Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/52OaR0m0IanaCeJC23OkHPr3WHQ.roa
File:                     52OaR0m0IanaCeJC23OkHPr3WHQ.roa (raw, json)
Hash identifier:          vum6Zw+p2PuAyoCFPK/P08naDdoSfZ646o+6LqyMFPI=
Subject key identifier:   E7:63:9A:47:49:B4:21:A9:DA:09:E2:42:DB:73:A4:1C:FA:F7:58:74
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       018DF49C1DBA5782926112593A44EC424DC1
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/52OaR0m0IanaCeJC23OkHPr3WHQ.roa
Signing time:             Thu 29 Feb 2024 11:24:48 +0000
ROA not before:           Thu 29 Feb 2024 11:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57679
IP address blocks:        31.40.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 00:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:9c:1d:ba:57:82:92:61:12:59:3a:44:ec:42:4d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Feb 29 11:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7639a4749b421a9da09e242db73a41cfaf75874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:33:0a:a0:71:fe:88:9b:a6:1a:c6:04:49:5c:
                    39:05:a4:b7:1a:ba:43:b3:dc:e0:cf:84:f6:c7:89:
                    7c:d7:4c:03:f4:3c:d0:9b:cc:24:07:ad:c8:36:21:
                    df:06:b6:8b:d9:d4:6b:4b:18:c6:be:73:f8:6b:73:
                    09:12:98:87:c2:f0:50:30:0e:7d:10:3b:d2:00:98:
                    6a:cd:d3:70:76:54:fd:5c:61:28:90:a7:a6:7a:f0:
                    06:00:ab:bf:d8:9d:1a:4a:e5:54:c6:9f:de:0b:47:
                    ba:77:b6:56:10:b5:3c:f2:02:23:49:0e:c5:59:20:
                    b9:f0:13:4f:29:c3:e8:cd:26:44:bc:cf:86:98:a7:
                    64:ff:df:e3:25:1d:15:d9:d4:54:ac:bb:29:76:29:
                    35:90:e8:2b:f1:87:02:52:ca:01:7d:57:24:01:e3:
                    0e:0a:87:0e:9e:13:ab:3c:05:eb:6d:d3:15:63:b1:
                    31:ca:6e:bd:ba:9b:a0:57:ac:c6:4b:c0:67:38:f4:
                    fb:d8:91:ba:27:81:32:3f:2b:fe:ca:be:5c:c2:6b:
                    07:90:c0:2e:52:37:c5:3f:b2:32:d3:ea:b5:07:fa:
                    af:fa:4e:22:b4:1f:4d:0e:77:a9:82:6b:d4:14:03:
                    1a:11:ae:e5:b8:9e:10:b0:ee:ae:64:4d:d5:a2:58:
                    8a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:63:9A:47:49:B4:21:A9:DA:09:E2:42:DB:73:A4:1C:FA:F7:58:74
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/52OaR0m0IanaCeJC23OkHPr3WHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:39:1b:ea:03:97:58:be:e9:e9:55:a4:05:fe:c5:41:ae:2d:
         95:3d:52:3a:88:26:58:90:81:c3:3a:3d:f4:fb:da:3f:18:06:
         4d:9a:44:a5:5d:ba:d5:b1:07:3e:64:73:2d:70:82:0b:e4:94:
         ee:21:14:9c:20:6c:77:15:9a:d5:1d:04:e5:6b:e2:f5:c5:d9:
         3b:5f:81:71:45:95:06:bc:a4:2a:fe:da:45:9b:03:d5:1c:1c:
         1f:d8:ab:6c:d5:ba:7c:2c:f0:4f:54:3f:2c:f0:d5:5a:21:47:
         fd:b9:a2:1b:1a:34:98:f6:3c:da:5e:90:88:c5:dd:2a:f0:98:
         8f:1c:90:11:68:72:e3:61:e4:9c:d0:0b:df:9a:1e:94:69:2b:
         1a:6f:ea:03:cf:58:d2:d4:41:c0:bf:c3:d3:aa:a7:35:6e:84:
         b0:53:be:6b:03:65:3f:09:40:78:67:23:4f:be:df:a4:64:54:
         75:ed:41:b3:1a:3f:0a:8e:9b:7b:d3:4d:c9:f0:0d:53:2f:3c:
         ab:0a:14:81:42:87:85:3c:ed:75:a5:75:ec:b5:45:93:d5:3d:
         86:93:97:a8:8f:c0:bf:d3:79:d8:ae:f6:e3:69:1f:c4:c4:2a:
         a2:04:c1:b3:78:c3:43:fc:c4:41:9e:68:eb:1d:05:17:29:79:
         c2:d7:8d:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30nB26V4KSYRJZOkTsQk3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjQwMjI5MTEyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzYzOWE0NzQ5YjQyMWE5ZGEwOWUyNDJkYjczYTQxY2ZhZjc1ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzMKoHH+iJumGsYESVw5BaS3GrpD
s9zgz4T2x4l810wD9DzQm8wkB63INiHfBraL2dRrSxjGvnP4a3MJEpiHwvBQMA59
EDvSAJhqzdNwdlT9XGEokKemevAGAKu/2J0aSuVUxp/eC0e6d7ZWELU88gIjSQ7F
WSC58BNPKcPozSZEvM+GmKdk/9/jJR0V2dRUrLspdik1kOgr8YcCUsoBfVckAeMO
CocOnhOrPAXrbdMVY7Exym69upugV6zGS8BnOPT72JG6J4EyPyv+yr5cwmsHkMAu
UjfFP7Iy0+q1B/qv+k4itB9NDnepgmvUFAMaEa7luJ4QsO6uZE3VoliK7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdjmkdJtCGp2gniQttzpBz691h0MB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvNTJPYVIwbTBJYW5hQ2VKQzIzT2tIUHIzV0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyifMA0G
CSqGSIb3DQEBCwUAA4IBAQCPORvqA5dYvunpVaQF/sVBri2VPVI6iCZYkIHDOj30
+9o/GAZNmkSlXbrVsQc+ZHMtcIIL5JTuIRScIGx3FZrVHQTla+L1xdk7X4FxRZUG
vKQq/tpFmwPVHBwf2Kts1bp8LPBPVD8s8NVaIUf9uaIbGjSY9jzaXpCIxd0q8JiP
HJARaHLjYeSc0Avfmh6UaSsab+oDz1jS1EHAv8PTqqc1boSwU75rA2U/CUB4ZyNP
vt+kZFR17UGzGj8Kjpt7003J8A1TLzyrChSBQoeFPO11pXXstUWT1T2Gk5eoj8C/
03nYrvbjaR/ExCqiBMGzeMND/MRBnmjrHQUXKXnC142N
-----END CERTIFICATE-----