Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lbrPEbSuq8MGiugfDCfuWsxoHWM.roa
File:                     lbrPEbSuq8MGiugfDCfuWsxoHWM.roa (raw, json)
Hash identifier:          aEziOZhVwJ11tjsb9rfj1shhPuYeS1ripLduKA6Erwo=
Subject key identifier:   95:BA:CF:11:B4:AE:AB:C3:06:8A:E8:1F:0C:27:EE:5A:CC:68:1D:63
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       019424B3AEA32FA2E340B92502FEC36290D1
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lbrPEbSuq8MGiugfDCfuWsxoHWM.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        31.171.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 10:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ae:a3:2f:a2:e3:40:b9:25:02:fe:c3:62:90:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95bacf11b4aeabc3068ae81f0c27ee5acc681d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8a:be:de:3e:03:b0:fb:e5:58:10:ec:d1:8e:
                    05:70:6d:21:5c:7a:b3:af:a2:71:9b:8b:2e:28:fe:
                    12:a2:67:d6:40:ee:eb:49:8f:f9:ee:fe:e2:d8:47:
                    46:2c:71:7b:2f:b7:fc:54:3f:43:17:61:fd:4f:95:
                    fa:e4:77:2d:3c:86:e3:35:35:f0:8e:89:16:f6:c7:
                    eb:ea:74:55:5e:04:d9:bd:88:e4:56:00:9d:f7:db:
                    ae:25:87:73:3f:90:a7:59:d9:bf:94:00:e0:fa:26:
                    b3:e1:37:b6:bc:3d:2d:04:c4:33:27:31:78:e8:ef:
                    e0:a0:9d:6c:e2:a0:11:dc:2e:e0:49:b8:c1:d3:87:
                    92:97:d5:67:ec:5f:f4:cc:f0:a9:0c:9f:4c:ec:a6:
                    77:d0:a5:73:2c:1f:66:f0:2f:03:f1:be:b6:b0:63:
                    87:1e:92:75:93:26:6f:0f:8d:ac:e8:ec:04:17:2a:
                    30:91:7b:1f:69:d0:c7:a3:24:c3:bd:8b:f6:22:b2:
                    c3:58:20:d7:eb:fc:ec:5b:44:aa:e6:e7:d8:65:35:
                    43:d5:06:57:83:c3:31:c7:33:26:39:9b:f4:6d:29:
                    d3:0a:e6:f0:34:e3:07:64:ca:e1:86:84:73:d7:1b:
                    09:52:ff:36:29:08:83:f4:96:a5:50:75:c2:53:ad:
                    d6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BA:CF:11:B4:AE:AB:C3:06:8A:E8:1F:0C:27:EE:5A:CC:68:1D:63
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lbrPEbSuq8MGiugfDCfuWsxoHWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:50:7c:ab:06:cb:e6:4c:d6:38:0b:67:eb:e9:5e:3b:32:8f:
         fc:bd:9e:3c:ad:fe:52:ec:38:09:29:be:fd:6e:6d:a4:ab:bc:
         3a:2f:84:8b:f9:a6:4f:04:20:f2:f2:cb:32:e3:84:cd:25:51:
         73:c1:44:0f:c1:e9:88:ba:39:e9:1c:01:9b:4d:19:9c:b1:9b:
         0b:0f:35:28:13:74:b8:e5:8c:06:86:09:f6:ea:ec:7b:35:a5:
         12:58:37:64:51:65:7a:55:96:b9:31:e4:84:8a:fa:ee:57:b4:
         96:c5:29:8a:5e:fb:21:5e:58:b3:44:3f:32:2c:7d:52:16:f2:
         c6:da:d5:60:5a:2a:a6:4d:7c:1e:2d:64:78:f8:8a:8c:02:cd:
         c0:4a:f4:b3:ce:dc:73:e7:17:ba:fe:c3:50:37:90:1e:3b:fa:
         c8:4b:c3:b9:05:29:f2:9e:c2:cd:05:a1:d0:a7:80:c7:cf:5f:
         26:07:46:d3:8b:8f:28:3c:0a:d9:6f:e5:91:9a:2e:7f:72:ce:
         e2:3e:d4:99:b3:62:ca:23:7f:0b:1b:b1:00:24:d4:23:18:23:
         95:0f:cb:85:34:b1:20:1c:62:4a:eb:21:ff:ca:ca:8e:3e:4d:
         aa:b6:63:f8:27:64:40:00:c7:74:2f:66:03:39:f0:b6:f3:6f:
         b4:12:26:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks66jL6LjQLklAv7DYpDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJhY2YxMWI0YWVhYmMzMDY4YWU4MWYwYzI3ZWU1YWNjNjgxZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Yq+3j4DsPvlWBDs0Y4FcG0hXHqz
r6Jxm4suKP4SomfWQO7rSY/57v7i2EdGLHF7L7f8VD9DF2H9T5X65HctPIbjNTXw
jokW9sfr6nRVXgTZvYjkVgCd99uuJYdzP5CnWdm/lADg+iaz4Te2vD0tBMQzJzF4
6O/goJ1s4qAR3C7gSbjB04eSl9Vn7F/0zPCpDJ9M7KZ30KVzLB9m8C8D8b62sGOH
HpJ1kyZvD42s6OwEFyowkXsfadDHoyTDvYv2IrLDWCDX6/zsW0Sq5ufYZTVD1QZX
g8MxxzMmOZv0bSnTCubwNOMHZMrhhoRz1xsJUv82KQiD9JalUHXCU63WNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW6zxG0rqvDBoroHwwn7lrMaB1jMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvbGJyUEViU3VxOE1HaXVnZkRDZnVXc3hvSFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6uCMA0G
CSqGSIb3DQEBCwUAA4IBAQCiUHyrBsvmTNY4C2fr6V47Mo/8vZ48rf5S7DgJKb79
bm2kq7w6L4SL+aZPBCDy8ssy44TNJVFzwUQPwemIujnpHAGbTRmcsZsLDzUoE3S4
5YwGhgn26ux7NaUSWDdkUWV6VZa5MeSEivruV7SWxSmKXvshXlizRD8yLH1SFvLG
2tVgWiqmTXweLWR4+IqMAs3ASvSzztxz5xe6/sNQN5AeO/rIS8O5BSnynsLNBaHQ
p4DHz18mB0bTi48oPArZb+WRmi5/cs7iPtSZs2LKI38LG7EAJNQjGCOVD8uFNLEg
HGJK6yH/ysqOPk2qtmP4J2RAAMd0L2YDOfC282+0EiZE
-----END CERTIFICATE-----