Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/FQK3SzsJ-m_-4y7tzcBijOiJWxA.roa
File:                     FQK3SzsJ-m_-4y7tzcBijOiJWxA.roa (raw, json)
Hash identifier:          N1P49G4PfCUQ9FBa1Q2u191FzAmkruySd+sQ5qCtJd4=
Subject key identifier:   15:02:B7:4B:3B:09:FA:6F:FE:E3:2E:ED:CD:C0:62:8C:E8:89:5B:10
Certificate issuer:       /CN=ccaa8872c2b3f974c95168d214bfd57f0f9e9119
Certificate serial:       019423693C9C75BAB8A877D8C5FA8264F95A
Authority key identifier: CC:AA:88:72:C2:B3:F9:74:C9:51:68:D2:14:BF:D5:7F:0F:9E:91:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/FQK3SzsJ-m_-4y7tzcBijOiJWxA.roa
Signing time:             Wed 01 Jan 2025 19:48:06 +0000
ROA not before:           Wed 01 Jan 2025 19:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216163
IP address blocks:        31.24.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:3c:9c:75:ba:b8:a8:77:d8:c5:fa:82:64:f9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccaa8872c2b3f974c95168d214bfd57f0f9e9119
        Validity
            Not Before: Jan  1 19:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1502b74b3b09fa6ffee32eedcdc0628ce8895b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b3:bd:01:54:85:b8:4a:58:e8:5d:70:de:87:
                    21:85:9d:6d:b2:84:5a:5c:e3:5c:4b:95:98:58:e3:
                    e4:10:ee:90:d1:42:77:8e:26:d1:98:40:5d:8f:81:
                    09:21:05:59:35:06:ff:d0:d5:98:65:4c:e7:bd:e7:
                    a9:99:20:d7:d9:b1:7d:46:71:19:ba:db:53:3b:3f:
                    d4:34:34:26:bd:df:d3:0a:86:e1:9b:e4:91:ae:03:
                    8a:31:7b:b0:92:07:80:3c:98:f6:e1:1b:23:7e:ec:
                    9d:8f:75:8b:ed:42:c9:d2:cb:72:2c:bc:1c:11:b4:
                    8a:b0:b9:29:50:d2:2a:f1:ef:67:5c:c8:33:40:a9:
                    0d:e8:5d:55:c0:05:8a:28:ec:79:aa:5a:39:b9:9c:
                    0e:70:86:49:43:49:58:67:1c:6d:81:d3:11:d4:65:
                    b6:15:13:5c:bf:d8:14:96:f2:94:f4:89:8d:40:3d:
                    3c:fa:22:87:ec:8b:4f:64:5e:a4:de:a8:d7:7e:56:
                    07:be:9d:69:e2:70:8b:3c:32:50:c4:57:bd:cb:4e:
                    4b:a7:72:b1:71:1f:d6:5c:84:e1:f7:95:a0:42:72:
                    5f:ff:09:7f:04:66:4d:96:5f:e2:03:a5:92:02:b6:
                    e8:a5:99:68:a0:4c:ef:34:1c:15:9d:10:67:18:3e:
                    de:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:02:B7:4B:3B:09:FA:6F:FE:E3:2E:ED:CD:C0:62:8C:E8:89:5B:10
            X509v3 Authority Key Identifier:
                keyid:CC:AA:88:72:C2:B3:F9:74:C9:51:68:D2:14:BF:D5:7F:0F:9E:91:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/FQK3SzsJ-m_-4y7tzcBijOiJWxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/fa3c0f-c232-4644-b2f4-e04c58a41f66/1/zKqIcsKz-XTJUWjSFL_Vfw-ekRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:9a:d2:a5:9f:d3:9b:fa:a6:97:17:90:b4:64:58:1c:b4:1b:
