Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/06heLpkhPZDIbobUdBVrEl7tRaM.roa
File:                     06heLpkhPZDIbobUdBVrEl7tRaM.roa (raw, json)
Hash identifier:          1VfnXVrmD1QJCPPP0yoMA9t0Y95B+NtzKULxpukikqQ=
Subject key identifier:   D3:A8:5E:2E:99:21:3D:90:C8:6E:86:D4:74:15:6B:12:5E:ED:45:A3
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       01942521ABFEDCAD925CEA762F266A7CEF12
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/06heLpkhPZDIbobUdBVrEl7tRaM.roa
Signing time:             Thu 02 Jan 2025 03:49:11 +0000
ROA not before:           Thu 02 Jan 2025 03:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56766
IP address blocks:        31.133.38.0/23 maxlen: 24
                          31.133.38.0/24 maxlen: 24
                          31.133.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ab:fe:dc:ad:92:5c:ea:76:2f:26:6a:7c:ef:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Jan  2 03:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3a85e2e99213d90c86e86d474156b125eed45a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:29:2e:17:84:e2:75:7e:42:e9:d6:ba:9b:8a:
                    a2:c9:a2:7d:a5:d0:5f:7c:e4:ab:a2:c7:8a:1f:68:
                    47:02:b4:0d:71:97:ae:2a:63:18:9a:0b:9e:6b:de:
                    67:60:ea:de:13:6a:c6:56:91:a5:8d:f8:1d:00:e4:
                    a6:10:fb:6f:5e:7a:fc:43:e8:9b:b9:94:00:0c:18:
                    7c:cd:0e:fb:12:80:be:cb:67:ab:0a:87:04:d0:25:
                    12:b3:76:6f:e4:6a:93:b2:93:c6:f1:9b:ba:a3:f1:
                    75:34:b9:7e:42:77:b5:a6:4d:5d:15:a0:47:52:d3:
                    da:ef:06:86:ae:95:0b:41:2e:b0:d8:76:5e:cd:c5:
                    11:cb:a8:98:8e:96:46:78:13:31:d5:d2:60:69:56:
                    f3:21:79:74:ef:f4:52:7d:fb:bd:97:85:1f:c3:ab:
                    eb:34:98:87:ce:d1:8f:0e:16:7f:0a:a0:51:cc:ce:
                    96:5f:d0:91:e7:1b:e8:23:22:a1:22:7b:ed:6f:6c:
                    7b:d5:a0:64:24:03:fb:7c:2f:46:ae:97:a0:c9:bc:
                    f1:36:06:b9:fb:ab:e7:3e:a9:6b:bd:23:ca:0f:97:
                    52:99:84:d4:d9:5a:fc:59:be:47:5c:20:6f:3d:83:
                    a2:b0:49:52:23:ca:c7:c2:28:be:1e:88:1e:1f:1b:
                    e7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A8:5E:2E:99:21:3D:90:C8:6E:86:D4:74:15:6B:12:5E:ED:45:A3
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/06heLpkhPZDIbobUdBVrEl7tRaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:88:f3:60:b1:5a:71:d6:61:be:89:b0:d8:d2:aa:b5:71:35:
         be:9e:9c:60:1b:64:4f:d5:e4:4f:3e:24:ad:91:02:3f:bb:b6:
         72:96:80:3b:83:1f:57:79:9d:f2:91:3b:d3:8e:04:e1:e1:15:
         29:d1:5d:34:4c:5f:df:d7:4d:d3:db:89:e7:a0:f0:34:cd:12:
         ee:7f:ec:c8:7f:22:65:97:52:ae:d4:15:54:d9:1a:ab:02:c4:
         94:df:73:b8:43:5f:7b:4c:5e:3d:dc:7a:26:58:d8:06:1e:8e:
         67:b0:90:1b:7f:7b:69:6c:6f:d8:5a:6b:5d:76:52:3e:34:01:
         ed:63:8f:6d:19:01:da:3a:1f:b9:9d:ef:ab:ec:4a:35:3f:eb:
         00:c2:c9:7a:d3:1e:ae:b4:f4:eb:41:77:ef:1d:5b:66:d5:b6:
         3c:43:cf:fe:ff:bb:80:b2:0b:df:0d:04:de:94:43:e8:60:8e:
         92:46:78:e0:f8:ac:18:65:26:fd:e6:6f:cb:36:2a:fc:85:e5:
         e2:ad:82:81:c7:f2:20:94:78:2d:44:6b:36:06:43:8a:01:53:
         f0:67:67:e1:3d:87:18:90:23:e8:eb:d5:31:b8:12:23:61:b6:
         8a:cd:1f:3b:37:d1:cd:ea:77:ca:2f:20:1b:95:a2:23:5c:bb:
         4f:e1:46:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIav+3K2SXOp2LyZqfO8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjUwMTAyMDM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E4NWUyZTk5MjEzZDkwYzg2ZTg2ZDQ3NDE1NmIxMjVlZWQ0NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCkuF4TidX5C6da6m4qiyaJ9pdBf
fOSroseKH2hHArQNcZeuKmMYmguea95nYOreE2rGVpGljfgdAOSmEPtvXnr8Q+ib
uZQADBh8zQ77EoC+y2erCocE0CUSs3Zv5GqTspPG8Zu6o/F1NLl+Qne1pk1dFaBH
UtPa7waGrpULQS6w2HZezcURy6iYjpZGeBMx1dJgaVbzIXl07/RSffu9l4Ufw6vr
NJiHztGPDhZ/CqBRzM6WX9CR5xvoIyKhInvtb2x71aBkJAP7fC9GrpegybzxNga5
+6vnPqlrvSPKD5dSmYTU2Vr8Wb5HXCBvPYOisElSI8rHwii+HogeHxvn1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOoXi6ZIT2QyG6G1HQVaxJe7UWjMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvMDZoZUxwa2hQWkRJYm9iVWRCVnJFbDd0UmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4UmMA0G
CSqGSIb3DQEBCwUAA4IBAQAZiPNgsVpx1mG+ibDY0qq1cTW+npxgG2RP1eRPPiSt
kQI/u7ZyloA7gx9XeZ3ykTvTjgTh4RUp0V00TF/f103T24nnoPA0zRLuf+zIfyJl
l1Ku1BVU2RqrAsSU33O4Q197TF493HomWNgGHo5nsJAbf3tpbG/YWmtddlI+NAHt
Y49tGQHaOh+5ne+r7Eo1P+sAwsl60x6utPTrQXfvHVtm1bY8Q8/+/7uAsgvfDQTe
lEPoYI6SRnjg+KwYZSb95m/LNir8heXirYKBx/IglHgtRGs2BkOKAVPwZ2fhPYcY
kCPo69UxuBIjYbaKzR87N9HN6nfKLyAblaIjXLtP4UbE
-----END CERTIFICATE-----