Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/QZsEzF5Uanou3frIfzrz7sXtIzk.roa
File:                     QZsEzF5Uanou3frIfzrz7sXtIzk.roa (raw, json)
Hash identifier:          6qhVEn0UXh14a1V5qFmAi7r1Lf/LN44JR4TpHEtpYIQ=
Subject key identifier:   41:9B:04:CC:5E:54:6A:7A:2E:DD:FA:C8:7F:3A:F3:EE:C5:ED:23:39
Certificate issuer:       /CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
Certificate serial:       019427488C828E0724AB0A15FB2F8DCB697A
Authority key identifier: 5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/QZsEzF5Uanou3frIfzrz7sXtIzk.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        31.15.16.0/24 maxlen: 24
                          31.15.17.0/24 maxlen: 24
                          31.15.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:82:8e:07:24:ab:0a:15:fb:2f:8d:cb:69:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=419b04cc5e546a7a2eddfac87f3af3eec5ed2339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c2:d6:cd:50:ca:2d:b1:aa:c7:a9:6f:95:38:
                    dd:80:85:8f:a2:d3:cf:2b:95:48:55:f2:87:76:b1:
                    ea:38:02:05:80:f4:d6:46:78:81:9a:51:50:ac:0c:
                    97:17:f7:bf:16:91:c0:19:47:60:93:76:f7:ed:42:
                    c7:56:7f:ac:80:6f:08:4d:0d:5d:70:ea:09:4b:96:
                    15:47:7f:0d:bd:bf:40:95:47:f7:08:70:fc:58:ad:
                    8c:38:37:08:a3:8e:22:ff:c5:22:f4:d9:99:d6:f0:
                    8b:01:2e:2b:d3:b8:a3:06:f7:64:bd:d4:1c:d3:36:
                    37:52:fc:d3:58:6d:c7:e6:0b:49:2b:a7:07:e7:12:
                    04:7c:50:76:7c:7e:39:c5:de:ba:50:e8:61:f5:e2:
                    ee:76:29:a8:1e:ce:25:d2:92:2e:44:27:4b:f3:ef:
                    9c:3d:cd:b3:f0:24:74:c7:5a:5b:43:34:88:7c:8d:
                    e8:f2:9d:0e:0c:e0:4b:d9:75:af:5d:52:f4:8f:65:
                    21:d8:d2:46:1c:96:aa:ea:54:b7:9f:72:51:b0:49:
                    76:9c:13:d6:0e:1b:a9:64:db:cc:a6:2d:0a:e8:ff:
                    3e:e3:e2:ce:b3:23:e4:08:e5:f1:15:ac:d7:2d:2e:
                    64:2a:f7:a0:94:24:6a:ae:a5:ac:74:66:7b:b7:99:
                    2f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9B:04:CC:5E:54:6A:7A:2E:DD:FA:C8:7F:3A:F3:EE:C5:ED:23:39
            X509v3 Authority Key Identifier:
                keyid:5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/QZsEzF5Uanou3frIfzrz7sXtIzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.16.0-31.15.18.255

    Signature Algorithm: sha256WithRSAEncryption
         13:cc:41:9c:d9:71:6f:38:a5:b6:71:70:25:82:f1:f5:c0:ef:
         1d:24:94:ea:14:ad:35:56:e3:e7:6a:ef:2a:89:d5:b1:6b:31:
         e9:98:1e:fd:a5:81:02:f8:11:a5:56:60:5d:40:d0:a0:ff:7d:
         b0:ca:0e:ec:3e:21:27:fd:9f:55:b6:b2:cb:4f:e0:5c:be:fd:
         b8:a2:ef:e4:f3:48:ea:86:5d:f5:b5:ee:d6:ec:10:1d:b3:2b:
         37:02:9a:5a:7e:cd:75:bb:28:b4:c2:b7:7e:4c:4a:31:af:bd:
         5f:fa:51:47:0a:18:74:73:82:71:e9:bd:1f:9e:8d:63:19:ca:
         97:06:a3:63:0e:09:fb:e7:fc:ca:b3:ed:b7:46:74:73:e2:8e:
         50:5c:8a:aa:92:85:91:b3:d2:2b:ce:13:41:2d:b9:e9:14:81:
         58:97:9a:10:de:11:0f:c5:d2:8d:38:9a:8c:1e:37:8d:c0:89:
         53:1d:37:bf:37:f4:de:9e:4a:36:f3:e2:fb:ba:11:cd:6d:56:
         5d:0a:12:cd:de:62:c6:25:e1:f5:22:cc:86:ea:ad:89:a1:5c:
         18:72:db:ab:8c:82:d1:68:d5:b8:da:a1:6a:e7:fc:db:f2:9d:
         71:d1:1f:81:c3:f5:d8:2c:d0:7c:dc:4f:27:c9:41:78:ef:cd:
         b0:a5:e5:05
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnSIyCjgckqwoV+y+Ny2l6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWUwNTFhOTM5MDFlY2MwMTc0NDA3OWFhNGFjMmZiMDc3
YjlmYzEwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTliMDRjYzVlNTQ2YTdhMmVkZGZhYzg3ZjNhZjNlZWM1ZWQyMzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8LWzVDKLbGqx6lvlTjdgIWPotPP
K5VIVfKHdrHqOAIFgPTWRniBmlFQrAyXF/e/FpHAGUdgk3b37ULHVn+sgG8ITQ1d
cOoJS5YVR38Nvb9AlUf3CHD8WK2MODcIo44i/8Ui9NmZ1vCLAS4r07ijBvdkvdQc
0zY3UvzTWG3H5gtJK6cH5xIEfFB2fH45xd66UOhh9eLudimoHs4l0pIuRCdL8++c
Pc2z8CR0x1pbQzSIfI3o8p0ODOBL2XWvXVL0j2Uh2NJGHJaq6lS3n3JRsEl2nBPW
DhupZNvMpi0K6P8+4+LOsyPkCOXxFazXLS5kKveglCRqrqWsdGZ7t5kvOQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEGbBMxeVGp6Lt36yH868+7F7SM5MB8GA1UdIwQY
MBaAFFvuBRqTkB7MAXRAeapKwvsHe5/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjIt
YTUyYTg3OTVkOTU2LzEvUVpzRXpGNVVhbm91M2ZySWZ6cno3c1h0SXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjItYTUyYTg3OTVkOTU2
LzEvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAQfDxAD
BAAfDxIwDQYJKoZIhvcNAQELBQADggEBABPMQZzZcW84pbZxcCWC8fXA7x0klOoU
rTVW4+dq7yqJ1bFrMemYHv2lgQL4EaVWYF1A0KD/fbDKDuw+ISf9n1W2sstP4Fy+
/bii7+TzSOqGXfW17tbsEB2zKzcCmlp+zXW7KLTCt35MSjGvvV/6UUcKGHRzgnHp
vR+ejWMZypcGo2MOCfvn/Mqz7bdGdHPijlBciqqShZGz0ivOE0EtuekUgViXmhDe
EQ/F0o04moweN43AiVMdN7839N6eSjbz4vu6Ec1tVl0KEs3eYsYl4fUizIbqrYmh
XBhy26uMgtFo1bjaoWrn/NvynXHRH4HD9dgs0HzcTyfJQXjvzbCl5QU=
-----END CERTIFICATE-----