Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/3lPRro5fMsXxYuW-hKXrt5HlTo4.roa
File:                     3lPRro5fMsXxYuW-hKXrt5HlTo4.roa (raw, json)
Hash identifier:          DuXt+VcN5cXAHGtGx0Qm+zdCVxsi9h5/RSKUTcxydqs=
Subject key identifier:   DE:53:D1:AE:8E:5F:32:C5:F1:62:E5:BE:84:A5:EB:B7:91:E5:4E:8E
Certificate issuer:       /CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
Certificate serial:       0194221FAF36438E5C1E2A98571A07E4D220
Authority key identifier: 95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/3lPRro5fMsXxYuW-hKXrt5HlTo4.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43754
IP address blocks:        31.216.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:af:36:43:8e:5c:1e:2a:98:57:1a:07:e4:d2:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de53d1ae8e5f32c5f162e5be84a5ebb791e54e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:4f:50:9d:d4:c5:a3:68:19:0e:bb:59:07:60:
                    73:02:4b:08:17:78:23:bc:2b:6c:5b:14:63:72:36:
                    dd:b2:b4:f1:7f:4b:38:9e:55:0e:1e:70:3f:3a:cc:
                    f6:92:e7:59:00:fc:ea:4c:bb:bf:5e:29:9d:7f:e8:
                    82:b6:a8:90:a7:31:f0:c6:7f:f3:d5:73:a6:c9:15:
                    79:2d:87:f8:3e:31:71:82:87:87:bc:81:08:cb:5f:
                    c8:1e:12:63:b5:02:55:01:dc:38:87:c9:6e:be:89:
                    5e:ea:62:c7:be:cd:f6:37:7a:2d:0d:73:ce:a6:f3:
                    35:54:79:f2:68:f8:da:35:5a:65:5e:be:d1:36:d3:
                    d8:4c:73:0d:6b:45:84:2d:92:84:e6:3f:ad:29:89:
                    4f:53:36:66:f8:06:1e:d7:41:a0:4f:fc:87:4a:02:
                    80:45:d9:79:09:af:32:2f:5f:7e:a2:37:63:77:3f:
                    4a:50:a1:a2:09:de:0e:a8:72:e2:14:18:a5:b1:80:
                    bc:1b:41:8a:b7:42:76:30:05:50:43:fb:45:36:f9:
                    6f:97:ee:1d:92:94:13:0e:c5:e4:a3:60:30:41:28:
                    1e:8c:13:f0:78:2e:22:38:fc:c3:26:8f:78:39:52:
                    b8:a7:b2:f4:a6:22:85:7c:54:72:7f:59:f3:a7:b2:
                    57:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:53:D1:AE:8E:5F:32:C5:F1:62:E5:BE:84:A5:EB:B7:91:E5:4E:8E
            X509v3 Authority Key Identifier:
                keyid:95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/3lPRro5fMsXxYuW-hKXrt5HlTo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d8:62:13:d4:19:06:c2:4b:ad:f3:a7:6e:cf:bb:cb:92:8e:
         e2:9c:7a:4b:97:c0:91:ba:ed:f2:2b:e0:b8:d7:e4:70:3d:cc:
         6b:1b:0b:81:ee:27:9b:4e:66:10:6e:db:c2:70:03:a7:ac:3d:
         c8:3c:69:b4:60:3a:eb:f4:9e:28:29:38:12:4d:dd:e0:1e:c2:
         e4:17:83:24:2f:e4:ff:b2:a9:9a:73:ac:cb:ab:58:f2:23:03:
         3c:81:73:85:00:2c:81:7d:2d:58:e5:0e:58:44:3f:5b:fb:df:
         95:a6:69:58:4f:ad:7d:94:ba:53:4f:cf:1e:d4:5a:17:dd:58:
         b0:af:06:0d:09:e2:d8:fd:a0:02:8a:d4:83:c9:0e:4c:d9:36:
         e6:9c:8a:98:f8:75:82:ec:fa:6e:d7:2d:24:70:e6:ee:be:1b:
         34:f8:a0:f9:8f:b8:6f:2c:5c:2e:36:73:a6:94:93:72:fa:a4:
         90:5b:10:b7:79:35:a3:e2:97:d1:b9:4b:fc:40:be:60:8d:93:
         fb:8d:20:16:97:a5:da:a7:3d:9a:84:e4:41:8c:a3:0c:5b:12:
         eb:88:52:05:bd:13:34:28:07:58:bc:d7:f9:a5:e4:6c:68:86:
         7a:5d:3b:1c:b3:cd:3c:7c:6e:00:e7:0e:d2:6c:ab:2c:ed:40:
         3e:d6:be:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH682Q45cHiqYVxoH5NIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NjhjNjAwNWIyODQwYWI3YmY4YTNhZDcyYTE3NTFkMGRi
MjliOWMwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTUzZDFhZThlNWYzMmM1ZjE2MmU1YmU4NGE1ZWJiNzkxZTU0ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8E9QndTFo2gZDrtZB2BzAksIF3gj
vCtsWxRjcjbdsrTxf0s4nlUOHnA/Osz2kudZAPzqTLu/Ximdf+iCtqiQpzHwxn/z
1XOmyRV5LYf4PjFxgoeHvIEIy1/IHhJjtQJVAdw4h8luvole6mLHvs32N3otDXPO
pvM1VHnyaPjaNVplXr7RNtPYTHMNa0WELZKE5j+tKYlPUzZm+AYe10GgT/yHSgKA
Rdl5Ca8yL19+ojdjdz9KUKGiCd4OqHLiFBilsYC8G0GKt0J2MAVQQ/tFNvlvl+4d
kpQTDsXko2AwQSgejBPweC4iOPzDJo94OVK4p7L0piKFfFRyf1nzp7JXUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5T0a6OXzLF8WLlvoSl67eR5U6OMB8GA1UdIwQY
MBaAFJVoxgBbKECre/ijrXKhdR0NspucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEt
M2E1ZTE4ZDAwZGRjLzEvM2xQUnJvNWZNc1h4WXVXLWhLWHJ0NUhsVG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEtM2E1ZTE4ZDAwZGRj
LzEvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9g+MA0G
CSqGSIb3DQEBCwUAA4IBAQCH2GIT1BkGwkut86duz7vLko7inHpLl8CRuu3yK+C4
1+RwPcxrGwuB7iebTmYQbtvCcAOnrD3IPGm0YDrr9J4oKTgSTd3gHsLkF4MkL+T/
sqmac6zLq1jyIwM8gXOFACyBfS1Y5Q5YRD9b+9+VpmlYT619lLpTT88e1FoX3Viw
rwYNCeLY/aACitSDyQ5M2TbmnIqY+HWC7Ppu1y0kcObuvhs0+KD5j7hvLFwuNnOm
lJNy+qSQWxC3eTWj4pfRuUv8QL5gjZP7jSAWl6Xapz2ahORBjKMMWxLriFIFvRM0
KAdYvNf5peRsaIZ6XTscs808fG4A5w7SbKss7UA+1r7R
-----END CERTIFICATE-----