Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/wQQ_d2GjHPxfeuZhiPq0NlQrsUc.roa
File:                     wQQ_d2GjHPxfeuZhiPq0NlQrsUc.roa (raw, json)
Hash identifier:          X6PXX89iZwx82Sdz6LkQl0Ci0LO6DvoxlhCySztAfS8=
Subject key identifier:   C1:04:3F:77:61:A3:1C:FC:5F:7A:E6:61:88:FA:B4:36:54:2B:B1:47
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       019424B3ACDBC929A051713F7CCD81E88821
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/wQQ_d2GjHPxfeuZhiPq0NlQrsUc.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        31.171.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ac:db:c9:29:a0:51:71:3f:7c:cd:81:e8:88:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1043f7761a31cfc5f7ae66188fab436542bb147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2a:26:ef:bc:2c:46:9e:f6:cf:ac:63:0c:05:
                    ed:a0:49:7f:5d:39:3a:7e:02:6f:27:29:60:44:71:
                    39:56:55:e2:f7:c4:d6:0e:86:8d:d9:63:ef:2d:a1:
                    b1:62:f7:9b:22:eb:1e:a8:1b:2b:4f:ff:14:f1:4a:
                    7a:56:86:42:43:e9:e1:cb:ef:3c:85:3f:cf:5e:7e:
                    bb:ce:1d:d8:fa:da:89:a9:e5:bd:89:0e:1d:49:bc:
                    d1:96:22:0b:38:d0:3e:19:6e:7e:ce:b3:c2:df:1b:
                    6c:0b:89:e2:03:aa:89:c4:31:ad:20:cd:93:68:4a:
                    3f:7c:e1:00:ea:57:9d:10:9c:e7:f1:97:9b:ed:40:
                    e7:d1:60:a2:5a:df:2c:12:50:c8:96:93:78:aa:f0:
                    19:29:fb:70:3d:27:ea:d7:4b:99:33:25:c1:57:8b:
                    77:64:5f:b7:69:ac:09:59:22:6c:40:1d:60:05:2b:
                    aa:47:73:ac:5d:30:a5:19:85:b3:c0:51:58:ec:5e:
                    78:e6:11:0e:0d:49:b9:f9:0c:ca:34:7e:fd:ab:46:
                    29:65:16:4b:48:ef:fb:90:b0:db:2c:b9:89:a7:46:
                    ce:9c:44:ed:dc:fb:72:a9:b0:10:53:ac:04:9c:3e:
                    ce:f9:b3:79:85:b2:87:ab:82:53:69:9b:a9:8c:40:
                    45:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:04:3F:77:61:A3:1C:FC:5F:7A:E6:61:88:FA:B4:36:54:2B:B1:47
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/wQQ_d2GjHPxfeuZhiPq0NlQrsUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:01:54:ff:cd:99:41:6f:cb:53:55:2a:8a:f9:3c:81:f0:dc:
         c3:12:c6:8d:5d:69:0f:73:45:1e:82:94:1c:76:e4:e0:51:9e:
         06:2d:39:19:8e:dd:de:99:79:d8:47:dd:1d:23:97:a8:f6:12:
         e9:8a:da:d4:e1:6d:08:0b:83:ca:4e:15:72:77:75:c9:1f:6a:
         b6:24:0c:4d:bd:0a:77:80:74:a8:12:c8:5c:a3:a4:2f:ca:8b:
         cb:c4:75:1f:f6:77:d8:56:2e:12:e8:50:7a:93:c4:45:ad:bf:
         07:5d:8f:01:f8:89:be:34:b7:30:73:c8:a2:bf:27:be:da:cf:
         07:f4:0e:34:8b:4d:b4:28:c7:6e:fb:05:5d:80:12:76:fc:50:
         33:22:d6:8d:85:4c:02:5c:97:f8:b8:77:31:f0:c2:64:2b:ff:
         39:17:a7:0a:6d:a6:98:a1:9f:7a:07:e2:c6:fd:85:95:8a:27:
         54:75:52:27:9e:6e:60:f3:6c:05:2f:b4:ae:03:0d:a6:dd:7c:
         64:82:dc:f2:e6:9b:e8:3c:34:f3:91:84:fa:cd:56:ff:3b:49:
         3b:e0:26:dc:dc:25:b2:50:49:a7:55:a3:b4:e8:70:bf:58:23:
         6d:97:56:7f:1b:ab:09:d5:a8:3b:49:6f:9c:65:46:75:d8:f6:
         67:b7:6f:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6zbySmgUXE/fM2B6IghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTA0M2Y3NzYxYTMxY2ZjNWY3YWU2NjE4OGZhYjQzNjU0MmJiMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCom77wsRp72z6xjDAXtoEl/XTk6
fgJvJylgRHE5VlXi98TWDoaN2WPvLaGxYvebIuseqBsrT/8U8Up6VoZCQ+nhy+88
hT/PXn67zh3Y+tqJqeW9iQ4dSbzRliILONA+GW5+zrPC3xtsC4niA6qJxDGtIM2T
aEo/fOEA6ledEJzn8Zeb7UDn0WCiWt8sElDIlpN4qvAZKftwPSfq10uZMyXBV4t3
ZF+3aawJWSJsQB1gBSuqR3OsXTClGYWzwFFY7F545hEODUm5+QzKNH79q0YpZRZL
SO/7kLDbLLmJp0bOnETt3PtyqbAQU6wEnD7O+bN5hbKHq4JTaZupjEBFSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEEP3dhoxz8X3rmYYj6tDZUK7FHMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvd1FRX2QyR2pIUHhmZXVaaGlQcTBObFFyc1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6uAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSAVT/zZlBb8tTVSqK+TyB8NzDEsaNXWkPc0UegpQc
duTgUZ4GLTkZjt3emXnYR90dI5eo9hLpitrU4W0IC4PKThVyd3XJH2q2JAxNvQp3
gHSoEshco6QvyovLxHUf9nfYVi4S6FB6k8RFrb8HXY8B+Im+NLcwc8iivye+2s8H
9A40i020KMdu+wVdgBJ2/FAzItaNhUwCXJf4uHcx8MJkK/85F6cKbaaYoZ96B+LG
/YWViidUdVInnm5g82wFL7SuAw2m3Xxkgtzy5pvoPDTzkYT6zVb/O0k74Cbc3CWy
UEmnVaO06HC/WCNtl1Z/G6sJ1ag7SW+cZUZ12PZnt28L
-----END CERTIFICATE-----