Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/TtWAkSfWnAdWkPSbjWsj0bQP2Qs.roa
File:                     TtWAkSfWnAdWkPSbjWsj0bQP2Qs.roa (raw, json)
Hash identifier:          aq+t6Xrt8tsoSTCr/VP5wkOGWF6BiCi7pgwlC8GWdxs=
Subject key identifier:   4E:D5:80:91:27:D6:9C:07:56:90:F4:9B:8D:6B:23:D1:B4:0F:D9:0B
Certificate issuer:       /CN=b1706fcdb7ef0580f4ff2032ceeffd29b70ab639
Certificate serial:       019427B551DEFB4F900D2261634493BB5F52
Authority key identifier: B1:70:6F:CD:B7:EF:05:80:F4:FF:20:32:CE:EF:FD:29:B7:0A:B6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/TtWAkSfWnAdWkPSbjWsj0bQP2Qs.roa
Signing time:             Thu 02 Jan 2025 15:49:41 +0000
ROA not before:           Thu 02 Jan 2025 15:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214748
IP address blocks:        31.210.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:51:de:fb:4f:90:0d:22:61:63:44:93:bb:5f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1706fcdb7ef0580f4ff2032ceeffd29b70ab639
        Validity
            Not Before: Jan  2 15:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ed5809127d69c075690f49b8d6b23d1b40fd90b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8f:5b:40:e2:33:c7:44:64:02:0c:37:7d:39:
                    3a:90:43:fe:ae:79:d2:48:72:b8:ee:03:79:9a:37:
                    e2:b1:5e:d2:d1:f5:7b:9b:d4:6c:1d:ad:6d:e2:51:
                    c3:83:8b:72:d0:b7:ea:d0:8c:64:af:ec:9f:1f:5c:
                    2e:28:f9:44:93:fa:b0:62:89:91:c8:92:9e:d8:58:
                    43:c2:ad:54:d8:e2:2f:04:ad:99:dc:0e:aa:50:e3:
                    f7:93:4b:8b:78:e7:46:68:29:87:6b:be:d2:2d:82:
                    07:1f:e4:1a:27:a0:23:49:31:a1:6a:38:85:41:c7:
                    1c:dd:3c:51:23:d1:ba:2a:9c:aa:72:8b:c2:45:8f:
                    7a:57:1a:e3:63:11:91:ec:0b:df:79:85:f5:42:9c:
                    53:bb:e4:2d:dc:1c:70:07:8e:26:04:cd:6d:05:de:
                    af:27:ab:fa:e5:c2:a3:f4:8c:56:93:ef:bf:b9:c7:
                    d2:5d:66:fc:28:c5:91:3a:a7:8b:bb:3c:46:2c:57:
                    37:7f:13:c9:9f:a6:f4:02:e9:0a:40:08:7a:6b:a8:
                    41:ed:3b:f9:c7:c9:6e:be:9f:83:d0:80:61:4d:f7:
                    70:be:13:5d:16:84:e9:8c:55:cc:c3:40:28:5b:f4:
                    e6:42:70:16:49:99:73:a7:d3:2d:8b:ad:45:be:ec:
                    6c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D5:80:91:27:D6:9C:07:56:90:F4:9B:8D:6B:23:D1:B4:0F:D9:0B
            X509v3 Authority Key Identifier:
                keyid:B1:70:6F:CD:B7:EF:05:80:F4:FF:20:32:CE:EF:FD:29:B7:0A:B6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXBvzbfvBYD0_yAyzu_9KbcKtjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/TtWAkSfWnAdWkPSbjWsj0bQP2Qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dd2990-d28c-4f1a-b6bd-e81cd7022553/1/sXBvzbfvBYD0_yAyzu_9KbcKtjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:75:14:00:c0:af:22:a9:e6:06:19:2f:7c:f2:e7:0e:48:4b:
