Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lGFP2ErJ84ru7GCCVjFyz-bo_24.roa
File:                     lGFP2ErJ84ru7GCCVjFyz-bo_24.roa (raw, json)
Hash identifier:          l0mQkhZFjodXmX2U7qVqH+cWGP8hW5nCcat91wnQqyI=
Subject key identifier:   94:61:4F:D8:4A:C9:F3:8A:EE:EC:60:82:56:31:72:CF:E6:E8:FF:6E
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0195116D2ED0D077587C42724449B68DA574
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lGFP2ErJ84ru7GCCVjFyz-bo_24.roa
Signing time:             Mon 17 Feb 2025 01:02:02 +0000
ROA not before:           Mon 17 Feb 2025 01:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209428
IP address blocks:        185.244.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:11:6d:2e:d0:d0:77:58:7c:42:72:44:49:b6:8d:a5:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Feb 17 01:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94614fd84ac9f38aeeec6082563172cfe6e8ff6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:82:fd:c3:62:e7:00:24:70:51:25:3b:4c:ce:
                    42:9d:43:ab:dc:9d:68:37:03:b7:6c:b6:d2:94:02:
                    2f:b1:f0:58:b0:17:b4:63:a2:c4:13:c3:ea:e3:0c:
                    25:ac:5c:3b:f4:13:8a:ee:85:29:6e:d5:a4:00:a5:
                    db:05:9e:a7:35:61:cb:7c:56:04:53:d0:ed:8c:ad:
                    ce:cc:ff:6f:c6:21:52:e0:5d:33:c3:92:1e:ba:7a:
                    bd:b6:17:68:25:cd:61:2f:d5:15:d1:59:80:32:13:
                    e5:28:3d:33:90:6e:24:21:04:90:32:d3:92:7c:89:
                    2a:42:db:b6:5c:cb:7b:66:df:be:15:a0:45:a1:f6:
                    73:e2:be:a4:12:d0:ee:f6:7e:0a:a2:ef:2e:30:b0:
                    28:00:23:c0:a7:3b:43:4b:88:43:3f:13:ee:86:cf:
                    bb:99:4b:43:eb:1e:8d:c0:64:da:60:25:13:90:ec:
                    31:95:4c:4d:53:d9:bf:de:5d:45:73:b3:3d:f7:4a:
                    e7:27:98:49:9b:73:a1:9b:d8:8e:41:4d:b4:ea:ff:
                    6d:21:fe:c3:11:01:ed:fd:29:cc:5a:5c:34:e1:ee:
                    75:63:87:e6:d9:cb:49:97:a6:ba:b7:e9:bf:f6:e6:
                    da:3f:8e:83:28:c9:15:13:41:db:51:d1:62:f4:42:
                    f3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:61:4F:D8:4A:C9:F3:8A:EE:EC:60:82:56:31:72:CF:E6:E8:FF:6E
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/lGFP2ErJ84ru7GCCVjFyz-bo_24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:fa:76:3f:fa:b1:c4:82:3c:4c:40:67:bb:2e:1d:b7:63:f5:
         c2:fe:95:8c:75:cf:8a:e9:c7:a2:dd:e1:eb:f6:b9:c4:b5:6e:
         0d:fb:5a:a5:9a:5d:d8:54:6e:26:c3:9b:13:60:85:d5:11:2f:
         b2:dc:f9:51:34:5d:5e:14:04:14:51:6e:a1:ca:cc:99:0b:97:
         a9:2d:44:bb:a0:1a:3d:b4:99:4e:4c:fd:5c:9e:10:55:60:e4:
         dd:fe:2b:d9:63:1a:92:ff:17:91:a0:03:d5:58:b7:f8:48:db:
         28:8a:d0:48:66:54:27:13:bc:28:32:e7:3e:75:2b:e4:c0:b5:
         b2:b5:53:c0:fc:f3:fb:71:ff:a5:21:0d:2a:61:b9:e5:b4:79:
         ee:20:00:c0:81:40:2c:9e:cf:e8:a7:f2:68:3f:1a:b4:92:61:
         ee:41:b6:e7:44:ba:e9:02:ab:84:2f:e6:c4:04:75:89:4e:5b:
         02:e1:b6:64:34:16:aa:f9:73:ce:bf:a6:77:50:a9:f7:71:61:
         c7:c5:f4:0e:28:52:ad:02:48:a4:ea:0d:ef:7f:c4:10:50:b3:
         f0:c5:c9:27:d9:81:97:5e:22:16:85:d0:8f:61:cd:67:10:b6:
         c6:68:82:c5:c3:99:91:a0:8f:a6:01:9c:d4:ec:11:e3:3e:8c:
         0c:09:98:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZURbS7Q0HdYfEJyREm2jaV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMjE3MDEwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDYxNGZkODRhYzlmMzhhZWVlYzYwODI1NjMxNzJjZmU2ZThmZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoL9w2LnACRwUSU7TM5CnUOr3J1o
NwO3bLbSlAIvsfBYsBe0Y6LEE8Pq4wwlrFw79BOK7oUpbtWkAKXbBZ6nNWHLfFYE
U9DtjK3OzP9vxiFS4F0zw5Ieunq9thdoJc1hL9UV0VmAMhPlKD0zkG4kIQSQMtOS
fIkqQtu2XMt7Zt++FaBFofZz4r6kEtDu9n4Kou8uMLAoACPApztDS4hDPxPuhs+7
mUtD6x6NwGTaYCUTkOwxlUxNU9m/3l1Fc7M990rnJ5hJm3Ohm9iOQU206v9tIf7D
EQHt/SnMWlw04e51Y4fm2ctJl6a6t+m/9ubaP46DKMkVE0HbUdFi9ELzLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRhT9hKyfOK7uxgglYxcs/m6P9uMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvbEdGUDJFcko4NHJ1N0dDQ1ZqRnl6LWJvXzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQfMA0G
CSqGSIb3DQEBCwUAA4IBAQC4+nY/+rHEgjxMQGe7Lh23Y/XC/pWMdc+K6cei3eHr
9rnEtW4N+1qlml3YVG4mw5sTYIXVES+y3PlRNF1eFAQUUW6hysyZC5epLUS7oBo9
tJlOTP1cnhBVYOTd/ivZYxqS/xeRoAPVWLf4SNsoitBIZlQnE7woMuc+dSvkwLWy
tVPA/PP7cf+lIQ0qYbnltHnuIADAgUAsns/op/JoPxq0kmHuQbbnRLrpAquEL+bE
BHWJTlsC4bZkNBaq+XPOv6Z3UKn3cWHHxfQOKFKtAkik6g3vf8QQULPwxckn2YGX
XiIWhdCPYc1nELbGaILFw5mRoI+mAZzU7BHjPowMCZjC
-----END CERTIFICATE-----