Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/p0H-UvlbJAxkRpZM50LM0HMaTh4.roa
File:                     p0H-UvlbJAxkRpZM50LM0HMaTh4.roa (raw, json)
Hash identifier:          eqbVXmLmRGS+69kMEz9SPkK3Rw5wmLRM/rZ2KSdZI3s=
Subject key identifier:   A7:41:FE:52:F9:5B:24:0C:64:46:96:4C:E7:42:CC:D0:73:1A:4E:1E
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019423D6B2BA1C770709A54D3B62DDB30F51
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/p0H-UvlbJAxkRpZM50LM0HMaTh4.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199110
IP address blocks:        31.44.250.0/24 maxlen: 24
                          31.44.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b2:ba:1c:77:07:09:a5:4d:3b:62:dd:b3:0f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a741fe52f95b240c6446964ce742ccd0731a4e1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:70:08:3f:ab:dd:79:99:52:f2:55:2f:9c:68:
                    59:9a:e2:b2:f5:bb:85:76:e5:1d:c6:8b:c7:a2:26:
                    d1:b5:d8:8c:7d:b3:95:25:26:5d:23:ad:53:90:9c:
                    f4:33:53:41:3e:34:c9:81:4f:ed:d7:95:ef:4b:e1:
                    e4:0e:19:1b:95:7c:a0:56:f2:1e:02:b0:f3:14:b4:
                    c6:66:26:91:9e:f3:f7:c0:8b:74:20:44:5f:37:6a:
                    fd:cb:8e:78:c7:98:c0:fc:4c:71:11:92:d2:c1:dd:
                    a6:f1:b3:07:a4:47:fa:cf:2b:df:5d:8d:0d:29:43:
                    ea:9f:42:20:ec:ec:07:d2:e8:2f:8a:87:85:9c:07:
                    15:10:3f:59:82:3c:c5:48:af:9c:ae:63:78:ae:85:
                    57:5c:1f:c6:8c:65:1e:cd:a3:a5:68:bc:72:96:9d:
                    2a:8d:4f:6b:ee:08:f7:71:c5:57:67:5a:ee:d3:bd:
                    75:97:33:82:b6:8a:8c:1d:b4:3a:71:b4:0d:6a:cf:
                    53:1d:80:3b:f9:39:86:ac:2f:db:e1:d5:be:29:b8:
                    7a:f8:94:f9:fa:33:8a:f2:ed:63:cf:14:25:5b:1b:
                    b7:42:56:e5:92:d0:c1:55:95:5c:84:35:a9:4b:22:
                    be:57:54:0a:ea:cf:e7:0f:f5:1e:74:6d:10:fb:b1:
                    4b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:41:FE:52:F9:5B:24:0C:64:46:96:4C:E7:42:CC:D0:73:1A:4E:1E
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/p0H-UvlbJAxkRpZM50LM0HMaTh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:d1:3c:d8:e7:04:19:7f:f6:12:6d:cb:d1:ee:eb:d2:81:03:
         41:b8:8d:25:a0:66:da:c4:0d:fa:04:1c:59:9d:30:14:e5:0e:
         6f:39:54:3f:a0:e8:dc:8d:21:4d:42:e1:62:65:b5:fe:9c:99:
         32:ae:08:a2:62:6e:13:31:e8:a6:4f:58:a6:b6:2e:b8:46:6c:
         1e:5e:83:d8:cb:87:fc:3c:9e:e9:48:61:06:08:29:3c:46:5b:
         d3:25:b1:11:bd:a9:58:90:65:c6:60:f1:8e:d9:6d:c3:b4:fa:
         d9:07:5c:a9:56:94:2d:3d:b7:28:89:a8:67:72:f2:11:a5:da:
         45:07:55:77:46:69:de:dc:48:84:7b:c0:5a:0c:75:92:d9:89:
         46:c1:45:bc:56:12:c1:7b:e9:d1:34:2a:39:e9:27:4d:26:80:
         a5:4b:56:fe:57:fa:ea:dc:19:ec:cc:3b:62:5e:4b:a9:64:d9:
         20:4d:bb:3c:2f:09:42:fb:c1:83:81:82:71:f8:f2:b6:3c:37:
         63:97:70:7c:62:ae:c2:46:72:49:6d:84:89:ef:6f:32:ed:fa:
         ee:75:b7:b0:c1:82:01:af:66:9d:95:6f:74:1a:8a:33:1e:c0:
         7f:c3:17:f6:d5:34:0f:05:09:1f:43:bb:3f:5e:05:5d:f8:8a:
         73:e0:cc:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rK6HHcHCaVNO2Ldsw9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQxZmU1MmY5NWIyNDBjNjQ0Njk2NGNlNzQyY2NkMDczMWE0ZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA63AIP6vdeZlS8lUvnGhZmuKy9buF
duUdxovHoibRtdiMfbOVJSZdI61TkJz0M1NBPjTJgU/t15XvS+HkDhkblXygVvIe
ArDzFLTGZiaRnvP3wIt0IERfN2r9y454x5jA/ExxEZLSwd2m8bMHpEf6zyvfXY0N
KUPqn0Ig7OwH0ugvioeFnAcVED9ZgjzFSK+crmN4roVXXB/GjGUezaOlaLxylp0q
jU9r7gj3ccVXZ1ru0711lzOCtoqMHbQ6cbQNas9THYA7+TmGrC/b4dW+Kbh6+JT5
+jOK8u1jzxQlWxu3QlblktDBVZVchDWpSyK+V1QK6s/nD/UedG0Q+7FL/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdB/lL5WyQMZEaWTOdCzNBzGk4eMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvcDBILVV2bGJKQXhrUnBaTTUwTE0wSE1hVGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyz6MA0G
CSqGSIb3DQEBCwUAA4IBAQB+0TzY5wQZf/YSbcvR7uvSgQNBuI0loGbaxA36BBxZ
nTAU5Q5vOVQ/oOjcjSFNQuFiZbX+nJkyrgiiYm4TMeimT1imti64RmweXoPYy4f8
PJ7pSGEGCCk8RlvTJbERvalYkGXGYPGO2W3DtPrZB1ypVpQtPbcoiahncvIRpdpF
B1V3Rmne3EiEe8BaDHWS2YlGwUW8VhLBe+nRNCo56SdNJoClS1b+V/rq3BnszDti
XkupZNkgTbs8LwlC+8GDgYJx+PK2PDdjl3B8Yq7CRnJJbYSJ728y7frudbewwYIB
r2adlW90GoozHsB/wxf21TQPBQkfQ7s/XgVd+Ipz4MxY
-----END CERTIFICATE-----