Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/gdNItxWNsM4KiGU05OylhksApCc.roa
File:                     gdNItxWNsM4KiGU05OylhksApCc.roa (raw, json)
Hash identifier:          WiPvUqderzx9CicZMrqZIDKRBrczrFFx57GnwN1V0lI=
Subject key identifier:   81:D3:48:B7:15:8D:B0:CE:0A:88:65:34:E4:EC:A5:86:4B:00:A4:27
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       019425FC3FC2910200603A923B15F4BA2F0F
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/gdNItxWNsM4KiGU05OylhksApCc.roa
Signing time:             Thu 02 Jan 2025 07:47:55 +0000
ROA not before:           Thu 02 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204817
IP address blocks:        31.222.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3f:c2:91:02:00:60:3a:92:3b:15:f4:ba:2f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Jan  2 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81d348b7158db0ce0a886534e4eca5864b00a427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:71:ec:c5:1f:af:b7:1f:21:a4:96:79:60:c7:
                    b2:d7:bf:4a:9d:1b:e1:c4:e6:f6:f3:bd:34:86:49:
                    52:75:9e:53:68:5e:77:5f:cb:20:37:a9:03:da:bd:
                    19:99:d8:cb:1b:79:44:0d:6a:bf:fe:78:33:ba:f5:
                    ef:10:62:13:2b:93:ea:68:5e:a8:a1:c0:9f:70:53:
                    ba:16:8e:ff:4e:f2:7a:eb:ef:f2:07:c6:29:5b:9f:
                    52:bf:4a:27:29:d5:53:0b:95:98:92:0b:83:2c:81:
                    17:ee:6a:e8:35:ba:ed:00:2e:dd:05:38:c8:ca:47:
                    4c:fa:1b:ce:b8:57:a2:30:92:7d:bf:18:b8:71:fd:
                    1f:e9:fd:4f:a6:8a:8b:43:84:73:8c:16:ae:ee:2a:
                    4e:bd:72:3e:66:37:bd:c6:10:14:c4:67:32:6d:c2:
                    1e:65:60:92:06:dd:49:73:5c:fe:01:71:05:6f:ec:
                    ff:b7:6c:05:3c:d9:67:3c:c8:37:07:cc:ff:63:aa:
                    6d:d9:70:f1:0c:d6:97:b8:e6:10:91:63:9a:bd:72:
                    b6:8a:7c:0a:fa:43:a1:b9:c2:dd:7e:ab:94:2b:10:
                    b4:ea:ba:d9:f3:12:b8:5d:b5:99:d3:2a:ab:fd:cd:
                    98:2c:96:54:9b:ee:e0:70:c5:7f:a4:78:49:f5:b4:
                    52:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D3:48:B7:15:8D:B0:CE:0A:88:65:34:E4:EC:A5:86:4B:00:A4:27
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/gdNItxWNsM4KiGU05OylhksApCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d0:4c:a9:a0:d1:e2:af:e4:6f:90:1f:dd:fb:ea:a6:34:9a:
         03:2e:cd:b1:e3:e7:a9:9e:16:a8:8d:0f:f2:06:ba:4f:08:b1:
         42:e6:90:09:15:f5:49:29:24:3b:07:47:54:1d:48:f0:db:b0:
         75:83:c4:ca:e4:9d:44:39:e9:f0:51:1e:1f:29:1a:88:15:87:
         ed:28:be:88:91:54:73:45:1e:27:8f:9a:5c:f5:b2:c5:47:b7:
         76:f1:72:b9:1a:33:69:19:c7:92:d4:a3:c0:e8:e8:54:35:74:
         10:38:dd:cd:e6:f4:21:8b:01:27:0f:1b:29:55:e8:0b:98:cb:
         cb:78:c1:5b:e0:13:ad:83:92:69:eb:85:ba:08:05:ad:a5:f8:
         13:0c:f8:b2:a5:5a:6e:9a:41:f0:75:86:75:a3:bf:85:98:e3:
         a1:9a:bc:2f:66:3a:8d:40:37:d2:5e:5a:47:da:e1:fe:1a:fd:
         66:63:8d:f6:38:59:36:e8:27:8a:4d:8b:a0:23:6f:15:38:b5:
         bb:d0:2a:d0:b3:6b:0a:c5:c0:c2:ce:4e:c6:32:29:0f:b1:9f:
         5a:f2:55:4d:cd:7f:22:78:1b:8b:aa:39:cc:c8:28:65:ce:66:
         78:50:bd:4b:a9:6b:f6:01:12:c8:84:61:8e:32:ed:bc:d5:e5:
         95:4c:cb:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/D/CkQIAYDqSOxX0ui8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjUwMTAyMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQzNDhiNzE1OGRiMGNlMGE4ODY1MzRlNGVjYTU4NjRiMDBhNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3HsxR+vtx8hpJZ5YMey179KnRvh
xOb28700hklSdZ5TaF53X8sgN6kD2r0ZmdjLG3lEDWq//ngzuvXvEGITK5PqaF6o
ocCfcFO6Fo7/TvJ66+/yB8YpW59Sv0onKdVTC5WYkguDLIEX7mroNbrtAC7dBTjI
ykdM+hvOuFeiMJJ9vxi4cf0f6f1PpoqLQ4RzjBau7ipOvXI+Zje9xhAUxGcybcIe
ZWCSBt1Jc1z+AXEFb+z/t2wFPNlnPMg3B8z/Y6pt2XDxDNaXuOYQkWOavXK2inwK
+kOhucLdfquUKxC06rrZ8xK4XbWZ0yqr/c2YLJZUm+7gcMV/pHhJ9bRSkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHTSLcVjbDOCohlNOTspYZLAKQnMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvZ2ROSXR4V05zTTRLaUdVMDVPeWxoa3NBcENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH95bMA0G
CSqGSIb3DQEBCwUAA4IBAQCB0EypoNHir+RvkB/d++qmNJoDLs2x4+epnhaojQ/y
BrpPCLFC5pAJFfVJKSQ7B0dUHUjw27B1g8TK5J1EOenwUR4fKRqIFYftKL6IkVRz
RR4nj5pc9bLFR7d28XK5GjNpGceS1KPA6OhUNXQQON3N5vQhiwEnDxspVegLmMvL
eMFb4BOtg5Jp64W6CAWtpfgTDPiypVpumkHwdYZ1o7+FmOOhmrwvZjqNQDfSXlpH
2uH+Gv1mY432OFk26CeKTYugI28VOLW70CrQs2sKxcDCzk7GMikPsZ9a8lVNzX8i
eBuLqjnMyChlzmZ4UL1LqWv2ARLIhGGOMu281eWVTMu4
-----END CERTIFICATE-----