Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/NFgVIk3I0OB4aAQE--Yl_E4ZfQE.roa
File:                     NFgVIk3I0OB4aAQE--Yl_E4ZfQE.roa (raw, json)
Hash identifier:          tZx/juHJjFsZtx/TprO+Ju+VpXMKoq0o38hFCwQ+O44=
Subject key identifier:   34:58:15:22:4D:C8:D0:E0:78:68:04:04:FB:E6:25:FC:4E:19:7D:01
Certificate issuer:       /CN=8ec3bb12f5f62a1088b07a9816c46306d1161e1d
Certificate serial:       019425FDA68536A3902E33E8BCE9531D1BB7
Authority key identifier: 8E:C3:BB:12:F5:F6:2A:10:88:B0:7A:98:16:C4:63:06:D1:16:1E:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jsO7EvX2KhCIsHqYFsRjBtEWHh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/NFgVIk3I0OB4aAQE--Yl_E4ZfQE.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216302
IP address blocks:        31.24.248.0/24 maxlen: 24
                          2a12:48c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/jsO7EvX2KhCIsHqYFsRjBtEWHh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/jsO7EvX2KhCIsHqYFsRjBtEWHh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jsO7EvX2KhCIsHqYFsRjBtEWHh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a6:85:36:a3:90:2e:33:e8:bc:e9:53:1d:1b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ec3bb12f5f62a1088b07a9816c46306d1161e1d
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=345815224dc8d0e078680404fbe625fc4e197d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:7b:00:fc:44:00:79:30:31:bd:67:d2:67:
                    c1:4a:8c:b3:6b:12:16:cb:b7:c7:92:60:dd:9d:35:
                    f0:f4:c3:74:b2:7f:b1:73:f5:8c:92:fe:1a:ec:0e:
                    84:eb:fc:64:b6:ef:14:e8:b4:20:3f:a2:b4:a5:c1:
                    73:72:fd:7a:e0:ee:37:56:62:2c:d1:8b:8e:a2:f7:
                    29:6f:bb:64:f1:41:4b:9c:a2:c5:36:2b:58:9a:4e:
                    f2:6e:e6:f3:26:c2:77:46:c5:b0:d3:d1:4b:b7:5d:
                    1b:25:20:66:10:23:f3:f1:bf:3d:eb:e6:62:1a:d3:
                    ae:b5:49:fd:28:3d:db:8c:ce:69:66:af:80:7c:a3:
                    ff:e2:c3:26:0b:c0:71:03:51:7f:ce:67:27:cc:73:
                    ec:50:a0:1b:6a:cb:d5:a9:91:54:a2:a9:63:aa:17:
                    a2:4a:41:6a:ee:7d:d4:2e:9c:e4:ad:95:9f:4f:43:
                    e7:84:00:b8:5b:6e:5f:f6:58:cc:01:49:36:69:b2:
                    da:30:01:0f:b8:08:24:02:73:f5:eb:da:db:92:bd:
                    b6:e2:d6:1f:36:32:49:6e:1e:0c:71:4f:3b:bf:dd:
                    b5:d2:79:be:c3:df:ee:7d:ff:88:21:35:6c:98:4c:
                    8f:9e:e4:dd:ec:54:7c:68:c7:09:0e:09:38:48:6d:
                    84:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:58:15:22:4D:C8:D0:E0:78:68:04:04:FB:E6:25:FC:4E:19:7D:01
            X509v3 Authority Key Identifier:
