Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/QXAOgVo6_2zTnQv3OVwZF0NH3Qk.roa
File:                     QXAOgVo6_2zTnQv3OVwZF0NH3Qk.roa (raw, json)
Hash identifier:          qvvSuO8bSbdvyddZzenHZGuHtMFZQca3XACizaJBNmk=
Subject key identifier:   41:70:0E:81:5A:3A:FF:6C:D3:9D:0B:F7:39:5C:19:17:43:47:DD:09
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746B1D186F93C57CD91E4F72C08A06A
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/QXAOgVo6_2zTnQv3OVwZF0NH3Qk.roa
Signing time:             Thu 02 Jan 2025 13:48:51 +0000
ROA not before:           Thu 02 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208745
IP address blocks:        31.210.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:b1:d1:86:f9:3c:57:cd:91:e4:f7:2c:08:a0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41700e815a3aff6cd39d0bf7395c19174347dd09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1e:8f:1d:a9:1f:b4:52:53:b4:64:31:bf:cc:
                    d0:ec:df:40:14:08:32:4d:4a:7d:d2:f3:08:e6:d8:
                    a9:40:7e:5d:76:22:82:0d:7f:3e:7f:75:dc:7c:c8:
                    c0:c8:02:22:e3:e7:ac:ab:bb:d7:e6:fa:6b:d5:e1:
                    83:5e:30:00:4b:3e:72:3f:38:3b:af:92:4a:9f:7f:
                    98:0c:c4:90:64:09:79:a7:bf:fb:47:d5:73:47:a5:
                    71:de:cd:a5:dc:24:56:38:80:b8:27:a4:c2:26:96:
                    3f:6e:d6:3e:28:a5:b4:62:ce:dc:07:e5:86:69:fa:
                    c1:20:72:1b:4f:ac:13:43:fb:d9:d7:95:78:05:3c:
                    2a:aa:0b:a3:c8:58:68:3b:e2:d6:69:76:09:be:27:
                    25:50:9d:2e:8b:5d:7f:b8:de:8f:71:38:4e:a8:42:
                    8a:51:8a:80:d0:5b:78:61:c2:ba:cd:ed:d0:92:f5:
                    83:bf:b2:88:a6:94:36:e0:9d:33:6e:28:98:9f:25:
                    8d:5f:af:19:1d:38:4d:68:25:8d:5b:16:1c:3e:9e:
                    99:c7:c2:c9:7b:9f:73:00:ed:f4:cd:e2:45:ea:ce:
                    e2:9d:2a:00:b1:f6:82:fd:31:03:53:e3:45:5b:6e:
                    6d:2f:f4:27:32:b6:43:23:bc:63:3c:6c:4d:4e:a5:
                    4b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:70:0E:81:5A:3A:FF:6C:D3:9D:0B:F7:39:5C:19:17:43:47:DD:09
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/QXAOgVo6_2zTnQv3OVwZF0NH3Qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:09:ff:01:e7:48:24:e8:18:39:13:d4:a5:84:b2:69:d0:68:
         a2:98:3e:1c:9b:80:a5:c8:a1:6e:6a:e5:49:46:cf:13:67:b2:
         2a:83:ae:a0:09:45:bb:d8:4e:58:ad:79:23:52:27:88:7f:03:
         e2:15:71:68:d8:78:00:35:90:39:4d:a9:f9:0d:aa:85:46:3c:
         ea:ee:8b:e6:ac:18:61:8f:1a:d2:2a:44:55:10:e3:6d:5a:fc:
         62:43:82:90:2b:4f:5c:9e:63:a3:4e:8e:07:5b:c3:b9:09:04:
         7d:68:f4:8a:81:a9:2b:d1:97:ea:fb:0f:5d:c3:88:0a:78:e6:
         da:78:57:ca:88:a1:25:0f:33:bb:f2:45:e7:a7:af:c7:9c:ab:
         86:27:00:12:01:f8:da:fb:9c:3a:9e:d6:33:9b:d0:fa:db:90:
         93:55:db:3c:05:cc:26:4b:1b:49:1a:d0:cd:c4:a4:cf:2a:c2:
         00:e0:0b:8c:be:1d:cd:36:ce:8e:7a:d2:23:92:6c:79:66:5f:
         de:fd:ef:15:13:44:b1:69:41:0d:7e:c4:e5:4d:37:fb:81:54:
         f8:fd:23:22:2c:3f:a5:3a:3e:a9:ba:27:f5:b6:9b:6f:fa:ef:
         01:a0:a0:86:ad:ef:7e:24:39:4f:1d:27:94:09:e8:22:de:86:
         e3:ee:c1:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRrHRhvk8V82R5PcsCKBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcwMGU4MTVhM2FmZjZjZDM5ZDBiZjczOTVjMTkxNzQzNDdkZDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx6PHakftFJTtGQxv8zQ7N9AFAgy
TUp90vMI5tipQH5ddiKCDX8+f3XcfMjAyAIi4+esq7vX5vpr1eGDXjAASz5yPzg7
r5JKn3+YDMSQZAl5p7/7R9VzR6Vx3s2l3CRWOIC4J6TCJpY/btY+KKW0Ys7cB+WG
afrBIHIbT6wTQ/vZ15V4BTwqqgujyFhoO+LWaXYJviclUJ0ui11/uN6PcThOqEKK
UYqA0Ft4YcK6ze3QkvWDv7KIppQ24J0zbiiYnyWNX68ZHThNaCWNWxYcPp6Zx8LJ
e59zAO30zeJF6s7inSoAsfaC/TEDU+NFW25tL/QnMrZDI7xjPGxNTqVLRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFwDoFaOv9s050L9zlcGRdDR90JMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvUVhBT2dWbzZfMnpUblF2M09Wd1pGME5IM1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9ImMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Cf8B50gk6Bg5E9SlhLJp0GiimD4cm4ClyKFuauVJ
Rs8TZ7Iqg66gCUW72E5YrXkjUieIfwPiFXFo2HgANZA5Tan5DaqFRjzq7ovmrBhh
jxrSKkRVEONtWvxiQ4KQK09cnmOjTo4HW8O5CQR9aPSKgakr0Zfq+w9dw4gKeOba
eFfKiKElDzO78kXnp6/HnKuGJwASAfja+5w6ntYzm9D625CTVds8BcwmSxtJGtDN
xKTPKsIA4AuMvh3NNs6OetIjkmx5Zl/e/e8VE0SxaUENfsTlTTf7gVT4/SMiLD+l
Oj6puif1tptv+u8BoKCGre9+JDlPHSeUCegi3obj7sFv
-----END CERTIFICATE-----