Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/h31D8UJNE_u1sTKbKP1SFsGVcFY.roa
File:                     h31D8UJNE_u1sTKbKP1SFsGVcFY.roa (raw, json)
Hash identifier:          kwansroYJJGhl0jfhBp7y2GRUoE1YU2JrM6J/UDWiVQ=
Subject key identifier:   87:7D:43:F1:42:4D:13:FB:B5:B1:32:9B:28:FD:52:16:C1:95:70:56
Certificate issuer:       /CN=19f1a9dd126f37237ce200fb8616ff937bca966c
Certificate serial:       01942067F3448FAD94A817AB3D611076B704
Authority key identifier: 19:F1:A9:DD:12:6F:37:23:7C:E2:00:FB:86:16:FF:93:7B:CA:96:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/h31D8UJNE_u1sTKbKP1SFsGVcFY.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50941
IP address blocks:        37.152.79.0/24 maxlen: 24
                          85.95.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f3:44:8f:ad:94:a8:17:ab:3d:61:10:76:b7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19f1a9dd126f37237ce200fb8616ff937bca966c
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=877d43f1424d13fbb5b1329b28fd5216c1957056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f0:33:60:ce:85:3e:6c:84:77:87:89:65:97:
                    5b:e9:4a:43:b7:84:2a:3c:7d:b8:52:a9:89:63:25:
                    a7:1b:c0:45:cd:ff:2d:b7:d1:90:ec:cf:08:cd:08:
                    0f:3f:d0:22:d2:0d:a2:42:4c:98:e7:c3:09:1d:fc:
                    ab:45:6d:99:eb:c1:88:c8:d2:71:02:50:59:61:a7:
                    49:32:5a:eb:7e:7a:08:8a:33:ac:ae:0e:bd:16:87:
                    76:32:7d:b6:ad:39:e1:42:5e:16:fd:46:2e:12:43:
                    da:c2:05:1c:7d:55:79:e0:93:bd:45:91:15:06:26:
                    3b:26:bb:a0:24:40:e1:b4:fc:d8:0b:86:3b:f8:77:
                    d6:65:d6:72:35:54:32:7f:af:7e:41:02:20:fe:45:
                    73:62:5d:a2:25:69:00:c4:ac:e2:28:0b:d5:d6:e6:
                    61:56:4f:e1:b8:59:63:19:b5:0c:9e:ce:9a:ba:37:
                    db:48:ad:6e:63:49:5e:04:83:d1:2f:20:ad:23:ba:
                    a9:ba:39:4f:12:4d:50:0c:f2:93:76:54:13:2e:2f:
                    09:64:d6:3a:56:c9:3f:4d:d8:a5:f7:99:6b:6f:2a:
                    a3:be:f8:f1:c0:5f:97:ae:ea:be:0f:12:92:f5:2f:
                    b6:fc:38:e9:84:26:6e:0f:fa:0c:6e:83:09:6f:8f:
                    2a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:7D:43:F1:42:4D:13:FB:B5:B1:32:9B:28:FD:52:16:C1:95:70:56
            X509v3 Authority Key Identifier:
                keyid:19:F1:A9:DD:12:6F:37:23:7C:E2:00:FB:86:16:FF:93:7B:CA:96:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/h31D8UJNE_u1sTKbKP1SFsGVcFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.79.0/24
