Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PQp3coOCI-Ar07i-1yccyDiCUu8.roa
File:                     PQp3coOCI-Ar07i-1yccyDiCUu8.roa (raw, json)
Hash identifier:          hQbYcqBbDxBmbwBN1A8W5CQgQ77r9Cz1j3NQoEoCalk=
Subject key identifier:   3D:0A:77:72:83:82:23:E0:2B:D3:B8:BE:D7:27:1C:C8:38:82:52:EF
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FCE51BB5EC96C23217FFA3685B431
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PQp3coOCI-Ar07i-1yccyDiCUu8.roa
Signing time:             Thu 02 Jan 2025 05:49:28 +0000
ROA not before:           Thu 02 Jan 2025 05:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60028
IP address blocks:        31.148.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ce:51:bb:5e:c9:6c:23:21:7f:fa:36:85:b4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d0a7772838223e02bd3b8bed7271cc8388252ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:a3:98:aa:da:21:3b:3f:68:e7:fe:50:d1:
                    8e:4c:25:09:f5:ef:11:4a:a8:d4:5d:a0:8d:13:bb:
                    13:f4:bf:16:bc:82:1f:ab:88:15:e5:67:ce:8d:af:
                    72:14:23:8e:ad:cb:90:84:d6:70:50:7f:f0:fc:50:
                    52:c7:61:75:7d:37:c4:98:a5:f8:93:b4:e1:37:98:
                    ef:c5:6a:a4:ca:b6:ec:70:bf:3b:66:73:8b:04:d2:
                    09:1c:c5:04:85:01:98:47:d5:e3:6e:82:06:43:9e:
                    07:0e:51:68:d2:e6:97:05:2f:db:c7:13:d1:24:0b:
                    30:a9:56:a2:29:2f:f8:1d:96:5b:59:74:37:07:98:
                    c2:73:37:dd:3c:38:fc:4c:6c:62:b0:a5:06:54:9f:
                    ef:35:e9:d8:61:6e:9d:34:17:5b:cb:a3:47:6b:d8:
                    82:f2:69:58:c5:ea:c1:2c:7f:24:ad:17:8e:b9:21:
                    a6:c9:02:45:32:4a:8d:68:24:01:4a:7a:d8:3f:39:
                    f4:58:61:e9:98:a7:d8:54:a6:bb:f5:b2:3b:61:ee:
                    2e:01:56:4a:91:69:57:8f:b0:64:46:8e:e4:24:46:
                    84:71:46:99:88:66:1f:a5:b1:ff:e2:63:88:1e:ef:
                    29:81:19:dc:72:33:5b:74:7f:93:cd:37:91:d7:2c:
                    08:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0A:77:72:83:82:23:E0:2B:D3:B8:BE:D7:27:1C:C8:38:82:52:EF
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PQp3coOCI-Ar07i-1yccyDiCUu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:15:d8:0a:4b:de:8d:67:52:d2:ad:08:dd:e2:9d:15:f6:d6:
         b8:fc:d4:cd:4d:58:3f:3a:cc:07:11:ec:b6:23:2f:80:e0:52:
         7e:ee:42:0a:23:f9:f5:9d:c8:cb:99:a3:7e:56:e9:f7:a8:ef:
         83:d0:19:ea:63:5e:70:1c:70:20:21:1d:72:fb:2c:a9:75:9e:
         f6:2d:73:3c:bb:32:c7:82:01:c5:42:ea:37:1b:63:23:b9:ba:
         05:1a:51:92:40:f7:af:3a:c4:12:81:bc:1d:93:40:a5:0f:d3:
         f8:fc:14:d4:ca:e6:ee:da:e3:f9:1a:53:9e:e4:7c:5e:3b:fc:
         c3:cf:f9:0a:4e:cb:7c:85:b3:bd:33:ae:23:2e:c9:58:76:e1:
         aa:3c:dd:c5:c4:98:53:83:8d:b4:55:73:bc:0e:ff:33:44:ef:
         a6:87:e6:f1:0d:ea:5c:72:b1:04:6e:db:30:37:0f:77:a7:63:
         62:03:da:ac:f0:02:f3:8f:d9:ee:06:74:ee:f8:8f:d8:8f:b4:
         09:8f:9b:08:a0:2f:a3:06:47:54:cf:07:41:e5:71:4c:e4:56:
         8e:41:4a:95:65:af:c2:69:15:79:5d:1b:1d:7a:4e:29:13:35:
         54:e4:9b:16:3b:1d:c6:6d:65:28:d2:7d:a1:73:13:c2:65:7d:
         f6:1f:6a:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj85Ru17JbCMhf/o2hbQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBhNzc3MjgzODIyM2UwMmJkM2I4YmVkNzI3MWNjODM4ODI1MmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJqjmKraITs/aOf+UNGOTCUJ9e8R
SqjUXaCNE7sT9L8WvIIfq4gV5WfOja9yFCOOrcuQhNZwUH/w/FBSx2F1fTfEmKX4
k7ThN5jvxWqkyrbscL87ZnOLBNIJHMUEhQGYR9XjboIGQ54HDlFo0uaXBS/bxxPR
JAswqVaiKS/4HZZbWXQ3B5jCczfdPDj8TGxisKUGVJ/vNenYYW6dNBdby6NHa9iC
8mlYxerBLH8krReOuSGmyQJFMkqNaCQBSnrYPzn0WGHpmKfYVKa79bI7Ye4uAVZK
kWlXj7BkRo7kJEaEcUaZiGYfpbH/4mOIHu8pgRnccjNbdH+TzTeR1ywIrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0Kd3KDgiPgK9O4vtcnHMg4glLvMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUFFwM2NvT0NJLUFyMDdpLTF5Y2N5RGlDVXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5QEMA0G
CSqGSIb3DQEBCwUAA4IBAQBJFdgKS96NZ1LSrQjd4p0V9ta4/NTNTVg/OswHEey2
Iy+A4FJ+7kIKI/n1ncjLmaN+Vun3qO+D0BnqY15wHHAgIR1y+yypdZ72LXM8uzLH
ggHFQuo3G2MjuboFGlGSQPevOsQSgbwdk0ClD9P4/BTUyubu2uP5GlOe5HxeO/zD
z/kKTst8hbO9M64jLslYduGqPN3FxJhTg420VXO8Dv8zRO+mh+bxDepccrEEbtsw
Nw93p2NiA9qs8ALzj9nuBnTu+I/Yj7QJj5sIoC+jBkdUzwdB5XFM5FaOQUqVZa/C
aRV5XRsdek4pEzVU5JsWOx3GbWUo0n2hcxPCZX32H2oh
-----END CERTIFICATE-----