Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/1-cT0cIrhDx774quTXRrbqvs6OFY.roa
File:                     1-cT0cIrhDx774quTXRrbqvs6OFY.roa (raw, json)
Hash identifier:          8n8gld14kPssMMA3+jVI7pCtrN/L7k+quqNs1pSNsow=
Subject key identifier:   F9:C4:F4:70:8A:E1:0F:1E:FB:E2:AB:93:5D:1A:DB:AA:FB:3A:38:56
Certificate issuer:       /CN=26c672da72a34cc282adc40f282676de75117654
Certificate serial:       0194252161523A08C3EE4EB2D01AB0467B12
Authority key identifier: 26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/1-cT0cIrhDx774quTXRrbqvs6OFY.roa
Signing time:             Thu 02 Jan 2025 03:48:52 +0000
ROA not before:           Thu 02 Jan 2025 03:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        31.88.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jan 2025 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:61:52:3a:08:c3:ee:4e:b2:d0:1a:b0:46:7b:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c672da72a34cc282adc40f282676de75117654
        Validity
            Not Before: Jan  2 03:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9c4f4708ae10f1efbe2ab935d1adbaafb3a3856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a6:dd:6e:6e:cf:cd:31:bc:47:54:d0:61:d2:
                    47:32:4d:1b:b2:2a:32:fe:ed:ff:c0:2a:f6:26:e0:
                    5a:54:55:df:e8:49:b6:8c:f0:aa:c0:6e:db:ed:3c:
                    03:7f:3e:4e:ba:d1:8c:55:67:96:c5:51:58:6f:bd:
                    cb:d4:cf:4c:73:47:bb:29:2f:95:ca:a8:49:5a:e2:
                    0b:f8:65:49:d0:73:4c:70:ec:82:f8:5b:df:e8:87:
                    74:c3:46:91:a1:d3:ee:ac:1c:c4:c3:3c:cf:7f:52:
                    f1:58:0e:94:de:27:16:a0:43:5d:6d:39:d6:a0:df:
                    9d:a7:b8:43:f3:94:4e:25:dc:86:76:30:d3:a8:db:
                    f9:db:1e:9a:5d:9a:4c:35:4b:90:e6:e1:61:94:55:
                    36:a2:f1:8a:85:b0:a3:c1:d7:18:00:84:a6:a3:19:
                    2d:fc:69:9f:6b:dd:f2:28:dd:3c:6b:1b:d7:4c:96:
                    13:e2:d8:e4:f4:87:cc:3f:57:40:a3:93:72:90:e7:
                    79:86:51:ae:ea:2f:d3:e7:bb:e9:c8:89:fc:5f:a4:
                    cc:50:73:59:fd:12:57:cb:c5:cb:cf:f7:6a:0c:90:
                    1b:83:44:58:6c:8f:3c:92:bb:c0:1f:43:ee:e9:72:
                    e4:79:f6:35:1b:bf:be:d1:0b:55:1d:fc:29:54:08:
                    38:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C4:F4:70:8A:E1:0F:1E:FB:E2:AB:93:5D:1A:DB:AA:FB:3A:38:56
            X509v3 Authority Key Identifier:
                keyid:26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/1-cT0cIrhDx774quTXRrbqvs6OFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         71:25:17:f9:a2:43:d2:8e:df:3f:10:d7:10:ac:d5:83:90:c9:
         1a:73:7d:f4:5a:ee:78:70:3f:4e:6a:56:21:e8:41:2a:ba:41:
         87:5c:98:97:38:3b:b3:b0:79:27:44:68:50:61:f9:a8:16:39:
         fa:d1:7d:20:34:87:95:87:61:b0:fe:3c:cc:e1:72:99:f6:81:
         94:eb:08:27:de:15:e1:2b:cc:3b:f5:a3:7d:ac:c5:9f:d8:7c:
         8b:31:a5:2a:08:3f:ae:cf:9b:3a:5b:60:75:1d:fd:e0:17:69:
         e6:73:7e:18:56:0a:08:c3:97:02:f6:6e:0c:61:95:f9:07:00:
         49:8e:e9:60:fa:02:14:c4:25:42:05:2c:38:44:ad:87:ea:e0:
         7a:aa:12:ef:1d:08:8c:7f:c2:21:91:da:0c:e9:13:5e:13:ba:
         0e:0a:fa:83:0a:61:48:f8:b3:98:21:ec:f1:e9:e5:3a:a4:e1:
         59:c7:fd:50:19:94:84:e0:2f:78:cf:d3:69:ee:77:8c:5f:d8:
         0a:4b:4c:e9:1e:a3:75:8d:e6:fe:4a:61:7a:e7:fa:21:3a:89:
         5d:4d:b2:95:72:4d:09:9a:4b:e6:e9:65:ff:1a:06:bc:9b:a0:
         e6:3f:ed:43:8d:b5:f6:78:d1:7c:e8:3b:29:e8:d2:1d:f2:54:
         66:03:b0:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWFSOgjD7k6y0BqwRnsSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YzY3MmRhNzJhMzRjYzI4MmFkYzQwZjI4MjY3NmRlNzUx
MTc2NTQwHhcNMjUwMTAyMDM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWM0ZjQ3MDhhZTEwZjFlZmJlMmFiOTM1ZDFhZGJhYWZiM2EzODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqbdbm7PzTG8R1TQYdJHMk0bsioy
/u3/wCr2JuBaVFXf6Em2jPCqwG7b7TwDfz5OutGMVWeWxVFYb73L1M9Mc0e7KS+V
yqhJWuIL+GVJ0HNMcOyC+Fvf6Id0w0aRodPurBzEwzzPf1LxWA6U3icWoENdbTnW
oN+dp7hD85ROJdyGdjDTqNv52x6aXZpMNUuQ5uFhlFU2ovGKhbCjwdcYAISmoxkt
/Gmfa93yKN08axvXTJYT4tjk9IfMP1dAo5NykOd5hlGu6i/T57vpyIn8X6TMUHNZ
/RJXy8XLz/dqDJAbg0RYbI88krvAH0Pu6XLkefY1G7++0QtVHfwpVAg4kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPnE9HCK4Q8e++Krk10a26r7OjhWMB8GA1UdIwQY
MBaAFCbGctpyo0zCgq3EDygmdt51EXZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2Qt
MjJkMDI3MTk3NzEyLzEvMS1jVDBjSXJoRHg3NzRxdVRYUnJicXZzNk9GWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzYvN2ZlMDE1LTVjZDUtNDQyOS04YjdkLTIyZDAyNzE5Nzcx
Mi8xL0pzWnkybktqVE1LQ3JjUVBLQ1oyM25VUmRsUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAR9YMA0G
CSqGSIb3DQEBCwUAA4IBAQBxJRf5okPSjt8/ENcQrNWDkMkac330Wu54cD9OalYh
6EEqukGHXJiXODuzsHknRGhQYfmoFjn60X0gNIeVh2Gw/jzM4XKZ9oGU6wgn3hXh
K8w79aN9rMWf2HyLMaUqCD+uz5s6W2B1Hf3gF2nmc34YVgoIw5cC9m4MYZX5BwBJ
julg+gIUxCVCBSw4RK2H6uB6qhLvHQiMf8IhkdoM6RNeE7oOCvqDCmFI+LOYIezx
6eU6pOFZx/1QGZSE4C94z9Np7neMX9gKS0zpHqN1jeb+SmF65/ohOoldTbKVck0J
mkvm6WX/Gga8m6DmP+1DjbX2eNF86Dsp6NId8lRmA7CM
-----END CERTIFICATE-----