Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/528KTEkQew3OKB0sdZbyrpr76lo.roa
File:                     528KTEkQew3OKB0sdZbyrpr76lo.roa (raw, json)
Hash identifier:          vzEojXovmM1vbii6xpgBaXVLuyQKtmvj4cwlpTlnTnA=
Subject key identifier:   E7:6F:0A:4C:49:10:7B:0D:CE:28:1D:2C:75:96:F2:AE:9A:FB:EA:5A
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       01942521AD486E9D276299F3AEA47013547F
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/528KTEkQew3OKB0sdZbyrpr76lo.roa
Signing time:             Thu 02 Jan 2025 03:49:11 +0000
ROA not before:           Thu 02 Jan 2025 03:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61965
IP address blocks:        31.133.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ad:48:6e:9d:27:62:99:f3:ae:a4:70:13:54:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Jan  2 03:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76f0a4c49107b0dce281d2c7596f2ae9afbea5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0a:d3:40:a5:0f:2e:a8:b4:d1:72:b3:c1:cd:
                    bc:3c:b4:44:73:ae:24:d2:2e:0a:16:52:3c:67:d5:
                    99:c1:8d:b6:a2:dd:77:c8:50:48:8c:0c:10:77:30:
                    b9:63:85:4c:23:72:fd:d3:f8:76:ea:9c:97:4d:48:
                    8f:35:e7:65:06:92:bf:46:52:42:8a:44:e5:81:3b:
                    16:4f:3b:15:86:ac:a9:09:a8:8b:7a:7a:6a:2b:cc:
                    d3:1a:7d:7d:da:ca:7f:32:73:9b:a4:09:3d:d6:22:
                    8d:79:b1:74:93:11:50:f8:74:28:8c:1e:81:a8:c3:
                    fe:cb:99:47:a4:84:66:57:1d:21:f1:87:11:c4:2e:
                    eb:da:f4:02:a1:03:ef:53:c3:3f:e0:29:ad:41:8a:
                    ae:2e:07:b3:56:04:e2:44:0d:40:31:0d:9b:05:14:
                    e4:23:85:90:7f:aa:04:81:08:c4:5d:a1:73:93:19:
                    0c:3b:af:2e:e4:3c:c7:61:b2:f3:09:99:9d:b3:f7:
                    81:8d:39:6a:fc:48:7c:7a:f6:dc:e0:a7:47:c7:d7:
                    fc:bc:d6:47:67:1b:56:03:24:02:a7:90:07:f8:23:
                    30:a1:9e:f2:0e:e1:69:6c:9c:2d:a3:2d:82:5d:10:
                    cc:8f:79:88:8c:41:25:d1:d5:71:07:f1:9c:dd:60:
                    88:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6F:0A:4C:49:10:7B:0D:CE:28:1D:2C:75:96:F2:AE:9A:FB:EA:5A
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/528KTEkQew3OKB0sdZbyrpr76lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:34:de:84:b6:f8:32:93:bb:8a:eb:06:ab:cc:ca:ea:d7:2b:
         ca:40:23:73:02:0b:63:83:cf:36:f2:20:a5:50:6e:48:13:b8:
         8e:a1:e9:86:d9:1e:dd:35:db:25:ba:ed:97:d0:63:2b:e4:83:
         25:2c:ef:e0:4d:93:da:14:d4:2d:7b:fd:2b:b0:cf:5d:46:21:
         8f:b2:9c:85:3b:1b:62:b0:e2:e2:9b:cc:61:5c:f6:d3:da:b5:
         21:dc:a1:64:4e:64:ba:f5:df:ca:a3:71:fe:b3:e6:fc:8e:51:
         82:83:f2:45:4a:5b:e6:b5:d8:20:4a:86:bb:b0:e0:9a:5a:32:
         39:c8:6f:3a:36:df:d3:8e:b5:ad:b0:5b:95:40:5e:e5:34:51:
         68:26:ba:48:cf:ae:21:16:75:d9:e4:c0:95:8f:70:36:9a:6a:
         75:3a:ef:70:29:82:4e:5e:de:01:c0:f2:ce:af:df:a2:9f:d0:
         a4:08:da:a9:80:3f:ee:02:30:c3:a0:13:e1:08:43:63:10:b2:
         e6:8c:57:3c:66:27:46:47:d6:01:95:14:00:44:7e:df:1f:41:
         a9:af:e8:8b:d8:92:5e:44:6b:45:31:92:09:e0:9d:60:46:46:
         93:84:ee:56:9c:cd:58:eb:f3:d3:d5:aa:cd:f8:2d:3f:ca:f4:
         35:d8:aa:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIa1Ibp0nYpnzrqRwE1R/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjUwMTAyMDM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZmMGE0YzQ5MTA3YjBkY2UyODFkMmM3NTk2ZjJhZTlhZmJlYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQrTQKUPLqi00XKzwc28PLREc64k
0i4KFlI8Z9WZwY22ot13yFBIjAwQdzC5Y4VMI3L90/h26pyXTUiPNedlBpK/RlJC
ikTlgTsWTzsVhqypCaiLenpqK8zTGn192sp/MnObpAk91iKNebF0kxFQ+HQojB6B
qMP+y5lHpIRmVx0h8YcRxC7r2vQCoQPvU8M/4CmtQYquLgezVgTiRA1AMQ2bBRTk
I4WQf6oEgQjEXaFzkxkMO68u5DzHYbLzCZmds/eBjTlq/Eh8evbc4KdHx9f8vNZH
ZxtWAyQCp5AH+CMwoZ7yDuFpbJwtoy2CXRDMj3mIjEEl0dVxB/Gc3WCI/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdvCkxJEHsNzigdLHWW8q6a++paMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvNTI4S1RFa1FldzNPS0Iwc2RaYnlycHI3NmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4UrMA0G
CSqGSIb3DQEBCwUAA4IBAQALNN6Etvgyk7uK6warzMrq1yvKQCNzAgtjg8828iCl
UG5IE7iOoemG2R7dNdsluu2X0GMr5IMlLO/gTZPaFNQte/0rsM9dRiGPspyFOxti
sOLim8xhXPbT2rUh3KFkTmS69d/Ko3H+s+b8jlGCg/JFSlvmtdggSoa7sOCaWjI5
yG86Nt/TjrWtsFuVQF7lNFFoJrpIz64hFnXZ5MCVj3A2mmp1Ou9wKYJOXt4BwPLO
r9+in9CkCNqpgD/uAjDDoBPhCENjELLmjFc8ZidGR9YBlRQARH7fH0Gpr+iL2JJe
RGtFMZIJ4J1gRkaThO5WnM1Y6/PT1arN+C0/yvQ12Ko4
-----END CERTIFICATE-----