Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/LdW4WrOP21P3_b9HaGAgjbFCnm8.roa
File:                     LdW4WrOP21P3_b9HaGAgjbFCnm8.roa (raw, json)
Hash identifier:          99nilYek7YWbcMfWxBc9uJdjyGkwvYVaC06TmFUyQHo=
Subject key identifier:   2D:D5:B8:5A:B3:8F:DB:53:F7:FD:BF:47:68:60:20:8D:B1:42:9E:6F
Certificate issuer:       /CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Certificate serial:       019422FC4BBD2A6397BAEF6EF8C495FAE1A3
Authority key identifier: 31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/LdW4WrOP21P3_b9HaGAgjbFCnm8.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33103
IP address blocks:        202.22.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4b:bd:2a:63:97:ba:ef:6e:f8:c4:95:fa:e1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dd5b85ab38fdb53f7fdbf476860208db1429e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:e0:0a:9a:7f:de:5c:37:10:59:aa:62:1c:
                    23:25:dc:52:3a:dd:bf:db:6c:65:b3:18:79:7e:2b:
                    1c:a3:cb:8d:2a:37:2b:99:56:a8:63:c8:58:e7:85:
                    c7:19:9a:d5:37:b8:2d:56:ef:83:3c:4c:55:bd:48:
                    f8:68:f9:bc:f0:e4:a5:72:ca:a2:74:3d:3b:32:1c:
                    f8:65:e9:e5:61:d5:86:0e:30:4d:20:31:a8:32:de:
                    64:6b:e0:6e:ba:ac:62:b6:ff:fe:3a:5f:52:07:08:
                    bc:3a:f7:b8:47:06:b0:91:56:ce:18:cf:2b:c8:47:
                    be:d4:a7:ea:30:ac:cc:85:86:2b:95:36:89:16:dd:
                    02:44:0f:6b:30:7d:06:6c:67:b9:fd:a0:56:02:9a:
                    1d:00:8e:d7:9c:a5:10:b2:26:4e:f1:f1:47:fd:c9:
                    b2:5c:75:05:85:0b:cd:ab:7c:cd:50:d6:6d:17:41:
                    28:b8:3b:98:8a:88:36:f0:4b:5b:f8:c3:dc:af:b5:
                    31:1d:22:b0:38:ab:90:7e:b7:a2:fd:b9:7f:3d:9e:
                    24:ea:8f:bd:f8:27:bd:04:2a:a3:24:04:bf:eb:6b:
                    2f:ae:e8:80:ab:21:e0:41:50:ef:2a:ff:56:bc:37:
                    87:19:fd:b8:d7:d7:4e:20:b4:69:aa:13:22:c2:9f:
                    0b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D5:B8:5A:B3:8F:DB:53:F7:FD:BF:47:68:60:20:8D:B1:42:9E:6F
            X509v3 Authority Key Identifier:
                keyid:31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/LdW4WrOP21P3_b9HaGAgjbFCnm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.22.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:69:20:8f:f6:b6:60:c9:db:ba:bd:a4:1c:96:5d:76:44:00:
         17:5f:fb:74:e3:8a:e9:76:90:06:a8:d5:21:92:54:ac:7c:7a:
         c9:a1:5e:40:6d:7d:18:29:10:e5:73:84:b5:c3:a7:46:f1:a0:
         5f:0a:28:86:00:48:f5:24:fc:79:54:08:63:86:f3:5e:5f:40:
         87:85:05:6f:92:20:a9:ef:e2:38:10:ce:6e:21:d0:76:aa:98:
         b7:a6:1b:bc:0e:f1:c8:24:ce:c6:9b:f9:fb:52:45:a7:cf:4e:
         fc:58:19:79:bf:85:21:20:7c:ef:91:48:b8:73:fb:b0:2d:b8:
         74:93:7b:07:b7:bf:0e:8e:52:91:67:1c:d2:fa:b2:e8:67:fc:
         e2:9c:60:59:65:74:3e:a5:07:56:f9:01:cb:3d:2e:72:2c:3e:
         06:76:83:aa:a3:3a:1b:43:9f:44:9e:40:22:77:f0:16:d3:e4:
         0d:e4:ac:b7:af:f8:22:8a:8a:c4:df:c9:8b:77:dc:51:b4:99:
         02:3e:c2:44:64:bf:d7:a4:93:2f:4d:d8:b2:f5:cd:0a:eb:33:
         e4:c1:21:0c:60:4c:47:91:6e:2b:01:87:a7:80:b3:bd:b7:3b:
         5e:d4:7d:f4:a9:db:65:e3:9d:8e:7a:16:83:d0:94:ee:bc:33:
         d6:8c:4a:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Eu9KmOXuu9u+MSV+uGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWI5YjJkYjRhM2JkZGY4YzkyZmM1MGI5NzEzMDQzZGQ1
NmRjMzgwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ1Yjg1YWIzOGZkYjUzZjdmZGJmNDc2ODYwMjA4ZGIxNDI5ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSHgCpp/3lw3EFmqYhwjJdxSOt2/
22xlsxh5fisco8uNKjcrmVaoY8hY54XHGZrVN7gtVu+DPExVvUj4aPm88OSlcsqi
dD07Mhz4ZenlYdWGDjBNIDGoMt5ka+Buuqxitv/+Ol9SBwi8Ove4RwawkVbOGM8r
yEe+1KfqMKzMhYYrlTaJFt0CRA9rMH0GbGe5/aBWApodAI7XnKUQsiZO8fFH/cmy
XHUFhQvNq3zNUNZtF0EouDuYiog28Etb+MPcr7UxHSKwOKuQfrei/bl/PZ4k6o+9
+Ce9BCqjJAS/62svruiAqyHgQVDvKv9WvDeHGf2419dOILRpqhMiwp8LTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3VuFqzj9tT9/2/R2hgII2xQp5vMB8GA1UdIwQY
MBaAFDHrmy20o73fjJL8ULlxMEPdVtw4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgt
YmQyNGYwMDM1NzhmLzEvTGRXNFdyT1AyMVAzX2I5SGFHQWdqYkZDbm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgtYmQyNGYwMDM1Nzhm
LzEvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyhanMA0G
CSqGSIb3DQEBCwUAA4IBAQAfaSCP9rZgydu6vaQcll12RAAXX/t044rpdpAGqNUh
klSsfHrJoV5AbX0YKRDlc4S1w6dG8aBfCiiGAEj1JPx5VAhjhvNeX0CHhQVvkiCp
7+I4EM5uIdB2qpi3phu8DvHIJM7Gm/n7UkWnz078WBl5v4UhIHzvkUi4c/uwLbh0
k3sHt78OjlKRZxzS+rLoZ/zinGBZZXQ+pQdW+QHLPS5yLD4GdoOqozobQ59EnkAi
d/AW0+QN5Ky3r/giiorE38mLd9xRtJkCPsJEZL/XpJMvTdiy9c0K6zPkwSEMYExH
kW4rAYengLO9tzte1H30qdtl452OehaD0JTuvDPWjEpQ
-----END CERTIFICATE-----