Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/52260QRoB-4_m-PMGSxSH2oOuyo.roa
File:                     52260QRoB-4_m-PMGSxSH2oOuyo.roa (raw, json)
Hash identifier:          6qYOemPkovWo55Sz1b7HL6924u9s4+Obo/QDkX1RaK8=
Subject key identifier:   E7:6D:BA:D1:04:68:07:EE:3F:9B:E3:CC:19:2C:52:1F:6A:0E:BB:2A
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018DC684FB285D13A478ADFA768A970086E7
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/52260QRoB-4_m-PMGSxSH2oOuyo.roa
Signing time:             Tue 20 Feb 2024 12:37:00 +0000
ROA not before:           Tue 20 Feb 2024 12:37:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        31.43.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:84:fb:28:5d:13:a4:78:ad:fa:76:8a:97:00:86:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Feb 20 12:37:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e76dbad1046807ee3f9be3cc192c521f6a0ebb2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:83:8d:ff:83:d0:89:04:de:bc:3b:b2:2a:8b:
                    3b:ea:a2:c1:23:fe:a2:f4:39:ac:52:a4:1d:39:a8:
                    e0:13:d2:31:0a:7f:36:d3:ad:10:e0:52:94:81:f5:
                    e2:b1:58:1d:4d:ff:c6:50:8b:20:cc:5e:6f:20:58:
                    ae:50:40:31:d9:bf:1b:f8:2c:9b:81:a9:b2:47:1f:
                    9d:67:7d:4a:2f:66:25:d5:1a:d8:29:64:5a:4b:71:
                    91:4a:a2:4a:ed:b6:eb:d1:ec:29:75:fc:e3:63:03:
                    74:f9:6b:36:81:14:09:c2:f4:31:49:b8:f1:b9:60:
                    68:cd:43:d4:3e:f3:9b:50:14:87:c5:69:4c:50:62:
                    37:d3:f0:13:86:4c:ab:d2:6e:bb:d6:7e:18:72:5a:
                    58:24:c8:a0:7c:b6:75:db:38:f9:ca:51:de:2c:02:
                    71:7f:d4:df:79:e1:67:4f:88:9a:54:ad:b7:10:7d:
                    0c:5b:a6:e0:28:93:69:a2:94:8f:1b:57:6a:ca:dc:
                    45:20:8b:5f:95:86:3b:e1:bf:27:54:0a:99:c3:f9:
                    8f:19:5c:22:f0:59:d8:9a:93:83:ef:cc:80:22:ef:
                    a7:fd:2f:30:39:e1:3b:ab:86:8a:7a:d2:bb:23:76:
                    2a:12:1e:b6:37:35:53:9d:58:21:1d:79:3b:67:a6:
                    3c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6D:BA:D1:04:68:07:EE:3F:9B:E3:CC:19:2C:52:1F:6A:0E:BB:2A
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/52260QRoB-4_m-PMGSxSH2oOuyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fe:3f:10:80:62:34:ad:4e:44:5c:6f:9b:af:a7:d2:53:de:
         f0:7f:c6:c1:e8:5e:92:6a:7c:96:59:c4:fe:29:15:e3:8d:df:
         bf:79:9d:42:2f:50:3b:88:b3:2b:d5:a3:44:19:c0:1e:bf:4e:
         a2:e3:b0:c5:a0:db:fd:e5:4d:ea:6f:26:f0:5e:dc:d3:99:93:
         b9:ec:92:3b:46:8c:62:60:a9:88:ab:11:83:27:2a:dd:5a:8f:
         c6:74:7f:cd:44:94:99:38:01:84:67:2f:da:e2:3d:39:d7:33:
         85:83:6a:ba:e4:04:d8:e4:4d:e9:e0:ad:eb:2d:de:c8:af:5e:
         40:c7:92:55:ba:e4:9b:90:a6:e1:e1:71:0e:fb:4a:ee:59:30:
         25:e4:9d:5c:9b:12:77:aa:6a:5d:da:59:64:f0:41:37:c6:89:
         ae:86:a6:19:73:9b:b7:e3:56:70:d1:7b:41:e5:51:42:29:8b:
         42:cf:a0:80:3e:5e:b1:e3:77:12:ea:78:24:68:f2:d1:10:51:
         3a:30:0d:00:81:29:2f:d3:85:58:ab:eb:ea:65:92:e9:e4:34:
         3b:b9:7c:ae:3a:a5:d6:f4:f9:f5:51:06:e9:b7:d6:13:36:c8:
         f9:5d:a7:7a:cf:41:51:bb:e0:9c:03:93:99:e9:6e:b3:70:ce:
         6a:61:b5:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3GhPsoXROkeK36doqXAIbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwMjIwMTIzNzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZkYmFkMTA0NjgwN2VlM2Y5YmUzY2MxOTJjNTIxZjZhMGViYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4ON/4PQiQTevDuyKos76qLBI/6i
9DmsUqQdOajgE9IxCn82060Q4FKUgfXisVgdTf/GUIsgzF5vIFiuUEAx2b8b+Cyb
gamyRx+dZ31KL2Yl1RrYKWRaS3GRSqJK7bbr0ewpdfzjYwN0+Ws2gRQJwvQxSbjx
uWBozUPUPvObUBSHxWlMUGI30/AThkyr0m671n4YclpYJMigfLZ12zj5ylHeLAJx
f9TfeeFnT4iaVK23EH0MW6bgKJNpopSPG1dqytxFIItflYY74b8nVAqZw/mPGVwi
8FnYmpOD78yAIu+n/S8wOeE7q4aKetK7I3YqEh62NzVTnVghHXk7Z6Y8/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdtutEEaAfuP5vjzBksUh9qDrsqMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvNTIyNjBRUm9CLTRfbS1QTUdTeFNIMm9PdXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyumMA0G
CSqGSIb3DQEBCwUAA4IBAQA4/j8QgGI0rU5EXG+br6fSU97wf8bB6F6SanyWWcT+
KRXjjd+/eZ1CL1A7iLMr1aNEGcAev06i47DFoNv95U3qbybwXtzTmZO57JI7Roxi
YKmIqxGDJyrdWo/GdH/NRJSZOAGEZy/a4j051zOFg2q65ATY5E3p4K3rLd7Ir15A
x5JVuuSbkKbh4XEO+0ruWTAl5J1cmxJ3qmpd2llk8EE3xomuhqYZc5u341Zw0XtB
5VFCKYtCz6CAPl6x43cS6ngkaPLREFE6MA0AgSkv04VYq+vqZZLp5DQ7uXyuOqXW
9Pn1UQbpt9YTNsj5Xad6z0FRu+CcA5OZ6W6zcM5qYbUn
-----END CERTIFICATE-----