Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/OcXOGlX2Gc26JEdm5iWVWnBYg58.roa
File:                     OcXOGlX2Gc26JEdm5iWVWnBYg58.roa (raw, json)
Hash identifier:          /vGDKbgE4iZUS4BzIvVP16inipE2apdXrS0M45rcngw=
Subject key identifier:   39:C5:CE:1A:55:F6:19:CD:BA:24:47:66:E6:25:95:5A:70:58:83:9F
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       0194221FBE3B000F74F101E4266056F12427
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/OcXOGlX2Gc26JEdm5iWVWnBYg58.roa
Signing time:             Wed 01 Jan 2025 13:48:13 +0000
ROA not before:           Wed 01 Jan 2025 13:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62429
IP address blocks:        31.24.87.0/24 maxlen: 24
                          185.124.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:be:3b:00:0f:74:f1:01:e4:26:60:56:f1:24:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Jan  1 13:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39c5ce1a55f619cdba244766e625955a7058839f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:9a:b5:91:7e:87:32:8b:92:d1:4b:62:eb:c6:
                    ca:35:b1:9e:b4:8b:f2:0a:1c:a2:d4:09:54:a0:86:
                    3d:af:ee:d3:05:ff:64:2d:19:eb:91:42:f4:f9:94:
                    84:b6:c0:dd:3e:36:ac:89:7b:b4:f9:21:e1:3e:fc:
                    0d:1d:69:45:90:11:da:b2:32:c3:29:5a:5d:c9:b5:
                    4f:3d:ce:25:0c:df:fe:37:53:c0:74:50:81:19:eb:
                    19:22:67:16:d3:e3:5d:6f:94:99:29:b0:a9:1b:57:
                    01:90:f4:83:6e:5d:15:17:e0:4b:e7:2d:32:a6:b1:
                    04:c0:12:68:b7:4d:29:8c:e1:83:78:b6:fe:ec:9b:
                    b7:d3:72:21:b7:3d:16:cd:3f:4f:6e:76:af:c5:1b:
                    84:9d:e0:50:36:fa:bb:51:2a:49:70:92:5c:a8:5f:
                    34:b8:4d:38:8b:21:97:d7:4e:64:b4:76:d7:52:c0:
                    78:55:85:2c:2f:9c:c0:f9:a9:39:71:d9:84:57:ca:
                    cd:f0:5f:3f:93:e8:8c:bc:36:a5:a4:51:ab:a5:36:
                    8c:dd:e7:26:b7:eb:1d:27:eb:fc:d8:de:fe:4d:d6:
                    ec:ce:3a:f6:4d:67:dd:30:a1:06:eb:42:a6:65:3b:
                    7f:86:e7:b8:c0:25:bb:b2:62:66:42:82:49:a6:6d:
                    94:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C5:CE:1A:55:F6:19:CD:BA:24:47:66:E6:25:95:5A:70:58:83:9F
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/OcXOGlX2Gc26JEdm5iWVWnBYg58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.87.0/24
                  185.124.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f6:54:a5:b5:e1:43:6e:e6:b5:b7:25:23:23:f8:1a:c2:0c:
         42:f1:a2:d3:d8:ed:f8:ff:ec:a3:76:ed:79:2b:31:ab:43:cc:
         2b:c0:36:2c:a1:a4:45:36:d4:c9:26:bd:30:de:6b:84:a9:75:
         ab:93:8c:a6:b0:ac:4b:3c:b8:51:ff:ca:71:a1:f6:28:38:bf:
         68:35:e7:d6:db:87:63:28:cd:c6:54:fa:f8:b9:94:9c:e0:30:
         ec:92:2f:be:e5:e2:60:9b:8b:1d:84:76:d5:3a:34:8a:fb:a3:
         8e:9c:dd:37:2b:01:75:ac:ac:41:46:c9:82:1b:4b:03:ab:ea:
         23:75:be:aa:b1:82:c8:43:9e:fb:1d:8f:f0:73:5c:63:4f:1d:
         25:d4:46:76:47:51:86:33:8d:f8:af:40:35:3f:c4:96:81:d5:
         09:c9:84:ee:8b:b6:59:9e:8d:8f:33:fe:fd:c1:93:be:0d:c3:
         21:ba:22:45:b5:9e:d9:cb:ee:52:21:8e:4d:44:e2:e4:a9:86:
         dc:d2:fd:0a:37:43:55:4d:90:8b:f4:26:07:a4:ad:8d:c6:43:
         5c:24:26:b3:8c:e7:5d:83:67:2f:6f:c8:bc:22:5b:5c:e7:98:
         b7:99:c0:55:36:85:1b:d0:20:39:e0:68:a3:71:d4:7d:e6:fb:
         82:d4:0a:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH747AA908QHkJmBW8SQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM1Y2UxYTU1ZjYxOWNkYmEyNDQ3NjZlNjI1OTU1YTcwNTg4MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75q1kX6HMouS0Uti68bKNbGetIvy
Chyi1AlUoIY9r+7TBf9kLRnrkUL0+ZSEtsDdPjasiXu0+SHhPvwNHWlFkBHasjLD
KVpdybVPPc4lDN/+N1PAdFCBGesZImcW0+Ndb5SZKbCpG1cBkPSDbl0VF+BL5y0y
prEEwBJot00pjOGDeLb+7Ju303Ihtz0WzT9PbnavxRuEneBQNvq7USpJcJJcqF80
uE04iyGX105ktHbXUsB4VYUsL5zA+ak5cdmEV8rN8F8/k+iMvDalpFGrpTaM3ecm
t+sdJ+v82N7+Tdbszjr2TWfdMKEG60KmZTt/hue4wCW7smJmQoJJpm2UywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDnFzhpV9hnNuiRHZuYllVpwWIOfMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvT2NYT0dsWDJHYzI2SkVkbTVpV1ZXbkJZZzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxhXAwQA
uXxAMA0GCSqGSIb3DQEBCwUAA4IBAQAe9lSlteFDbua1tyUjI/gawgxC8aLT2O34
/+yjdu15KzGrQ8wrwDYsoaRFNtTJJr0w3muEqXWrk4ymsKxLPLhR/8pxofYoOL9o
NefW24djKM3GVPr4uZSc4DDski++5eJgm4sdhHbVOjSK+6OOnN03KwF1rKxBRsmC
G0sDq+ojdb6qsYLIQ577HY/wc1xjTx0l1EZ2R1GGM434r0A1P8SWgdUJyYTui7ZZ
no2PM/79wZO+DcMhuiJFtZ7Zy+5SIY5NROLkqYbc0v0KN0NVTZCL9CYHpK2NxkNc
JCazjOddg2cvb8i8Iltc55i3mcBVNoUb0CA54GijcdR95vuC1ArZ
-----END CERTIFICATE-----