Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/qHOxf7Ag_8u24Noxu2kog83ptRg.roa
File:                     qHOxf7Ag_8u24Noxu2kog83ptRg.roa (raw, json)
Hash identifier:          oxynD/JaNR7ZZdHYCXCJyIHb4WE74vGw/oNyjiWqUm4=
Subject key identifier:   A8:73:B1:7F:B0:20:FF:CB:B6:E0:DA:31:BB:69:28:83:CD:E9:B5:18
Certificate issuer:       /CN=2dea78b12d435b97defbf92c74265c3433bbd029
Certificate serial:       019425FBF5842F71103A93837F4325DF2502
Authority key identifier: 2D:EA:78:B1:2D:43:5B:97:DE:FB:F9:2C:74:26:5C:34:33:BB:D0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/qHOxf7Ag_8u24Noxu2kog83ptRg.roa
Signing time:             Thu 02 Jan 2025 07:47:36 +0000
ROA not before:           Thu 02 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42668
IP address blocks:        31.134.128.0/18 maxlen: 18
                          89.107.11.0/24 maxlen: 24
                          89.223.32.0/19 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f5:84:2f:71:10:3a:93:83:7f:43:25:df:25:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dea78b12d435b97defbf92c74265c3433bbd029
        Validity
            Not Before: Jan  2 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a873b17fb020ffcbb6e0da31bb692883cde9b518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:00:5d:7d:bb:54:e3:36:0e:32:ec:51:23:8c:
                    5e:87:46:63:59:98:07:60:26:ab:22:d2:d0:f0:6f:
                    ce:2f:d0:0e:6e:14:54:4a:ed:c9:3f:7c:d3:c6:12:
                    ea:f1:45:d4:99:97:ae:8c:cd:4e:49:97:28:53:1f:
                    46:d8:04:ca:19:bc:c8:2d:b0:5d:44:e0:75:85:0b:
                    7a:1c:61:b4:d1:88:70:49:80:06:94:12:5b:80:10:
                    c5:59:44:5d:fd:a1:af:2a:7f:9b:69:4d:d5:ca:9f:
                    27:0f:19:7c:a6:03:8e:48:2e:ee:1c:be:05:b2:df:
                    3f:a3:d2:77:19:18:7d:91:65:1b:96:fa:43:06:ed:
                    37:88:01:a7:06:81:aa:66:22:dc:f9:37:99:8f:11:
                    55:83:fc:37:86:5a:b7:bc:c8:c6:7a:82:97:0d:26:
                    e4:76:ab:3f:33:70:2b:54:a0:f0:62:55:09:41:0c:
                    14:9a:85:ce:ff:0c:c6:fd:57:54:fd:b6:69:4f:89:
                    55:2c:93:9b:ee:7e:a1:a1:74:29:4b:13:ef:d3:fc:
                    0a:d9:f8:8d:ee:e7:92:69:87:b2:fb:96:44:ff:77:
                    c8:0a:83:51:f7:fe:83:82:c4:cc:79:40:3c:2a:bd:
                    d1:c1:03:da:40:15:15:b9:81:01:c4:b7:d7:b4:b2:
                    3a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:73:B1:7F:B0:20:FF:CB:B6:E0:DA:31:BB:69:28:83:CD:E9:B5:18
            X509v3 Authority Key Identifier:
                keyid:2D:EA:78:B1:2D:43:5B:97:DE:FB:F9:2C:74:26:5C:34:33:BB:D0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lep4sS1DW5fe-_ksdCZcNDO70Ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/qHOxf7Ag_8u24Noxu2kog83ptRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/96faed-87c0-4b00-8178-a1dcc3fb9a4f/1/Lep4sS1DW5fe-_ksdCZcNDO70Ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.128.0/18