                  85.95.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:f9:1c:12:d8:bc:03:37:75:b5:b3:d4:a7:35:82:56:a5:c1:
         04:8e:0b:61:3c:f0:35:3c:2f:fa:22:dc:a5:a6:0d:95:eb:7b:
         8c:d3:ed:f6:97:44:08:3d:b0:52:21:6d:d9:72:06:d9:80:88:
         74:80:9b:61:97:b3:e1:31:c6:4b:c3:14:13:af:50:53:55:e7:
         ef:f5:4c:62:4d:b3:ea:5f:b7:3d:b6:aa:0e:e1:b6:6d:8a:44:
         9a:04:e1:7d:50:1e:ce:f2:d9:61:d6:7e:6d:9c:96:9d:83:4f:
         18:8a:49:94:0b:2e:e2:b7:1e:cc:72:b8:b4:9d:76:11:05:97:
         7a:90:4e:85:4e:94:42:73:03:39:05:54:80:72:2a:bd:d2:75:
         17:3d:bc:f6:5e:8a:e0:1d:9e:85:ef:9e:4e:47:8d:df:5f:9f:
         b7:b8:97:07:26:0c:71:17:18:6a:ec:bc:0f:5f:9f:45:c6:0c:
         6f:b1:af:28:2f:79:30:d2:55:22:f0:0b:f1:9b:c2:8e:88:e8:
         bd:f7:17:88:3b:4d:80:56:24:76:3a:6b:5d:5f:e5:17:cc:59:
         b4:48:cb:17:4d:79:93:dd:6c:50:09:ca:2d:60:81:a4:9d:f2:
         f2:de:97:03:13:4f:8e:a6:88:df:ec:64:01:f2:4f:cd:39:bd:
         73:16:63:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgZ/NEj62UqBerPWEQdrcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZjFhOWRkMTI2ZjM3MjM3Y2UyMDBmYjg2MTZmZjkzN2Jj
YTk2NmMwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzdkNDNmMTQyNGQxM2ZiYjViMTMyOWIyOGZkNTIxNmMxOTU3MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfAzYM6FPmyEd4eJZZdb6UpDt4Qq
PH24UqmJYyWnG8BFzf8tt9GQ7M8IzQgPP9Ai0g2iQkyY58MJHfyrRW2Z68GIyNJx
AlBZYadJMlrrfnoIijOsrg69Fod2Mn22rTnhQl4W/UYuEkPawgUcfVV54JO9RZEV
BiY7JrugJEDhtPzYC4Y7+HfWZdZyNVQyf69+QQIg/kVzYl2iJWkAxKziKAvV1uZh
Vk/huFljGbUMns6aujfbSK1uY0leBIPRLyCtI7qpujlPEk1QDPKTdlQTLi8JZNY6
Vsk/Tdil95lrbyqjvvjxwF+Xruq+DxKS9S+2/DjphCZuD/oMboMJb48qgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFId9Q/FCTRP7tbEymyj9UhbBlXBWMB8GA1UdIwQY
MBaAFBnxqd0SbzcjfOIA+4YW/5N7ypZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZHcDNSSnZOeU44NGdEN2hoYl9rM3ZLbG13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE2M2QtMTczMC00ZDg4LWFiMzgt
M2ZkMzA5ODhmNjc3LzEvaDMxRDhVSk5FX3Uxc1RLYktQMVNGc0dWY0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE2M2QtMTczMC00ZDg4LWFiMzgtM2ZkMzA5ODhmNjc3
LzEvR2ZHcDNSSnZOeU44NGdEN2hoYl9rM3ZLbG13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJZhPAwQA
VV//MA0GCSqGSIb3DQEBCwUAA4IBAQCh+RwS2LwDN3W1s9SnNYJWpcEEjgthPPA1
PC/6Itylpg2V63uM0+32l0QIPbBSIW3ZcgbZgIh0gJthl7PhMcZLwxQTr1BTVefv
9UxiTbPqX7c9tqoO4bZtikSaBOF9UB7O8tlh1n5tnJadg08YikmUCy7itx7Mcri0
nXYRBZd6kE6FTpRCcwM5BVSAciq90nUXPbz2XorgHZ6F755OR43fX5+3uJcHJgxx
Fxhq7LwPX59Fxgxvsa8oL3kw0lUi8Avxm8KOiOi99xeIO02AViR2OmtdX+UXzFm0
SMsXTXmT3WxQCcotYIGknfLy3pcDE0+Opojf7GQB8k/NOb1zFmNG
-----END CERTIFICATE-----