Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/VLrSYlONO7JZUvaeI6OzgjRksA0.roa
File:                     VLrSYlONO7JZUvaeI6OzgjRksA0.roa (raw, json)
Hash identifier:          LTkUIoLhvOTPKcASxWAtrGL8orynFjazuB3yg7c0ZYo=
Subject key identifier:   54:BA:D2:62:53:8D:3B:B2:59:52:F6:9E:23:A3:B3:82:34:64:B0:0D
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       0195055D1B42D3825C6CC9E33C026830C61D
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/VLrSYlONO7JZUvaeI6OzgjRksA0.roa
Signing time:             Fri 14 Feb 2025 16:49:02 +0000
ROA not before:           Fri 14 Feb 2025 16:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57456
IP address blocks:        31.24.87.0/24 maxlen: 24
                          45.152.122.0/24 maxlen: 24
                          185.124.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:5d:1b:42:d3:82:5c:6c:c9:e3:3c:02:68:30:c6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Feb 14 16:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54bad262538d3bb25952f69e23a3b3823464b00d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:e3:e4:eb:94:1e:40:df:10:74:4a:29:3b:
                    15:6d:ae:5a:82:5b:ee:65:be:b7:44:a1:b2:c5:19:
                    56:ef:1a:42:ad:9a:57:8d:f1:9e:1a:c5:7e:06:c9:
                    34:db:5d:3f:d4:d4:94:9d:34:f9:71:6f:3b:44:64:
                    a4:f9:c5:73:af:53:a2:14:5e:c0:c5:4c:fb:94:8a:
                    f8:9e:16:27:5d:0d:e1:95:ce:55:e3:93:44:20:8a:
                    96:ff:4c:f6:65:b9:ce:15:6e:b8:71:55:66:c1:35:
                    dd:7d:f2:b9:23:d4:98:65:03:e3:f0:36:bc:6d:d5:
                    27:d4:81:14:3a:c0:3a:7d:50:9d:4e:c8:a6:5d:95:
                    64:df:63:a0:bd:04:42:20:ab:1f:e3:38:41:0f:17:
                    45:5a:43:35:44:af:51:18:99:ea:73:1b:a0:5e:c7:
                    df:82:3d:44:94:df:1f:fb:71:0c:d1:5c:f9:81:bc:
                    81:06:4c:f5:d0:2d:61:58:ee:90:9f:20:45:46:87:
                    43:2c:7f:30:8e:4f:64:d3:40:a2:45:d1:82:ca:f6:
                    c6:b3:63:98:04:e4:51:f8:08:21:49:85:9f:58:84:
                    51:e0:ae:82:62:ca:fe:76:60:72:18:5a:39:a3:f2:
                    ee:48:2d:eb:02:0d:6a:33:36:e9:cf:0f:7c:90:44:
                    2f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:BA:D2:62:53:8D:3B:B2:59:52:F6:9E:23:A3:B3:82:34:64:B0:0D
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/VLrSYlONO7JZUvaeI6OzgjRksA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.87.0/24
                  45.152.122.0/24
                  185.124.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:85:55:b6:bc:96:24:d0:c7:d4:b0:4a:75:8e:e0:00:38:4e:
         a3:d1:44:6a:6e:d9:02:7e:dd:fb:82:06:db:19:bd:5c:57:eb:
         76:5d:40:c4:74:73:94:b8:ac:23:e7:01:9c:a4:71:78:d0:2d:
         30:6e:c8:fd:09:e3:cf:ea:42:ac:60:52:79:ff:12:6f:7e:28:
         75:14:c6:4e:3d:0e:e2:36:84:89:1c:4f:08:f7:a0:23:77:63:
         38:81:2f:7d:64:45:eb:9a:84:3a:75:82:71:fc:24:09:7a:11:
         d3:87:df:c3:9b:e2:71:dd:cd:aa:7d:3b:e9:d8:18:b2:54:6f:
         c6:c7:d5:a9:75:ff:f2:1c:61:92:89:82:1a:ed:08:b6:8c:f0:
         f7:0e:19:65:68:2d:fb:33:b4:d8:56:d3:4f:79:ea:11:f9:e8:
         0c:4e:78:c5:05:82:2a:f3:56:5c:30:c1:c1:96:67:6a:9f:b6:
         22:ed:43:d2:f1:a5:15:f1:45:a9:b5:19:6e:6f:04:58:a4:b1:
         2a:bd:db:72:0d:e3:f4:70:a9:6a:e8:1e:a3:21:75:31:57:89:
         89:91:a1:ec:af:05:00:25:22:f4:0a:c6:a3:b3:94:7c:50:d6:
         69:d4:c0:3d:68:47:3b:1b:a2:f4:15:b8:54:5f:99:9a:4e:e5:
         f2:a0:a7:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUFXRtC04JcbMnjPAJoMMYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjUwMjE0MTY0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGJhZDI2MjUzOGQzYmIyNTk1MmY2OWUyM2EzYjM4MjM0NjRiMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs47j5OuUHkDfEHRKKTsVba5aglvu
Zb63RKGyxRlW7xpCrZpXjfGeGsV+Bsk0210/1NSUnTT5cW87RGSk+cVzr1OiFF7A
xUz7lIr4nhYnXQ3hlc5V45NEIIqW/0z2ZbnOFW64cVVmwTXdffK5I9SYZQPj8Da8
bdUn1IEUOsA6fVCdTsimXZVk32OgvQRCIKsf4zhBDxdFWkM1RK9RGJnqcxugXsff
gj1ElN8f+3EM0Vz5gbyBBkz10C1hWO6QnyBFRodDLH8wjk9k00CiRdGCyvbGs2OY
BORR+AghSYWfWIRR4K6CYsr+dmByGFo5o/LuSC3rAg1qMzbpzw98kEQvOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFS60mJTjTuyWVL2niOjs4I0ZLANMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvVkxyU1lsT05PN0paVXZhZUk2T3pnalJrc0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHxhXAwQA
LZh6AwQAuXxAMA0GCSqGSIb3DQEBCwUAA4IBAQBuhVW2vJYk0MfUsEp1juAAOE6j
0URqbtkCft37ggbbGb1cV+t2XUDEdHOUuKwj5wGcpHF40C0wbsj9CePP6kKsYFJ5
/xJvfih1FMZOPQ7iNoSJHE8I96Ajd2M4gS99ZEXrmoQ6dYJx/CQJehHTh9/Dm+Jx
3c2qfTvp2BiyVG/Gx9Wpdf/yHGGSiYIa7Qi2jPD3DhllaC37M7TYVtNPeeoR+egM
TnjFBYIq81ZcMMHBlmdqn7Yi7UPS8aUV8UWptRlubwRYpLEqvdtyDeP0cKlq6B6j
IXUxV4mJkaHsrwUAJSL0Csajs5R8UNZp1MA9aEc7G6L0FbhUX5maTuXyoKd2
-----END CERTIFICATE-----