Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/Z7fNj1YJ8aSn3r_MEyl5vIDYUPE.roa
File:                     Z7fNj1YJ8aSn3r_MEyl5vIDYUPE.roa (raw, json)
Hash identifier:          WsvnlIuXrT6wZCrahcudQBBAK43k6FKEOxnr2kwJ0Ew=
Subject key identifier:   67:B7:CD:8F:56:09:F1:A4:A7:DE:BF:CC:13:29:79:BC:80:D8:50:F1
Certificate issuer:       /CN=79b6ceac5d42a637f36ba1e3fdae90ad5fee2cff
Certificate serial:       019631008491DF3EAB44485205D874FAF5D9
Authority key identifier: 79:B6:CE:AC:5D:42:A6:37:F3:6B:A1:E3:FD:AE:90:AD:5F:EE:2C:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/Z7fNj1YJ8aSn3r_MEyl5vIDYUPE.roa
Signing time:             Sun 13 Apr 2025 21:13:59 +0000
ROA not before:           Sun 13 Apr 2025 21:13:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209733
IP address blocks:        31.24.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:31:00:84:91:df:3e:ab:44:48:52:05:d8:74:fa:f5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79b6ceac5d42a637f36ba1e3fdae90ad5fee2cff
        Validity
            Not Before: Apr 13 21:13:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67b7cd8f5609f1a4a7debfcc132979bc80d850f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c1:f1:ba:23:24:63:7b:e3:b6:92:44:9a:37:
                    8a:57:0d:56:5c:7f:6b:9f:7f:93:8a:23:5a:cf:db:
                    35:48:ce:45:71:55:8c:53:8a:c4:c3:7e:87:61:fb:
                    d9:66:45:eb:75:9d:00:c6:37:bb:a3:81:6a:04:af:
                    1c:9a:9e:f8:9d:ef:40:d2:4e:1e:ef:10:21:d1:e1:
                    c5:45:a9:32:c3:0e:99:dd:52:55:31:7e:c0:38:d9:
                    6f:ca:fd:d1:cf:f0:9a:ee:81:00:c1:5a:37:af:a2:
                    18:e6:06:04:cd:a2:0c:e1:22:0b:5b:3f:2d:0c:72:
                    bd:42:f9:d5:80:18:61:55:59:8a:84:6d:52:72:7d:
                    90:f6:7a:3c:00:06:07:dd:4e:23:a7:f9:e8:d0:90:
                    4f:fb:80:6e:f4:9a:2d:df:eb:63:aa:30:e1:b4:e8:
                    95:c3:af:98:02:d1:66:e4:32:3d:e5:c7:0f:c0:43:
                    98:5d:33:3a:b9:25:de:4b:5d:60:b7:77:e6:da:b0:
                    08:25:83:30:b3:35:02:92:ef:59:8a:5d:eb:e7:dc:
                    34:fe:fa:c5:ef:a7:bf:4a:78:af:08:a9:40:93:98:
                    ad:02:ca:1c:27:c8:93:b0:5f:ec:19:e4:8a:4a:a6:
                    cc:d1:b5:cb:cb:78:30:54:e1:07:fc:31:37:1d:ea:
                    9b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:B7:CD:8F:56:09:F1:A4:A7:DE:BF:CC:13:29:79:BC:80:D8:50:F1
            X509v3 Authority Key Identifier:
                keyid:79:B6:CE:AC:5D:42:A6:37:F3:6B:A1:E3:FD:AE:90:AD:5F:EE:2C:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/Z7fNj1YJ8aSn3r_MEyl5vIDYUPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a7d421-e8cd-4929-aed0-4fe3f61110de/1/ebbOrF1Cpjfza6Hj_a6QrV_uLP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b0:04:7d:91:3a:d0:1f:9b:39:09:0d:e4:54:6c:a9:3a:05:
