Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/oQmDS9OyWmw4qbX_RxUyk824228.roa
File:                     oQmDS9OyWmw4qbX_RxUyk824228.roa (raw, json)
Hash identifier:          joHFOvFR7JuSQIoicIyGEGjOCGSkIauTU5jH7oWWLJA=
Subject key identifier:   A1:09:83:4B:D3:B2:5A:6C:38:A9:B5:FF:47:15:32:93:CD:B8:DB:6F
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC37FCC8679607F6D0701C846FE512
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/oQmDS9OyWmw4qbX_RxUyk824228.roa
Signing time:             Wed 01 Jan 2025 17:49:02 +0000
ROA not before:           Wed 01 Jan 2025 17:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198100
IP address blocks:        81.31.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:37:fc:c8:67:96:07:f6:d0:70:1c:84:6f:e5:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a109834bd3b25a6c38a9b5ff47153293cdb8db6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6a:8f:6d:d8:52:5b:06:49:27:33:42:cf:f5:
                    1c:5f:f0:77:28:74:47:04:73:64:e6:62:c2:ff:34:
                    e2:4f:c7:4e:6e:62:a7:db:fe:7f:3d:49:70:71:5a:
                    9b:43:85:f3:9e:8a:bb:ce:ce:4b:b7:1a:da:95:64:
                    cd:df:b6:99:dd:cc:b8:81:e9:fe:93:77:92:3a:43:
                    6d:44:8e:55:cc:65:ab:2b:a6:18:46:e2:8d:94:98:
                    ee:c7:3b:a3:39:13:ae:10:93:52:c6:76:fb:4c:0a:
                    16:13:fb:4e:67:5c:f9:ab:5b:75:c0:5c:48:ee:8d:
                    84:91:a5:ea:8e:1c:0b:8e:a7:c7:6e:3f:82:79:92:
                    f8:0c:f3:a6:87:2f:ae:5b:88:e9:5e:02:a6:8d:e9:
                    6f:66:7f:e2:01:8b:17:00:20:2f:8f:70:93:00:47:
                    13:88:1f:75:03:b4:47:18:72:51:83:50:d7:80:56:
                    1a:cd:be:84:a1:05:aa:e9:79:1b:76:0e:8e:ec:53:
                    77:a7:c4:4c:05:55:68:ba:6e:db:17:40:f6:cc:e7:
                    23:a6:95:0c:ed:92:de:e4:e9:5b:e6:04:26:6e:4b:
                    5f:7d:83:95:2d:bb:1a:91:96:39:8d:c1:70:7f:4d:
                    45:44:7d:b2:b5:55:de:2b:ee:0d:05:6f:aa:22:d5:
                    b2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:09:83:4B:D3:B2:5A:6C:38:A9:B5:FF:47:15:32:93:CD:B8:DB:6F
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/oQmDS9OyWmw4qbX_RxUyk824228.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:83:d6:06:1e:fb:d5:ef:85:12:ed:cc:71:5d:8e:76:34:c7:
         7d:a9:6f:8f:65:67:cd:fd:e6:eb:b6:1b:cc:29:09:b5:4c:24:
         aa:08:c2:18:b1:75:cd:f4:a0:23:31:2a:3a:b1:46:9d:22:a6:
         90:8c:45:76:c0:e8:44:77:ea:24:25:16:64:64:51:10:ee:e8:
         23:b4:80:cc:07:18:01:53:e1:b4:17:0c:2e:5d:85:0e:04:89:
         d0:91:43:16:b8:42:8f:24:aa:a7:0e:69:8e:fc:e1:71:09:17:
         21:24:16:50:d4:3a:a8:0d:17:da:16:c5:a8:b8:ec:e3:e7:45:
         6a:90:9d:14:00:18:af:b0:cf:23:1e:a2:ba:a7:eb:17:d4:8e:
         fa:7c:c7:ac:a3:3b:63:62:10:a5:00:a9:36:78:d3:c4:30:87:
         8b:f1:6d:74:51:4c:3d:29:34:6e:64:67:c3:2b:b6:a3:15:0e:
         19:0a:5c:81:3b:15:99:30:cb:bc:9c:6e:c8:0c:bb:11:35:68:
         92:58:80:a4:1e:40:a1:eb:71:2c:ad:e0:a8:82:c2:ee:b7:3c:
         a2:8b:50:cd:97:49:d5:de:9b:50:77:33:0f:13:e5:f4:94:69:
         56:41:42:09:87:f1:fe:5e:e6:ba:fc:15:9e:35:66:34:98:b5:
         e6:50:d6:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Df8yGeWB/bQcByEb+USMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA5ODM0YmQzYjI1YTZjMzhhOWI1ZmY0NzE1MzI5M2NkYjhkYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmqPbdhSWwZJJzNCz/UcX/B3KHRH
BHNk5mLC/zTiT8dObmKn2/5/PUlwcVqbQ4Xznoq7zs5LtxralWTN37aZ3cy4gen+
k3eSOkNtRI5VzGWrK6YYRuKNlJjuxzujOROuEJNSxnb7TAoWE/tOZ1z5q1t1wFxI
7o2EkaXqjhwLjqfHbj+CeZL4DPOmhy+uW4jpXgKmjelvZn/iAYsXACAvj3CTAEcT
iB91A7RHGHJRg1DXgFYazb6EoQWq6Xkbdg6O7FN3p8RMBVVoum7bF0D2zOcjppUM
7ZLe5Olb5gQmbktffYOVLbsakZY5jcFwf01FRH2ytVXeK+4NBW+qItWyVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEJg0vTslpsOKm1/0cVMpPNuNtvMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvb1FtRFM5T3lXbXc0cWJYX1J4VXlrODI0MjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/oMA0G
CSqGSIb3DQEBCwUAA4IBAQAqg9YGHvvV74US7cxxXY52NMd9qW+PZWfN/ebrthvM
KQm1TCSqCMIYsXXN9KAjMSo6sUadIqaQjEV2wOhEd+okJRZkZFEQ7ugjtIDMBxgB
U+G0FwwuXYUOBInQkUMWuEKPJKqnDmmO/OFxCRchJBZQ1DqoDRfaFsWouOzj50Vq
kJ0UABivsM8jHqK6p+sX1I76fMesoztjYhClAKk2eNPEMIeL8W10UUw9KTRuZGfD
K7ajFQ4ZClyBOxWZMMu8nG7IDLsRNWiSWICkHkCh63EsreCogsLutzyii1DNl0nV
3ptQdzMPE+X0lGlWQUIJh/H+Xua6/BWeNWY0mLXmUNby
-----END CERTIFICATE-----