         41:3e:b2:36:23:f8:e3:77:0d:a7:9d:3f:e9:64:03:33:6c:40:
         46:6f:5f:b2:58:f3:12:04:7d:7d:d2:8e:e1:b5:c2:f6:b5:da:
         6b:4d:5c:8b:34:e2:9d:a2:59:08:e6:8d:be:8b:4b:6d:af:fe:
         eb:87:d3:2d:96:f0:f3:74:25:39:9c:86:6b:4e:23:8f:39:c0:
         dc:7c:cd:3a:0c:da:dd:1d:42:2b:a6:4f:da:df:cd:18:72:cf:
         e2:58:e4:30:f8:6c:63:f2:1c:cd:d9:6c:e4:7a:f2:c5:72:5d:
         6c:c8:7c:51:cd:47:c4:72:d1:ca:fd:8f:f6:72:59:96:39:7a:
         3b:42:82:49:50:c8:e7:75:09:83:7c:86:5e:18:72:67:46:50:
         67:16:82:a7:b3:2c:4e:d6:87:1b:34:69:26:e2:34:6b:5f:c2:
         4e:5e:da:ea:bc:56:e9:d4:ee:f3:3c:19:43:dd:41:86:dc:b9:
         aa:80:bb:b9:f0:d8:7f:8a:c4:1e:0e:d0:9a:1c:01:fc:31:28:
         16:d6:aa:9e:9a:09:b2:4c:54:39:9c:76:89:b4:2d:15:fd:71:
         9f:f6:05:60:e7:57:96:0e:de:87:46:17:1d:de:a8:cb:51:f7:
         39:e8:9f:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVHe+0+QDSJhY0STu19SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzA2ZmNkYjdlZjA1ODBmNGZmMjAzMmNlZWZmZDI5Yjcw
YWI2MzkwHhcNMjUwMTAyMTU0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ1ODA5MTI3ZDY5YzA3NTY5MGY0OWI4ZDZiMjNkMWI0MGZkOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx49bQOIzx0RkAgw3fTk6kEP+rnnS
SHK47gN5mjfisV7S0fV7m9RsHa1t4lHDg4ty0Lfq0Ixkr+yfH1wuKPlEk/qwYomR
yJKe2FhDwq1U2OIvBK2Z3A6qUOP3k0uLeOdGaCmHa77SLYIHH+QaJ6AjSTGhajiF
Qccc3TxRI9G6KpyqcovCRY96VxrjYxGR7AvfeYX1QpxTu+Qt3BxwB44mBM1tBd6v
J6v65cKj9IxWk++/ucfSXWb8KMWROqeLuzxGLFc3fxPJn6b0AukKQAh6a6hB7Tv5
x8luvp+D0IBhTfdwvhNdFoTpjFXMw0AoW/TmQnAWSZlzp9Mti61Fvuxs/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7VgJEn1pwHVpD0m41rI9G0D9kLMB8GA1UdIwQY
MBaAFLFwb8237wWA9P8gMs7v/Sm3CrY5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hCdnpiZnZCWUQwX3lBeXp1XzlLYmNLdGprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZDI5OTAtZDI4Yy00ZjFhLWI2YmQt
ZTgxY2Q3MDIyNTUzLzEvVHRXQWtTZlduQWRXa1BTYmpXc2owYlFQMlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZDI5OTAtZDI4Yy00ZjFhLWI2YmQtZTgxY2Q3MDIyNTUz
LzEvc1hCdnpiZnZCWUQwX3lBeXp1XzlLYmNLdGprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9KJMA0G
CSqGSIb3DQEBCwUAA4IBAQBvdRQAwK8iqeYGGS988ucOSEtBPrI2I/jjdw2nnT/p
ZAMzbEBGb1+yWPMSBH190o7htcL2tdprTVyLNOKdolkI5o2+i0ttr/7rh9MtlvDz
dCU5nIZrTiOPOcDcfM06DNrdHUIrpk/a380Ycs/iWOQw+Gxj8hzN2WzkevLFcl1s
yHxRzUfEctHK/Y/2clmWOXo7QoJJUMjndQmDfIZeGHJnRlBnFoKnsyxO1ocbNGkm
4jRrX8JOXtrqvFbp1O7zPBlD3UGG3LmqgLu58Nh/isQeDtCaHAH8MSgW1qqemgmy
TFQ5nHaJtC0V/XGf9gVg51eWDt6HRhcd3qjLUfc56J9l
-----END CERTIFICATE-----