         b8:14:11:d0:8c:66:a9:01:9c:b1:7f:41:65:4d:6f:88:08:d2:
         32:90:51:09:90:62:b4:e8:44:5c:42:64:4f:04:71:37:35:93:
         55:3d:20:9d:45:f1:0a:78:16:68:45:21:90:28:cc:ac:6e:60:
         4e:6a:9f:cb:50:35:10:cc:6e:7b:26:e8:91:69:33:21:b6:c8:
         92:c5:c0:a0:25:2a:17:bf:3f:80:b8:54:67:17:94:a0:80:12:
         da:ff:fd:db:58:5b:56:9e:79:7c:a3:dc:bf:69:c1:32:ba:39:
         ad:cf:a7:ba:05:13:eb:a4:65:03:c1:c1:37:0b:10:03:2d:33:
         38:f2:9c:97:ef:7b:e2:86:2f:46:a8:15:88:d6:a8:5b:0f:74:
         55:a8:f1:82:81:a7:8e:24:92:e8:26:9b:4b:4a:df:63:99:5f:
         79:cb:a5:7b:c5:71:a4:8d:46:b5:ce:4c:d1:73:fa:b9:4e:6c:
         49:c9:8c:a2:f8:92:08:86:92:07:e4:81:37:ca:f1:fe:e4:17:
         f3:b3:59:fb:95:cb:dc:4a:7e:e0:a8:c1:5e:04:76:e9:e3:93:
         a5:a6:7d:4d:67:46:fd:d5:a7:be:60:db:4d:9f:82:70:1e:0c:
         2b:b0:ae:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaTycdbq4qHfYxfqCZPlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYWE4ODcyYzJiM2Y5NzRjOTUxNjhkMjE0YmZkNTdmMGY5
ZTkxMTkwHhcNMjUwMTAxMTk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTAyYjc0YjNiMDlmYTZmZmVlMzJlZWRjZGMwNjI4Y2U4ODk1YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrO9AVSFuEpY6F1w3ochhZ1tsoRa
XONcS5WYWOPkEO6Q0UJ3jibRmEBdj4EJIQVZNQb/0NWYZUznveepmSDX2bF9RnEZ
uttTOz/UNDQmvd/TCobhm+SRrgOKMXuwkgeAPJj24Rsjfuydj3WL7ULJ0styLLwc
EbSKsLkpUNIq8e9nXMgzQKkN6F1VwAWKKOx5qlo5uZwOcIZJQ0lYZxxtgdMR1GW2
FRNcv9gUlvKU9ImNQD08+iKH7ItPZF6k3qjXflYHvp1p4nCLPDJQxFe9y05Lp3Kx
cR/WXITh95WgQnJf/wl/BGZNll/iA6WSArbopZlooEzvNBwVnRBnGD7eCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUCt0s7Cfpv/uMu7c3AYozoiVsQMB8GA1UdIwQY
MBaAFMyqiHLCs/l0yVFo0hS/1X8PnpEZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvektxSWNzS3otWFRKVVdqU0ZMX1Zmdy1la1JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9mYTNjMGYtYzIzMi00NjQ0LWIyZjQt
ZTA0YzU4YTQxZjY2LzEvRlFLM1N6c0otbV8tNHk3dHpjQmlqT2lKV3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9mYTNjMGYtYzIzMi00NjQ0LWIyZjQtZTA0YzU4YTQxZjY2
LzEvektxSWNzS3otWFRKVVdqU0ZMX1Zmdy1la1JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj+MA0G
CSqGSIb3DQEBCwUAA4IBAQCKmtKln9Ob+qaXF5C0ZFgctBu4FBHQjGapAZyxf0Fl
TW+ICNIykFEJkGK06ERcQmRPBHE3NZNVPSCdRfEKeBZoRSGQKMysbmBOap/LUDUQ
zG57JuiRaTMhtsiSxcCgJSoXvz+AuFRnF5SggBLa//3bWFtWnnl8o9y/acEyujmt
z6e6BRPrpGUDwcE3CxADLTM48pyX73vihi9GqBWI1qhbD3RVqPGCgaeOJJLoJptL
St9jmV95y6V7xXGkjUa1zkzRc/q5TmxJyYyi+JIIhpIH5IE3yvH+5Bfzs1n7lcvc
Sn7gqMFeBHbp45Olpn1NZ0b91ae+YNtNn4JwHgwrsK52
-----END CERTIFICATE-----