Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/sFIXRQJn6gWqFtVA57SXc1bI7fY.roa
File:                     sFIXRQJn6gWqFtVA57SXc1bI7fY.roa (raw, json)
Hash identifier:          t96rDa/4w2snbHkniKh0udHKc89Z39dZL4JpEk5b1qw=
Subject key identifier:   B0:52:17:45:02:67:EA:05:AA:16:D5:40:E7:B4:97:73:56:C8:ED:F6
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       019426D96778719E00ACB6F94BB7B52FC74C
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/sFIXRQJn6gWqFtVA57SXc1bI7fY.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197071
IP address blocks:        81.31.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:67:78:71:9e:00:ac:b6:f9:4b:b7:b5:2f:c7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b05217450267ea05aa16d540e7b4977356c8edf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:90:cf:31:58:0a:de:cc:d6:cf:69:e5:26:9b:
                    9d:fe:67:58:c3:81:c7:b3:a5:70:5b:19:94:12:5a:
                    94:f1:13:d9:47:83:3f:17:73:73:41:77:0b:35:d7:
                    16:41:83:2f:e4:75:3d:a5:b9:05:09:c3:03:65:8b:
                    33:13:8c:61:18:a2:3f:81:0b:1e:48:5b:4f:83:13:
                    84:d9:1c:e9:6c:e1:02:8d:01:f7:70:87:a1:1f:c7:
                    f6:da:28:87:62:7c:bf:a7:67:36:31:8a:c6:58:55:
                    07:07:b6:ed:55:c7:7e:d3:e3:02:34:a0:c7:39:69:
                    57:d5:3e:b4:4c:52:c5:a2:f0:d2:2e:28:21:46:e2:
                    91:af:4a:39:5b:b0:77:c6:b1:bb:bb:58:50:16:5e:
                    de:e2:74:1d:ad:a9:35:a1:10:2f:f8:92:e5:a1:90:
                    d2:31:1a:ff:36:b3:74:87:6b:e5:76:29:4e:85:c0:
                    24:8b:04:5c:6c:11:64:55:15:dc:58:a8:ac:b7:e8:
                    a3:56:a2:b8:10:de:79:f7:f2:06:b9:aa:71:0e:2b:
                    17:b2:af:82:f0:7f:1d:96:bf:b9:31:73:e1:9e:59:
                    13:a1:a4:3b:b4:24:7a:20:39:cb:0f:40:63:25:31:
                    e4:5e:19:e5:bd:f4:04:37:09:a7:02:d5:3c:77:fa:
                    26:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:52:17:45:02:67:EA:05:AA:16:D5:40:E7:B4:97:73:56:C8:ED:F6
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/sFIXRQJn6gWqFtVA57SXc1bI7fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:24:24:38:5b:ff:f7:5b:91:4d:8d:d0:ef:ea:06:1f:55:6b:
         e0:cf:ee:27:24:4a:72:06:31:46:03:79:e3:64:79:69:63:a8:
         b6:6f:6b:14:90:20:96:a9:d4:14:88:ac:0e:b2:86:a1:9b:f2:
         a6:b5:6c:6a:cb:6b:6a:05:8d:b1:d7:1e:0e:d7:c8:a6:6d:37:
         21:be:0b:3e:74:84:d7:34:ad:ce:f2:f3:d1:0c:da:ca:df:95:
         12:9c:64:66:1f:70:fa:07:de:59:89:89:4f:6c:81:37:50:9d:
         14:ba:bd:02:ca:ba:5b:01:0a:f6:84:e0:3c:29:ce:b7:61:3c:
         81:4b:e8:ca:1d:be:de:14:bf:05:55:57:7c:22:f5:20:97:10:
         ca:dd:67:b8:ed:db:99:d5:a7:5a:38:ca:f8:ab:90:dc:c0:79:
         24:93:cf:cb:7d:4e:c5:9e:db:02:29:99:9a:ab:9a:1b:2b:30:
         bd:fc:f8:17:5b:17:f4:6a:1e:32:13:a5:c4:c1:0a:36:6f:71:
         ba:af:93:ce:32:e1:6b:af:8d:2b:36:96:5b:68:2b:46:94:40:
         98:6d:b8:4d:d8:e0:9d:65:6c:22:5b:0e:16:16:45:99:d4:a1:
         b5:fa:bb:1c:45:9d:88:0f:1d:15:84:93:e3:4c:79:0b:91:b2:
         6a:07:4e:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Wd4cZ4ArLb5S7e1L8dMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUyMTc0NTAyNjdlYTA1YWExNmQ1NDBlN2I0OTc3MzU2YzhlZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pDPMVgK3szWz2nlJpud/mdYw4HH
s6VwWxmUElqU8RPZR4M/F3NzQXcLNdcWQYMv5HU9pbkFCcMDZYszE4xhGKI/gQse
SFtPgxOE2RzpbOECjQH3cIehH8f22iiHYny/p2c2MYrGWFUHB7btVcd+0+MCNKDH
OWlX1T60TFLFovDSLighRuKRr0o5W7B3xrG7u1hQFl7e4nQdrak1oRAv+JLloZDS
MRr/NrN0h2vldilOhcAkiwRcbBFkVRXcWKist+ijVqK4EN559/IGuapxDisXsq+C
8H8dlr+5MXPhnlkToaQ7tCR6IDnLD0BjJTHkXhnlvfQENwmnAtU8d/om/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBSF0UCZ+oFqhbVQOe0l3NWyO32MB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvc0ZJWFJRSm42Z1dxRnRWQTU3U1hjMWJJN2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/HMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJCQ4W//3W5FNjdDv6gYfVWvgz+4nJEpyBjFGA3nj
ZHlpY6i2b2sUkCCWqdQUiKwOsoahm/KmtWxqy2tqBY2x1x4O18imbTchvgs+dITX
NK3O8vPRDNrK35USnGRmH3D6B95ZiYlPbIE3UJ0Uur0CyrpbAQr2hOA8Kc63YTyB
S+jKHb7eFL8FVVd8IvUglxDK3We47duZ1adaOMr4q5DcwHkkk8/LfU7FntsCKZma
q5obKzC9/PgXWxf0ah4yE6XEwQo2b3G6r5POMuFrr40rNpZbaCtGlECYbbhN2OCd
ZWwiWw4WFkWZ1KG1+rscRZ2IDx0VhJPjTHkLkbJqB04P
-----END CERTIFICATE-----