                keyid:8E:C3:BB:12:F5:F6:2A:10:88:B0:7A:98:16:C4:63:06:D1:16:1E:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jsO7EvX2KhCIsHqYFsRjBtEWHh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/NFgVIk3I0OB4aAQE--Yl_E4ZfQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/c0e4d6-e7dc-41b4-b563-bbc76129c89b/1/jsO7EvX2KhCIsHqYFsRjBtEWHh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.248.0/24
                IPv6:
                  2a12:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:d2:55:83:e3:74:0b:f3:a1:7c:e2:eb:70:fb:6c:a7:48:23:
         04:16:32:25:2c:3f:0f:8d:c1:c6:d2:3e:e5:56:79:1d:7b:fd:
         cf:c6:bf:2a:b4:7c:77:f7:db:4c:ba:86:29:e6:3e:e2:a3:03:
         db:6f:21:dd:fe:53:52:ab:69:f5:01:e7:e1:d2:40:55:6e:6a:
         c0:b7:cf:8d:aa:2f:ac:60:c6:37:a7:2a:f6:ab:eb:60:04:8c:
         20:7c:62:1c:8d:28:2b:24:89:7c:ed:1b:34:8e:bd:2d:25:44:
         97:e4:be:04:69:2e:5e:3c:3c:a2:42:17:d7:04:c2:b8:d0:ca:
         58:17:6f:71:13:0d:c3:f8:2a:5b:a9:f5:f3:14:dd:a1:d9:65:
         47:8d:83:60:e2:1c:18:fd:e0:a4:96:01:68:e2:c4:c5:d1:bc:
         f6:38:4d:91:23:38:3e:49:98:be:d2:1c:44:4c:04:7b:24:81:
         b7:f7:20:68:ac:05:10:e7:c2:66:a8:6a:88:d1:9a:5a:e7:bb:
         85:72:37:bb:2e:3b:fa:ba:57:bd:99:6e:1e:f9:59:91:59:2f:
         97:77:2c:6c:04:13:05:21:a7:78:a0:29:f3:d4:1c:42:7b:68:
         14:8c:40:d5:2d:be:37:d4:ff:e4:31:e2:23:f7:96:ca:fe:c6:
         55:59:53:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/aaFNqOQLjPovOlTHRu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYzNiYjEyZjVmNjJhMTA4OGIwN2E5ODE2YzQ2MzA2ZDEx
NjFlMWQwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDU4MTUyMjRkYzhkMGUwNzg2ODA0MDRmYmU2MjVmYzRlMTk3ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjR7APxEAHkwMb1n0mfBSoyzaxIW
y7fHkmDdnTXw9MN0sn+xc/WMkv4a7A6E6/xktu8U6LQgP6K0pcFzcv164O43VmIs
0YuOovcpb7tk8UFLnKLFNitYmk7ybubzJsJ3RsWw09FLt10bJSBmECPz8b896+Zi
GtOutUn9KD3bjM5pZq+AfKP/4sMmC8BxA1F/zmcnzHPsUKAbasvVqZFUoqljqhei
SkFq7n3ULpzkrZWfT0PnhAC4W25f9ljMAUk2abLaMAEPuAgkAnP169rbkr224tYf
NjJJbh4McU87v9210nm+w9/uff+IITVsmEyPnuTd7FR8aMcJDgk4SG2EywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDRYFSJNyNDgeGgEBPvmJfxOGX0BMB8GA1UdIwQY
MBaAFI7DuxL19ioQiLB6mBbEYwbRFh4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanNPN0V2WDJLaENJc0hxWUZzUmpCdEVXSGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9jMGU0ZDYtZTdkYy00MWI0LWI1NjMt
YmJjNzYxMjljODliLzEvTkZnVklrM0kwT0I0YUFRRS0tWWxfRTRaZlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9jMGU0ZDYtZTdkYy00MWI0LWI1NjMtYmJjNzYxMjljODli
LzEvanNPN0V2WDJLaENJc0hxWUZzUmpCdEVXSGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAHxj4MA0E
AgACMAcDBQMqEkjAMA0GCSqGSIb3DQEBCwUAA4IBAQCv0lWD43QL86F84utw+2yn
SCMEFjIlLD8PjcHG0j7lVnkde/3Pxr8qtHx399tMuoYp5j7iowPbbyHd/lNSq2n1
Aefh0kBVbmrAt8+Nqi+sYMY3pyr2q+tgBIwgfGIcjSgrJIl87Rs0jr0tJUSX5L4E
aS5ePDyiQhfXBMK40MpYF29xEw3D+CpbqfXzFN2h2WVHjYNg4hwY/eCklgFo4sTF
0bz2OE2RIzg+SZi+0hxETAR7JIG39yBorAUQ58JmqGqI0Zpa57uFcje7Ljv6ule9
mW4e+VmRWS+XdyxsBBMFIad4oCnz1BxCe2gUjEDVLb431P/kMeIj95bK/sZVWVPy
-----END CERTIFICATE-----