Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/e1ucky2gtRUWqjh2W_9-FUaDeco.roa
File:                     e1ucky2gtRUWqjh2W_9-FUaDeco.roa (raw, json)
Hash identifier:          IxT0Rnlu2Pa21xBI3whvhU3j8HT/Mxf3h/l6fQzZTt0=
Subject key identifier:   7B:5B:9C:93:2D:A0:B5:15:16:AA:38:76:5B:FF:7E:15:46:83:79:CA
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       01941FFA194A47A6F54A2DEE307392EEB82D
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/e1ucky2gtRUWqjh2W_9-FUaDeco.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209720
IP address blocks:        31.40.166.0/24 maxlen: 24
                          92.118.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:19:4a:47:a6:f5:4a:2d:ee:30:73:92:ee:b8:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b5b9c932da0b51516aa38765bff7e15468379ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f1:87:75:16:23:70:45:74:f8:ed:33:a8:28:
                    a2:a6:33:7e:fc:59:fe:7c:44:23:cd:7b:df:bd:ef:
                    44:8f:28:74:f0:ee:76:7f:95:a8:b8:87:c0:27:27:
                    04:a8:09:8b:b0:c1:3f:78:d5:fb:2e:52:1b:7a:b0:
                    12:f4:c0:5c:41:80:2b:bb:e3:08:dc:c6:0a:44:7f:
                    9d:48:42:01:1e:84:fb:3e:6d:5b:7e:8a:e8:bc:43:
                    ee:73:57:92:6e:f2:9b:a1:5d:8e:63:ff:02:2d:a7:
                    67:af:1e:0a:bd:01:7a:dc:39:b8:4b:ee:0d:d9:28:
                    9a:21:66:90:67:26:e3:0f:49:6f:a8:01:4e:7c:79:
                    69:7c:4a:51:78:59:ed:df:70:b5:32:e3:a9:40:00:
                    c9:09:d7:3c:09:d8:c4:b8:de:e1:cb:46:16:b2:ac:
                    7b:d8:43:d3:b5:fd:29:5e:19:bf:b6:fb:14:b7:55:
                    62:f1:44:3a:68:4a:d3:c4:14:d1:ec:32:7b:98:a4:
                    e7:6b:2b:ec:39:c8:26:64:7b:69:6f:31:d6:4e:36:
                    a4:66:9c:20:cd:fa:a0:55:9b:37:03:cf:5a:8a:7e:
                    11:2e:85:d3:50:23:66:e2:3a:17:98:f6:20:2f:e4:
                    46:b9:48:ba:73:4d:65:e3:95:37:ae:55:d3:60:6c:
                    57:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:5B:9C:93:2D:A0:B5:15:16:AA:38:76:5B:FF:7E:15:46:83:79:CA
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/e1ucky2gtRUWqjh2W_9-FUaDeco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.166.0/24
                  92.118.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:16:04:34:7d:8e:78:20:4a:09:a1:c3:9e:5a:61:a8:b9:8a:
         89:1a:83:12:f5:40:0b:61:16:6f:6c:66:a5:0b:93:27:57:bd:
         db:04:82:2f:19:d8:c6:62:50:5d:c4:50:f8:c5:0b:05:4e:ea:
         70:ac:be:2b:be:c2:25:7a:9e:bf:08:12:b6:42:14:d1:d4:49:
         4e:9c:b1:44:28:7f:70:c3:52:63:0e:db:d5:03:94:ca:ed:4a:
         39:71:57:41:8a:86:a5:ef:cf:82:76:1b:ce:1d:c2:62:ad:c9:
         15:8c:35:9d:c2:39:ab:dc:41:af:78:6f:87:a4:40:82:4e:a1:
         7d:a6:9c:79:b8:a1:61:a1:ce:a1:b0:26:3c:78:d0:a9:88:97:
         53:bc:62:08:47:e6:bd:c5:79:83:9d:0e:c7:dc:e3:56:e7:e7:
         5e:d2:9e:82:98:92:70:87:57:e1:e1:78:fa:3b:78:3c:58:df:
         76:2e:44:34:61:42:18:53:8c:16:ab:98:e6:4e:9e:68:f1:f0:
         84:2c:9b:06:4d:79:fa:f1:06:9b:ec:01:31:5c:17:95:43:93:
         d9:57:ed:43:c2:6e:ab:d8:4a:35:9c:2a:1f:4e:df:fa:7c:cb:
         eb:5f:cf:60:4b:ff:48:e0:c2:a2:45:ce:11:5c:99:f8:73:c6:
         65:ba:d6:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+hlKR6b1Si3uMHOS7rgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjViOWM5MzJkYTBiNTE1MTZhYTM4NzY1YmZmN2UxNTQ2ODM3OWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/GHdRYjcEV0+O0zqCiipjN+/Fn+
fEQjzXvfve9Ejyh08O52f5WouIfAJycEqAmLsME/eNX7LlIberAS9MBcQYAru+MI
3MYKRH+dSEIBHoT7Pm1bforovEPuc1eSbvKboV2OY/8CLadnrx4KvQF63Dm4S+4N
2SiaIWaQZybjD0lvqAFOfHlpfEpReFnt33C1MuOpQADJCdc8CdjEuN7hy0YWsqx7
2EPTtf0pXhm/tvsUt1Vi8UQ6aErTxBTR7DJ7mKTnayvsOcgmZHtpbzHWTjakZpwg
zfqgVZs3A89ain4RLoXTUCNm4joXmPYgL+RGuUi6c01l45U3rlXTYGxXgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHtbnJMtoLUVFqo4dlv/fhVGg3nKMB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvZTF1Y2t5Mmd0UlVXcWpoMldfOS1GVWFEZWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyimAwQA
XHaGMA0GCSqGSIb3DQEBCwUAA4IBAQAwFgQ0fY54IEoJocOeWmGouYqJGoMS9UAL
YRZvbGalC5MnV73bBIIvGdjGYlBdxFD4xQsFTupwrL4rvsIlep6/CBK2QhTR1ElO
nLFEKH9ww1JjDtvVA5TK7Uo5cVdBioal78+CdhvOHcJirckVjDWdwjmr3EGveG+H
pECCTqF9ppx5uKFhoc6hsCY8eNCpiJdTvGIIR+a9xXmDnQ7H3ONW5+de0p6CmJJw
h1fh4Xj6O3g8WN92LkQ0YUIYU4wWq5jmTp5o8fCELJsGTXn68Qab7AExXBeVQ5PZ
V+1Dwm6r2Eo1nCofTt/6fMvrX89gS/9I4MKiRc4RXJn4c8ZlutZH
-----END CERTIFICATE-----