                  89.107.11.0/24
                  89.223.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         75:8b:1b:b2:f2:38:ce:e8:a6:f8:56:0d:c7:7f:b0:c1:b5:b0:
         67:46:66:e9:80:c2:b6:c8:96:7d:07:c0:22:c0:3a:59:dd:5b:
         a9:34:e7:d8:0b:8b:d3:b5:43:01:6c:6e:b7:43:e5:89:66:48:
         41:92:9c:de:31:96:af:0e:92:86:f3:91:b0:4d:96:d7:28:a3:
         c6:c5:4b:45:1f:9d:d4:a3:e2:9b:54:49:48:5c:06:55:77:4f:
         77:6d:b8:2f:fd:30:98:12:d9:43:84:41:67:de:93:bd:ae:0d:
         39:9d:9d:d3:27:51:ac:2a:c2:e4:08:84:fd:9a:22:0a:33:eb:
         e7:47:53:84:15:d2:02:bd:07:f1:50:fa:de:1d:13:d3:c0:21:
         e0:e8:20:71:a2:65:c6:8d:98:f5:30:4c:26:fc:10:45:2a:58:
         b7:9c:d9:84:44:85:c8:f0:1f:d7:fa:04:9f:9b:54:40:d3:eb:
         93:28:33:2b:be:88:2e:60:0b:11:dd:81:c1:54:85:83:8f:1b:
         a4:3d:8f:ac:9b:76:96:c8:55:16:01:27:53:60:3e:80:71:45:
         ed:b4:63:e9:74:0d:0f:d9:d9:ab:a9:58:7c:2d:ee:9d:7a:f8:
         28:c7:a1:56:9c:f5:a8:1c:e5:12:0f:6e:32:ea:68:20:a9:ff:
         fc:8b:5e:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl+/WEL3EQOpODf0Ml3yUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZWE3OGIxMmQ0MzViOTdkZWZiZjkyYzc0MjY1YzM0MzNi
YmQwMjkwHhcNMjUwMTAyMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODczYjE3ZmIwMjBmZmNiYjZlMGRhMzFiYjY5Mjg4M2NkZTliNTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQBdfbtU4zYOMuxRI4xeh0ZjWZgH
YCarItLQ8G/OL9AObhRUSu3JP3zTxhLq8UXUmZeujM1OSZcoUx9G2ATKGbzILbBd
ROB1hQt6HGG00YhwSYAGlBJbgBDFWURd/aGvKn+baU3Vyp8nDxl8pgOOSC7uHL4F
st8/o9J3GRh9kWUblvpDBu03iAGnBoGqZiLc+TeZjxFVg/w3hlq3vMjGeoKXDSbk
dqs/M3ArVKDwYlUJQQwUmoXO/wzG/VdU/bZpT4lVLJOb7n6hoXQpSxPv0/wK2fiN
7ueSaYey+5ZE/3fICoNR9/6DgsTMeUA8Kr3RwQPaQBUVuYEBxLfXtLI6PwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKhzsX+wIP/LtuDaMbtpKIPN6bUYMB8GA1UdIwQY
MBaAFC3qeLEtQ1uX3vv5LHQmXDQzu9ApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGVwNHNTMURXNWZlLV9rc2RDWmNORE83MENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85NmZhZWQtODdjMC00YjAwLTgxNzgt
YTFkY2MzZmI5YTRmLzEvcUhPeGY3QWdfOHUyNE5veHUya29nODNwdFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85NmZhZWQtODdjMC00YjAwLTgxNzgtYTFkY2MzZmI5YTRm
LzEvTGVwNHNTMURXNWZlLV9rc2RDWmNORE83MENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGH4aAAwQA
WWsLAwQFWd8gMA0GCSqGSIb3DQEBCwUAA4IBAQB1ixuy8jjO6Kb4Vg3Hf7DBtbBn
RmbpgMK2yJZ9B8AiwDpZ3VupNOfYC4vTtUMBbG63Q+WJZkhBkpzeMZavDpKG85Gw
TZbXKKPGxUtFH53Uo+KbVElIXAZVd093bbgv/TCYEtlDhEFn3pO9rg05nZ3TJ1Gs
KsLkCIT9miIKM+vnR1OEFdICvQfxUPreHRPTwCHg6CBxomXGjZj1MEwm/BBFKli3
nNmERIXI8B/X+gSfm1RA0+uTKDMrvoguYAsR3YHBVIWDjxukPY+sm3aWyFUWASdT
YD6AcUXttGPpdA0P2dmrqVh8Le6devgox6FWnPWoHOUSD24y6mggqf/8i17c
-----END CERTIFICATE-----