         82:b7:63:bf:9e:2c:b2:b0:b5:1a:5c:b9:09:2e:24:ec:ca:78:
         f5:3b:9b:3e:5c:a5:81:c3:7e:3f:e5:92:25:af:77:1c:c9:05:
         b4:90:30:d8:f4:69:c9:22:a7:08:b6:ab:37:1b:48:28:20:5f:
         67:26:c0:56:40:5b:c1:da:85:ce:09:9a:cb:dd:60:04:ca:d0:
         57:ee:a5:92:12:60:6a:de:e1:c6:3a:c2:2e:fd:56:c4:f5:3c:
         cb:0c:0c:c3:63:22:96:47:3e:23:b1:b6:d6:07:e3:65:08:8a:
         c4:65:12:49:b6:26:61:5f:1e:15:92:e5:86:c4:9c:fa:8d:db:
         8a:a8:e5:f5:2f:37:33:9d:e0:0a:27:bb:80:cf:85:b9:d2:d5:
         44:86:54:87:08:da:6f:90:0c:0e:30:f3:97:ae:4e:6e:ff:70:
         a1:26:aa:76:f7:fe:aa:9e:ac:fd:6f:5e:5c:a5:ad:e1:82:00:
         4f:cd:12:d7:d5:9f:12:6f:51:83:38:e5:bc:e4:9c:f7:50:57:
         cb:13:b5:33:b2:5c:50:02:a6:34:17:e2:b8:0b:64:2e:51:28:
         10:8d:ed:3c:22:4e:65:a9:6f:a2:a7:56:ef:d8:f5:b9:ed:64:
         e1:fc:6d:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYxAISR3z6rREhSBdh0+vXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YjZjZWFjNWQ0MmE2MzdmMzZiYTFlM2ZkYWU5MGFkNWZl
ZTJjZmYwHhcNMjUwNDEzMjExMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2I3Y2Q4ZjU2MDlmMWE0YTdkZWJmY2MxMzI5NzliYzgwZDg1MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsHxuiMkY3vjtpJEmjeKVw1WXH9r
n3+TiiNaz9s1SM5FcVWMU4rEw36HYfvZZkXrdZ0Axje7o4FqBK8cmp74ne9A0k4e
7xAh0eHFRakyww6Z3VJVMX7AONlvyv3Rz/Ca7oEAwVo3r6IY5gYEzaIM4SILWz8t
DHK9QvnVgBhhVVmKhG1Scn2Q9no8AAYH3U4jp/no0JBP+4Bu9Jot3+tjqjDhtOiV
w6+YAtFm5DI95ccPwEOYXTM6uSXeS11gt3fm2rAIJYMwszUCku9Zil3r59w0/vrF
76e/SnivCKlAk5itAsocJ8iTsF/sGeSKSqbM0bXLy3gwVOEH/DE3HeqbjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGe3zY9WCfGkp96/zBMpebyA2FDxMB8GA1UdIwQY
MBaAFHm2zqxdQqY382uh4/2ukK1f7iz/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWJiT3JGMUNwamZ6YTZIal9hNlFyVl91TFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hN2Q0MjEtZThjZC00OTI5LWFlZDAt
NGZlM2Y2MTExMGRlLzEvWjdmTmoxWUo4YVNuM3JfTUV5bDV2SURZVVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hN2Q0MjEtZThjZC00OTI5LWFlZDAtNGZlM2Y2MTExMGRl
LzEvZWJiT3JGMUNwamZ6YTZIal9hNlFyVl91TFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj8MA0G
CSqGSIb3DQEBCwUAA4IBAQCJsAR9kTrQH5s5CQ3kVGypOgWCt2O/niyysLUaXLkJ
LiTsynj1O5s+XKWBw34/5ZIlr3ccyQW0kDDY9GnJIqcItqs3G0goIF9nJsBWQFvB
2oXOCZrL3WAEytBX7qWSEmBq3uHGOsIu/VbE9TzLDAzDYyKWRz4jsbbWB+NlCIrE
ZRJJtiZhXx4VkuWGxJz6jduKqOX1LzczneAKJ7uAz4W50tVEhlSHCNpvkAwOMPOX
rk5u/3ChJqp29/6qnqz9b15cpa3hggBPzRLX1Z8Sb1GDOOW85Jz3UFfLE7UzslxQ
AqY0F+K4C2QuUSgQje08Ik5lqW+ip1bv2PW57WTh/G1n
-----END CERTIFICATE-----