Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/pPhTVlJLb86soqyySL-WWM5nGpo.roa
File:                     pPhTVlJLb86soqyySL-WWM5nGpo.roa (raw, json)
Hash identifier:          soRRZ5HHiA/a5SCZK0C4OU2YSKWcycTGQ/q5n+2Dcw8=
Subject key identifier:   A4:F8:53:56:52:4B:6F:CE:AC:A2:AC:B2:48:BF:96:58:CE:67:1A:9A
Certificate issuer:       /CN=453f8ca684037c5433a4b4406211b31d76e13eab
Certificate serial:       0194258F6B11E2FEB9B5DE992FF92F3CEF30
Authority key identifier: 45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/pPhTVlJLb86soqyySL-WWM5nGpo.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56704
IP address blocks:        31.15.112.0/21 maxlen: 21
                          185.154.116.0/22 maxlen: 24
                          2a03:eb80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6b:11:e2:fe:b9:b5:de:99:2f:f9:2f:3c:ef:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f8ca684037c5433a4b4406211b31d76e13eab
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f85356524b6fceaca2acb248bf9658ce671a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:10:37:15:9a:2c:37:65:40:57:30:04:f2:fb:
                    b6:cb:f6:da:64:67:47:c6:1a:63:99:fa:95:fd:f3:
                    02:83:57:fd:13:c8:f4:36:5f:49:b5:b8:bb:5c:4d:
                    d0:0c:89:15:d3:3e:70:1e:2d:20:51:f8:04:36:c2:
                    54:ce:83:a0:1a:b8:b9:77:71:53:fe:c6:9d:71:ac:
                    fe:8c:36:29:27:7e:e4:f4:04:50:db:1c:c8:da:70:
                    f6:88:08:bc:15:4e:2b:d7:e3:f4:21:39:3c:08:cb:
                    c6:8d:10:b9:43:6b:42:9e:f6:db:f2:00:3e:f9:46:
                    06:de:c6:19:f3:8c:0d:b5:d3:41:49:04:69:cc:1c:
                    ec:38:38:30:2c:13:14:84:fe:52:8b:7c:2c:49:bb:
                    fe:8e:de:1f:b1:2f:60:47:83:37:40:da:e8:95:ab:
                    f2:f6:4d:a8:df:a5:be:33:bc:f2:ac:ea:c6:29:ca:
                    4c:b7:f3:3d:ec:9b:fd:15:45:7a:61:9f:e3:1c:b2:
                    c1:6a:51:31:61:29:c7:4e:b5:b1:a8:d1:c2:de:bb:
                    14:7d:ba:0f:0e:8a:88:25:16:83:5d:4a:71:5f:2e:
                    92:8a:80:bc:75:66:fc:9c:cc:b5:11:e5:22:87:70:
                    5f:84:b1:36:45:62:cf:90:56:f3:33:30:3c:5c:24:
                    94:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F8:53:56:52:4B:6F:CE:AC:A2:AC:B2:48:BF:96:58:CE:67:1A:9A
            X509v3 Authority Key Identifier:
                keyid:45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/pPhTVlJLb86soqyySL-WWM5nGpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.112.0/21
                  185.154.116.0/22
                IPv6:
