Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/D7_j71WlNQbJSaNR8h4l7oOWSxU.roa
File:                     D7_j71WlNQbJSaNR8h4l7oOWSxU.roa (raw, json)
Hash identifier:          NIejWpZS6g33TTIHATPaLnEB2XPdA2izYQUXBac0DZo=
Subject key identifier:   0F:BF:E3:EF:55:A5:35:06:C9:49:A3:51:F2:1E:25:EE:83:96:4B:15
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F24418C7B51E2EA3968E2B7AD7F0
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/D7_j71WlNQbJSaNR8h4l7oOWSxU.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42708
IP address blocks:        176.116.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f2:44:18:c7:b5:1e:2e:a3:96:8e:2b:7a:d7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fbfe3ef55a53506c949a351f21e25ee83964b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e3:10:4e:63:ec:73:2b:14:67:43:76:22:c3:
                    f0:b7:49:a2:8a:0f:10:8f:ff:bb:03:5d:59:7a:c8:
                    4f:ef:01:55:ef:58:4a:6c:09:d8:7f:eb:49:a1:c9:
                    30:a2:99:4c:f1:05:a2:82:9f:ab:5c:73:f9:af:aa:
                    6c:6e:43:87:04:e9:1a:a2:ca:ab:0c:65:15:2c:d1:
                    a6:50:1e:06:a2:6d:31:cb:23:1a:8d:a0:8e:3e:0f:
                    03:ba:04:a6:5e:05:c8:98:c8:0c:89:02:7a:13:c3:
                    89:20:98:d4:e2:b5:ee:dd:d9:b2:cd:bd:a2:eb:3a:
                    71:46:52:72:ee:9e:23:bf:ae:fb:89:03:fd:a9:d5:
                    bf:44:30:55:fa:0c:51:b1:8e:e9:61:e0:c7:a3:54:
                    de:5e:bf:9c:d7:61:2b:8f:05:ab:df:de:85:58:16:
                    46:77:7b:4e:2b:cd:44:3d:e9:7a:35:0e:28:f4:f2:
                    2d:b9:61:75:7a:46:0f:86:ab:15:e0:0f:d3:10:1e:
                    af:e8:94:3b:bf:dc:71:2d:b0:24:5a:54:90:b7:02:
                    04:2c:35:41:34:38:38:bc:bb:24:52:87:37:b2:9b:
                    2a:c5:26:40:fe:5a:c2:7c:e4:c5:18:7b:9b:17:1d:
                    24:5a:52:3a:f5:c0:e5:7d:98:b7:2c:fe:ac:cd:48:
                    00:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BF:E3:EF:55:A5:35:06:C9:49:A3:51:F2:1E:25:EE:83:96:4B:15
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/D7_j71WlNQbJSaNR8h4l7oOWSxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:0c:41:37:37:4a:5a:6a:5d:9c:8c:75:1d:f9:7a:ee:ff:fd:
         41:e4:6e:3a:4e:17:f4:2a:53:2b:6a:a9:00:a1:fa:bc:36:4f:
         26:f9:12:53:c6:c1:6d:57:3d:bd:a7:04:60:93:f2:e5:e2:b3:
         67:f0:ec:14:fe:08:b9:4a:64:b0:7d:5a:dd:f1:84:54:16:f2:
         4e:a2:e0:ae:bb:c3:45:0a:c7:47:62:92:91:ac:b7:2c:40:5e:
         3a:ef:d5:95:2a:38:84:d0:e8:db:05:26:75:2b:7f:e1:e2:81:
         8c:7f:f4:a1:61:f7:09:d9:cb:60:cb:89:d6:02:ec:02:a5:5a:
         df:a1:7d:1e:bb:95:bc:0c:91:10:fe:51:9a:39:a7:ce:1c:16:
         c6:c5:e3:9e:18:00:2a:e5:1f:dc:cb:b1:da:4a:3a:2d:4a:ee:
         06:0a:40:77:d6:30:89:03:96:04:45:44:4a:0c:80:cb:77:fa:
         35:21:f5:b5:92:1c:70:7b:49:e6:6d:06:11:85:7c:d0:d7:50:
         f6:ab:ed:a9:b2:26:ea:c8:42:99:f1:58:43:d2:db:2d:94:4a:
         fd:53:ba:af:8e:b1:95:8c:db:26:7f:dc:d4:b8:9b:97:ab:b3:
         07:3e:de:48:72:ac:8b:bf:be:bb:69:f5:b1:d5:5c:94:9c:69:
         c6:75:59:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafJEGMe1Hi6jlo4retfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJmZTNlZjU1YTUzNTA2Yzk0OWEzNTFmMjFlMjVlZTgzOTY0YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eMQTmPscysUZ0N2IsPwt0miig8Q
j/+7A11ZeshP7wFV71hKbAnYf+tJockwoplM8QWigp+rXHP5r6psbkOHBOkaosqr
DGUVLNGmUB4Gom0xyyMajaCOPg8DugSmXgXImMgMiQJ6E8OJIJjU4rXu3dmyzb2i
6zpxRlJy7p4jv677iQP9qdW/RDBV+gxRsY7pYeDHo1TeXr+c12ErjwWr396FWBZG
d3tOK81EPel6NQ4o9PItuWF1ekYPhqsV4A/TEB6v6JQ7v9xxLbAkWlSQtwIELDVB
NDg4vLskUoc3spsqxSZA/lrCfOTFGHubFx0kWlI69cDlfZi3LP6szUgAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+/4+9VpTUGyUmjUfIeJe6DlksVMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRDdfajcxV2xOUWJKU2FOUjhoNGw3b09XU3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQfMA0G
CSqGSIb3DQEBCwUAA4IBAQApDEE3N0paal2cjHUd+Xru//1B5G46Thf0KlMraqkA
ofq8Nk8m+RJTxsFtVz29pwRgk/Ll4rNn8OwU/gi5SmSwfVrd8YRUFvJOouCuu8NF
CsdHYpKRrLcsQF4679WVKjiE0OjbBSZ1K3/h4oGMf/ShYfcJ2ctgy4nWAuwCpVrf
oX0eu5W8DJEQ/lGaOafOHBbGxeOeGAAq5R/cy7HaSjotSu4GCkB31jCJA5YERURK
DIDLd/o1IfW1khxwe0nmbQYRhXzQ11D2q+2psibqyEKZ8VhD0tstlEr9U7qvjrGV
jNsmf9zUuJuXq7MHPt5IcqyLv767afWx1VyUnGnGdVmx
-----END CERTIFICATE-----