tm6v2JWIp01vRDPxT6N+bukMEQre4Uzud+EgCOIwsMnEsHSEyJD+qvuc0dDzvkWX
el6Sh+7p6DxcGuNGGZJM/ijWkv2/WIaObxwoj1B6dITUiJtXBFFQgNvtFbcwhl/Q
DF3RGwPq9+TmE36vlZRmEY5hqKPL0Cec4JCzy9bASoXI2BIYkvTk/bOxDZg8cJHU
HhbrtSS5Zr7BhcbPo1IJepdZt4nXlLpdZDfT/4AbWzMDqmnO9efb6OiRxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtTyN9r1yG5F4HCoUNEh5rAPi58MB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvRzFQSTMydlhJYmtYZ2NLaFEwU0htc0EtTG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/oMA0G
CSqGSIb3DQEBCwUAA4IBAQDJihXm9tmRDfwH/Gx57LtpPCpgkaXMVLavz+7Mq6ip
+AsahiOYJnebxEZnFA5cm3MzMZl2+Frf7oTcZARav5XmNwdXwOZbBzHPCY9GNIIz
15GYp+weDzQJjaBwaDGlKCD5DQMsO32KGvt6tJun5LXz1cGCXVOiAb94T+vcOhYa
/nEBIwqNHj4YSSmvpvgTzXZ0X77vSba0WSFezoGBNB4XVU1Dwq1lgF+qABcWNBqV
DeV1oGbk/Dh/YxDmzfFS/3ZrAcJCzOVw03TwGz1kld+3Mny1TMynEOV6kyOEwA8B
yFkoSLtSDiKcuw+xwJjg28RdUY+qxZZokbmClDbPGNdA
-----END CERTIFICATE-----