                  2a03:eb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:19:02:e0:16:a2:57:00:c7:76:0b:5d:58:95:3d:2a:df:ee:
         62:11:23:3a:90:1b:53:91:15:b3:99:3c:d5:54:7f:a1:0b:ef:
         60:10:31:c9:55:eb:bd:90:f5:2d:17:7b:cd:1b:52:a6:bb:42:
         6a:d8:8d:32:3e:8b:98:64:78:11:8f:f4:22:33:42:4a:d5:e8:
         bc:ad:f9:c0:5e:84:fe:87:b7:89:3e:9e:df:ef:7d:c2:91:0f:
         11:e9:ec:a2:8a:a3:fc:e6:1d:2f:f0:9c:31:e6:66:3f:54:44:
         8a:d2:7a:e6:7c:df:2b:c8:10:06:14:0e:35:a5:0f:f4:28:89:
         6a:9c:a2:05:53:bc:70:dd:b1:7d:33:c7:98:cd:6e:59:ab:81:
         1b:67:28:5f:f4:36:17:a5:01:1f:63:6d:ae:db:3c:bc:00:b9:
         80:d5:b3:2d:6f:71:bc:14:31:81:81:a1:0f:7d:10:b3:a4:45:
         49:5c:0b:c0:6f:bf:0c:24:3e:63:5e:c3:6a:5d:f1:f2:a1:39:
         de:f1:b4:31:13:9c:96:50:08:06:03:64:5c:91:92:5a:4d:28:
         7f:60:94:27:67:a0:9b:eb:88:b5:8b:b5:26:ff:be:27:53:24:
         db:c3:9c:18:fe:e3:6e:73:55:c0:24:27:53:35:da:d8:2c:34:
         f1:38:f3:06
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlj2sR4v65td6ZL/kvPO8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1M2Y4Y2E2ODQwMzdjNTQzM2E0YjQ0MDYyMTFiMzFkNzZl
MTNlYWIwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY4NTM1NjUyNGI2ZmNlYWNhMmFjYjI0OGJmOTY1OGNlNjcxYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBA3FZosN2VAVzAE8vu2y/baZGdH
xhpjmfqV/fMCg1f9E8j0Nl9Jtbi7XE3QDIkV0z5wHi0gUfgENsJUzoOgGri5d3FT
/sadcaz+jDYpJ37k9ARQ2xzI2nD2iAi8FU4r1+P0ITk8CMvGjRC5Q2tCnvbb8gA+
+UYG3sYZ84wNtdNBSQRpzBzsODgwLBMUhP5Si3wsSbv+jt4fsS9gR4M3QNrolavy
9k2o36W+M7zyrOrGKcpMt/M97Jv9FUV6YZ/jHLLBalExYSnHTrWxqNHC3rsUfboP
DoqIJRaDXUpxXy6SioC8dWb8nMy1EeUih3BfhLE2RWLPkFbzMzA8XCSUZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKT4U1ZSS2/OrKKsski/lljOZxqaMB8GA1UdIwQY
MBaAFEU/jKaEA3xUM6S0QGIRsx124T6rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlQtTXBvUURmRlF6cExSQVloR3pIWGJoUHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yZGMyMDgtNjkxMi00YTEyLThkYmIt
ZGJiNjlmMjg0ZjIzLzEvcFBoVFZsSkxiODZzb3F5eVNMLVdXTTVuR3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8yZGMyMDgtNjkxMi00YTEyLThkYmItZGJiNjlmMjg0ZjIz
LzEvUlQtTXBvUURmRlF6cExSQVloR3pIWGJoUHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHw9wAwQC
uZp0MA0EAgACMAcDBQAqA+uAMA0GCSqGSIb3DQEBCwUAA4IBAQB4GQLgFqJXAMd2
C11YlT0q3+5iESM6kBtTkRWzmTzVVH+hC+9gEDHJVeu9kPUtF3vNG1Kmu0Jq2I0y
PouYZHgRj/QiM0JK1ei8rfnAXoT+h7eJPp7f733CkQ8R6eyiiqP85h0v8Jwx5mY/
VESK0nrmfN8ryBAGFA41pQ/0KIlqnKIFU7xw3bF9M8eYzW5Zq4EbZyhf9DYXpQEf
Y22u2zy8ALmA1bMtb3G8FDGBgaEPfRCzpEVJXAvAb78MJD5jXsNqXfHyoTne8bQx
E5yWUAgGA2RckZJaTSh/YJQnZ6Cb64i1i7Um/74nUyTbw5wY/uNuc1XAJCdTNdrY
LDTxOPMG
-----END CERTIFICATE-----