Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/5XqYFzJ5Y8xILka0_HhTDS5XWqE.roa
File:                     5XqYFzJ5Y8xILka0_HhTDS5XWqE.roa (raw, json)
Hash identifier:          VBGGT46nhEFLrULxoldSb3gTAfEoZYPP9wxD++V9Dcw=
Subject key identifier:   E5:7A:98:17:32:79:63:CC:48:2E:46:B4:FC:78:53:0D:2E:57:5A:A1
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746ABB4BEC4D74656A2F610136049C7
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/5XqYFzJ5Y8xILka0_HhTDS5XWqE.roa
Signing time:             Thu 02 Jan 2025 13:48:50 +0000
ROA not before:           Thu 02 Jan 2025 13:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206050
IP address blocks:        31.210.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:ab:b4:be:c4:d7:46:56:a2:f6:10:13:60:49:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e57a9817327963cc482e46b4fc78530d2e575aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:c2:d6:d5:b3:33:ff:6c:46:d0:03:4f:2d:
                    5d:a3:83:20:10:09:e4:32:1f:56:1d:10:27:e8:6b:
                    b8:e7:a6:d9:df:68:f8:0d:f0:c0:94:e5:c3:b3:8d:
                    a6:c0:96:4c:f0:e4:62:36:0b:59:21:b3:00:2e:82:
                    a3:63:0e:2b:88:5f:4c:df:1c:ed:8e:56:bd:d4:a8:
                    e7:eb:e1:36:5f:1f:5b:a7:99:f3:fb:17:43:a9:59:
                    14:de:1e:12:9f:b6:48:0d:17:cd:8d:e9:de:5e:69:
                    98:02:93:64:e6:04:a3:8e:cf:16:c5:29:7a:b4:f9:
                    2e:2d:1f:c5:0f:00:b9:9d:ce:48:05:cb:dd:ba:ba:
                    e1:3c:f0:95:e3:20:11:af:fc:8a:d4:da:84:a1:74:
                    e4:10:11:f1:b5:36:31:5f:d3:2c:c8:18:78:9c:e2:
                    bc:bd:a3:7a:c3:1c:07:e7:17:02:53:d9:4f:fd:3f:
                    22:c3:4b:58:c0:4f:00:71:8d:2e:67:ce:a9:0c:ae:
                    15:9b:a8:fb:1f:11:91:d4:56:ca:88:11:70:cd:47:
                    4e:b8:7a:92:f7:9a:0a:12:0e:56:3e:70:1f:67:1d:
                    2a:e5:47:f1:52:74:04:64:73:8a:1f:8a:41:60:c2:
                    7a:a8:a7:89:af:85:26:66:78:16:9d:c3:15:16:2c:
                    80:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7A:98:17:32:79:63:CC:48:2E:46:B4:FC:78:53:0D:2E:57:5A:A1
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/5XqYFzJ5Y8xILka0_HhTDS5XWqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:22:4a:9c:57:59:fb:56:cd:b8:89:64:a4:69:46:bd:7f:4f:
         b8:5b:f1:3e:fb:54:36:67:81:93:d5:94:16:4a:a7:81:8e:f4:
         83:ac:ed:18:f0:9d:e3:5b:1d:41:13:d9:41:3a:c7:e4:75:bf:
         87:3b:04:98:42:47:35:25:85:ab:d9:44:fa:6e:58:11:a4:fc:
         eb:ae:65:67:17:22:e3:ce:ab:0c:35:07:ad:57:7e:ac:c2:65:
         47:dc:d7:d2:fb:9c:25:36:07:f7:f1:c3:f5:9f:cc:9a:02:48:
         8c:68:8a:d1:fd:4a:81:42:9d:94:82:29:3c:6b:9f:c7:48:2c:
         1e:c1:bc:ed:0d:a7:4e:f7:78:b3:91:29:0e:d2:a7:40:a3:69:
         6f:4d:cd:3c:48:ae:99:10:ff:87:4f:c6:6f:91:d0:ad:d8:5c:
         7d:71:88:50:8b:96:da:ee:e2:5b:ca:21:84:51:4b:f5:f4:bf:
         0b:58:5b:dd:76:30:d9:82:6f:14:cb:f1:07:d8:f0:85:d0:c6:
         42:27:8f:ae:15:cf:2e:56:52:ca:3a:18:5f:d0:ff:62:5f:5f:
         f9:51:b2:7a:fe:16:91:a9:79:99:d4:cf:63:1e:af:65:80:17:
         d7:a3:88:34:66:cb:a6:7a:33:78:22:51:19:8a:8c:85:56:f8:
         35:08:00:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRqu0vsTXRlai9hATYEnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdhOTgxNzMyNzk2M2NjNDgyZTQ2YjRmYzc4NTMwZDJlNTc1YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1PC1tWzM/9sRtADTy1do4MgEAnk
Mh9WHRAn6Gu456bZ32j4DfDAlOXDs42mwJZM8ORiNgtZIbMALoKjYw4riF9M3xzt
jla91Kjn6+E2Xx9bp5nz+xdDqVkU3h4Sn7ZIDRfNjeneXmmYApNk5gSjjs8WxSl6
tPkuLR/FDwC5nc5IBcvdurrhPPCV4yARr/yK1NqEoXTkEBHxtTYxX9MsyBh4nOK8
vaN6wxwH5xcCU9lP/T8iw0tYwE8AcY0uZ86pDK4Vm6j7HxGR1FbKiBFwzUdOuHqS
95oKEg5WPnAfZx0q5UfxUnQEZHOKH4pBYMJ6qKeJr4UmZngWncMVFiyAywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV6mBcyeWPMSC5GtPx4Uw0uV1qhMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNVhxWUZ6SjVZOHhJTGthMF9IaFREUzVYV3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9I2MA0G
CSqGSIb3DQEBCwUAA4IBAQACIkqcV1n7Vs24iWSkaUa9f0+4W/E++1Q2Z4GT1ZQW
SqeBjvSDrO0Y8J3jWx1BE9lBOsfkdb+HOwSYQkc1JYWr2UT6blgRpPzrrmVnFyLj
zqsMNQetV36swmVH3NfS+5wlNgf38cP1n8yaAkiMaIrR/UqBQp2Ugik8a5/HSCwe
wbztDadO93izkSkO0qdAo2lvTc08SK6ZEP+HT8ZvkdCt2Fx9cYhQi5ba7uJbyiGE
UUv19L8LWFvddjDZgm8Uy/EH2PCF0MZCJ4+uFc8uVlLKOhhf0P9iX1/5UbJ6/haR
qXmZ1M9jHq9lgBfXo4g0ZsumejN4IlEZioyFVvg1CADe
-----END CERTIFICATE-----