Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/LzX9ElOnhGp_nPRgTmHqftx_RQw.roa
File:                     LzX9ElOnhGp_nPRgTmHqftx_RQw.roa (raw, json)
Hash identifier:          WQnCNTmDNCYbVxX/RpMfdPSYlE7UFVrF2G8SgVlhVgg=
Subject key identifier:   2F:35:FD:12:53:A7:84:6A:7F:9C:F4:60:4E:61:EA:7E:DC:7F:45:0C
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       01942521C4AF36E988B136E4EE54CB60CBB4
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/LzX9ElOnhGp_nPRgTmHqftx_RQw.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57694
IP address blocks:        31.172.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c4:af:36:e9:88:b1:36:e4:ee:54:cb:60:cb:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f35fd1253a7846a7f9cf4604e61ea7edc7f450c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:89:9a:eb:b1:7a:c9:40:6e:9c:b9:c2:e2:2e:
                    d3:aa:42:72:fc:a2:d2:b1:02:c1:04:37:0b:b0:3c:
                    67:f5:60:73:c2:3a:b2:71:47:f3:33:60:94:c2:0d:
                    c1:0b:3b:a0:2c:fc:27:40:77:a6:d3:87:0f:7e:c8:
                    b7:77:62:d2:c0:c2:14:5b:1c:cc:dd:77:c9:92:f1:
                    22:98:f5:ed:6a:ec:77:6b:59:e3:77:81:35:19:95:
                    ac:2e:c4:80:75:75:4e:5c:1b:93:6a:0f:94:fb:b8:
                    c1:36:dc:64:48:75:30:e6:14:a4:6c:83:63:08:2c:
                    e1:ed:42:6f:65:20:ca:e7:40:92:d3:09:49:d9:f3:
                    e7:71:2b:2c:49:47:99:55:04:9c:3f:b9:62:3e:13:
                    bf:7b:f3:74:2e:7c:4f:13:43:ca:f5:cb:e6:51:1b:
                    e8:56:54:e3:e5:6c:d6:40:18:1e:fa:1c:b2:8b:47:
                    5a:93:83:3f:45:b9:aa:2b:0b:1c:a5:78:ed:90:09:
                    cb:c8:98:16:b0:a5:95:dc:80:2c:eb:39:b6:94:5e:
                    16:f8:a5:ae:fc:10:39:00:8e:52:7c:fe:19:6e:bb:
                    5b:3f:0e:8d:96:e9:6c:ef:dc:b0:51:99:66:0d:e0:
                    9f:c0:84:c9:53:2d:64:63:cd:5a:5b:eb:ef:8d:9f:
                    3f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:35:FD:12:53:A7:84:6A:7F:9C:F4:60:4E:61:EA:7E:DC:7F:45:0C
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/LzX9ElOnhGp_nPRgTmHqftx_RQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:57:f1:48:33:f8:2f:5b:5f:f6:89:71:41:54:c8:5a:99:7c:
         70:97:8c:5a:d9:77:89:12:a1:37:66:bc:35:b6:aa:88:67:90:
         03:58:d0:9a:e6:01:40:9a:4a:96:e7:21:10:6b:9a:43:0e:c0:
         bd:5b:75:74:61:d9:11:b4:98:d0:54:1a:9a:54:5f:13:ff:42:
         98:55:4c:c8:24:04:d2:ae:cc:ec:6f:24:11:f6:48:42:c9:de:
         b8:8c:bd:3c:eb:ba:db:de:6e:d3:87:fd:fa:f6:09:9e:ad:06:
         2e:ff:d4:8a:08:95:06:c0:50:01:e6:9f:28:4b:53:ee:50:45:
         f3:9b:eb:2f:36:17:97:e5:6a:4e:5b:87:79:5c:db:4a:60:cb:
         f3:dc:64:03:72:53:5d:46:f4:e8:be:e4:75:2e:e0:ed:13:89:
         a5:7a:05:24:53:c5:a0:6e:55:a4:a3:05:e2:77:94:87:71:9b:
         70:e7:54:e6:49:e0:22:5b:4e:41:e7:36:83:8e:2d:0d:a2:9f:
         0a:c6:d6:9c:c4:f8:0a:de:84:bd:26:d1:f9:43:b1:27:1b:43:
         0f:df:06:e4:50:2c:e6:4a:73:50:90:e7:5f:8d:f9:76:03:9c:
         93:da:de:23:64:7c:2d:83:12:30:4f:9c:57:46:66:a4:a7:bd:
         06:d4:35:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcSvNumIsTbk7lTLYMu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM1ZmQxMjUzYTc4NDZhN2Y5Y2Y0NjA0ZTYxZWE3ZWRjN2Y0NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4ma67F6yUBunLnC4i7TqkJy/KLS
sQLBBDcLsDxn9WBzwjqycUfzM2CUwg3BCzugLPwnQHem04cPfsi3d2LSwMIUWxzM
3XfJkvEimPXtaux3a1njd4E1GZWsLsSAdXVOXBuTag+U+7jBNtxkSHUw5hSkbINj
CCzh7UJvZSDK50CS0wlJ2fPncSssSUeZVQScP7liPhO/e/N0LnxPE0PK9cvmURvo
VlTj5WzWQBge+hyyi0dak4M/RbmqKwscpXjtkAnLyJgWsKWV3IAs6zm2lF4W+KWu
/BA5AI5SfP4ZbrtbPw6Nluls79ywUZlmDeCfwITJUy1kY81aW+vvjZ8/owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC81/RJTp4Rqf5z0YE5h6n7cf0UMMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvTHpYOUVsT25oR3BfblBSZ1RtSHFmdHhfUlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6zvMA0G
CSqGSIb3DQEBCwUAA4IBAQCvV/FIM/gvW1/2iXFBVMhamXxwl4xa2XeJEqE3Zrw1
tqqIZ5ADWNCa5gFAmkqW5yEQa5pDDsC9W3V0YdkRtJjQVBqaVF8T/0KYVUzIJATS
rszsbyQR9khCyd64jL0867rb3m7Th/369gmerQYu/9SKCJUGwFAB5p8oS1PuUEXz
m+svNheX5WpOW4d5XNtKYMvz3GQDclNdRvTovuR1LuDtE4mlegUkU8WgblWkowXi
d5SHcZtw51TmSeAiW05B5zaDji0Nop8KxtacxPgK3oS9JtH5Q7EnG0MP3wbkUCzm
SnNQkOdfjfl2A5yT2t4jZHwtgxIwT5xXRmakp70G1DWs
-----END CERTIFICATE-----