Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O9TKyCM1SxI4k-XZ6y2iWUW7itE.roa
File:                     O9TKyCM1SxI4k-XZ6y2iWUW7itE.roa (raw, json)
Hash identifier:          lBXRLMDJzQk9bh/Zs5rv5y83THj0LWgNKmDtG/19+xM=
Subject key identifier:   3B:D4:CA:C8:23:35:4B:12:38:93:E5:D9:EB:2D:A2:59:45:BB:8A:D1
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FE94B86A705D94274972EF7AFD77E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O9TKyCM1SxI4k-XZ6y2iWUW7itE.roa
Signing time:             Thu 02 Jan 2025 05:49:35 +0000
ROA not before:           Thu 02 Jan 2025 05:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201469
IP address blocks:        31.148.21.0/24 maxlen: 24
                          31.148.31.0/24 maxlen: 24
                          95.46.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:e9:4b:86:a7:05:d9:42:74:97:2e:f7:af:d7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bd4cac823354b123893e5d9eb2da25945bb8ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:03:a2:91:1c:41:f9:d5:db:ac:f8:c2:ff:ab:
                    d8:2c:ce:e5:c0:c6:7c:8e:a8:a6:05:f9:98:3c:99:
                    f0:36:34:96:64:35:ed:f2:15:4f:09:a4:45:1a:17:
                    0e:11:b1:64:d0:69:f4:f4:54:95:42:fa:b8:23:bd:
                    b8:f8:0e:88:40:29:fe:0a:d8:e4:9d:60:81:1a:5a:
                    12:b9:93:72:d3:e7:5a:5a:6d:03:50:5d:58:d4:33:
                    27:27:38:f4:30:ae:6e:1e:eb:c7:a1:9a:00:d4:75:
                    f6:f1:64:a4:3c:d3:b2:4c:ed:ff:49:d0:6c:d0:95:
                    74:bd:3c:1f:bf:25:9e:2f:d5:1e:34:35:55:3e:1e:
                    9a:d3:4a:fb:36:8f:6a:4d:08:96:8e:67:de:bd:21:
                    82:e4:d3:31:57:cb:34:5c:35:6d:b6:ff:13:33:6b:
                    0b:55:21:6b:33:cb:8d:b4:46:51:eb:cc:83:a3:b9:
                    43:aa:75:db:97:b0:31:9d:62:35:52:56:1f:3a:87:
                    62:a2:52:2a:e3:26:3e:e7:44:6e:af:0e:97:ea:0b:
                    a0:05:63:51:7a:cb:7e:aa:2b:24:19:84:89:a7:0d:
                    08:3c:12:33:90:cc:13:b0:9d:6d:db:7a:fb:dd:8b:
                    7d:fc:3d:94:50:40:e4:a2:e9:f5:1b:61:f7:d0:4c:
                    ce:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D4:CA:C8:23:35:4B:12:38:93:E5:D9:EB:2D:A2:59:45:BB:8A:D1
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O9TKyCM1SxI4k-XZ6y2iWUW7itE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.21.0/24
                  31.148.31.0/24
                  95.46.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e2:d2:57:ed:52:40:6e:7f:f1:e2:8a:97:63:99:6e:6a:7d:
         67:d8:0e:ef:f5:02:0b:70:2d:a1:12:da:c7:4c:ef:87:37:23:
         b4:6a:f9:7e:a5:d0:be:5a:84:8e:20:1f:bf:89:d0:29:4d:d2:
         3d:60:5e:ec:04:ce:ec:f7:d5:a8:13:4c:0e:a0:a6:c2:3e:a9:
         b8:40:6f:77:5e:11:6a:d2:60:b7:80:ed:e8:70:40:6c:fd:3b:
         d5:4d:8c:51:6f:d9:e9:66:f4:90:b6:b2:d1:91:1e:5a:e1:50:
         77:e6:93:ce:9a:30:bf:4e:6a:36:7d:7b:07:d4:7a:98:bb:12:
         87:fe:98:d8:bd:fa:88:87:a2:19:9c:6e:dd:b8:71:0d:c8:86:
         77:11:32:4a:da:50:5c:86:44:0e:cd:40:49:3a:fb:55:d5:5f:
         4c:84:88:31:f5:3c:56:3b:29:7b:d3:23:a8:20:b7:b5:5f:f0:
         4a:ee:fa:63:a8:42:b1:27:32:01:33:eb:3f:cb:56:06:2f:41:
         33:78:cf:74:f4:9b:81:7f:f5:b7:4e:12:f3:cf:0e:19:f0:c3:
         18:0a:48:49:37:1b:47:22:03:c5:f8:df:23:71:0d:2b:68:f5:
         30:71:94:3e:cd:79:26:4e:b6:be:23:9f:78:53:bf:10:c6:94:
         38:12:f3:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlj+lLhqcF2UJ0ly73r9d+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ0Y2FjODIzMzU0YjEyMzg5M2U1ZDllYjJkYTI1OTQ1YmI4YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQOikRxB+dXbrPjC/6vYLM7lwMZ8
jqimBfmYPJnwNjSWZDXt8hVPCaRFGhcOEbFk0Gn09FSVQvq4I724+A6IQCn+Ctjk
nWCBGloSuZNy0+daWm0DUF1Y1DMnJzj0MK5uHuvHoZoA1HX28WSkPNOyTO3/SdBs
0JV0vTwfvyWeL9UeNDVVPh6a00r7No9qTQiWjmfevSGC5NMxV8s0XDVttv8TM2sL
VSFrM8uNtEZR68yDo7lDqnXbl7AxnWI1UlYfOodiolIq4yY+50Rurw6X6gugBWNR
est+qiskGYSJpw0IPBIzkMwTsJ1t23r73Yt9/D2UUEDkoun1G2H30EzOvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDvUysgjNUsSOJPl2estollFu4rRMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTzlUS3lDTTFTeEk0ay1YWjZ5MmlXVVc3aXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH5QVAwQA
H5QfAwQAXy4EMA0GCSqGSIb3DQEBCwUAA4IBAQCE4tJX7VJAbn/x4oqXY5luan1n
2A7v9QILcC2hEtrHTO+HNyO0avl+pdC+WoSOIB+/idApTdI9YF7sBM7s99WoE0wO
oKbCPqm4QG93XhFq0mC3gO3ocEBs/TvVTYxRb9npZvSQtrLRkR5a4VB35pPOmjC/
Tmo2fXsH1HqYuxKH/pjYvfqIh6IZnG7duHENyIZ3ETJK2lBchkQOzUBJOvtV1V9M
hIgx9TxWOyl70yOoILe1X/BK7vpjqEKxJzIBM+s/y1YGL0EzeM909JuBf/W3ThLz
zw4Z8MMYCkhJNxtHIgPF+N8jcQ0raPUwcZQ+zXkmTra+I594U78QxpQ4EvOh
-----END CERTIFICATE-----