Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/SFJQLYtyuvLa-Z-_p6GETmClzzQ.roa
File:                     SFJQLYtyuvLa-Z-_p6GETmClzzQ.roa (raw, json)
Hash identifier:          TpY/D4v+35T3Gg8FMD0C6YxKf8fx/yuDpF1EWp6QNws=
Subject key identifier:   48:52:50:2D:8B:72:BA:F2:DA:F9:9F:BF:A7:A1:84:4E:60:A5:CF:34
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       01942067B957333240451B5A1478F1EFA378
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/SFJQLYtyuvLa-Z-_p6GETmClzzQ.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        31.43.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:b9:57:33:32:40:45:1b:5a:14:78:f1:ef:a3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4852502d8b72baf2daf99fbfa7a1844e60a5cf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f9:56:41:2e:7e:80:1d:01:b0:28:87:a4:86:
                    f0:72:ef:c7:ef:35:75:00:3e:bc:62:78:42:0b:b9:
                    d9:37:f6:3d:95:b8:4c:1b:e3:a2:1c:2f:d1:13:7d:
                    1b:99:c5:2c:1f:28:eb:73:cb:f0:ac:97:18:e1:79:
                    ed:32:ae:9d:a1:63:68:82:1e:00:c3:ef:2a:35:27:
                    13:6d:ae:b5:fe:47:63:2c:39:43:5d:c9:64:d3:5e:
                    23:ed:9b:42:f7:0a:2b:1e:6d:90:2c:36:fb:a9:70:
                    19:b5:46:b8:fc:ee:41:4a:c7:f4:3c:49:3c:60:39:
                    c8:ff:94:66:52:52:f6:af:f4:6b:f1:ab:73:f8:3a:
                    00:b1:db:98:49:f2:72:47:1e:88:44:a3:6c:b1:dd:
                    69:e2:fa:c5:64:39:e4:da:fd:b3:cf:4e:27:9b:47:
                    ac:c3:96:64:cd:f2:d1:90:64:20:8a:ad:8f:dd:ee:
                    41:c9:76:7c:d7:9c:ec:84:c1:7f:17:d2:69:55:26:
                    6b:34:09:50:3a:ae:28:c1:03:4d:a7:48:d4:85:eb:
                    82:b9:af:d6:19:89:e4:c5:87:42:35:79:49:9a:d7:
                    24:2a:17:76:28:cd:47:37:ba:02:cd:13:84:50:a1:
                    ee:74:03:1e:fb:a1:36:22:85:7b:b0:c0:cf:bc:8f:
                    ab:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:52:50:2D:8B:72:BA:F2:DA:F9:9F:BF:A7:A1:84:4E:60:A5:CF:34
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/SFJQLYtyuvLa-Z-_p6GETmClzzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:85:f7:b0:22:0e:1d:c2:7d:0c:ed:43:a0:dd:55:39:bb:0a:
         0e:92:af:18:c4:f5:b7:43:e3:e2:ca:c2:41:c8:a7:fb:34:8c:
         79:41:ef:b7:a0:cd:6c:94:e8:e8:99:ea:9a:68:2c:1f:af:c7:
         b9:5a:5a:5e:56:e6:ec:f8:40:8e:7c:44:34:71:cc:64:cb:42:
         7f:89:33:d8:6e:9e:c8:7d:3d:29:db:75:ca:ee:5c:21:d5:5e:
         89:ed:ae:83:d2:32:e6:af:17:4a:84:ab:7b:3a:ef:2e:62:21:
         37:ed:c2:ba:e3:1c:00:e3:42:28:66:74:14:df:58:11:ac:dc:
         c2:22:c7:19:19:08:7f:88:89:95:78:cd:0b:67:c8:02:88:5a:
         08:84:2f:8e:9b:b4:98:f7:61:eb:69:a1:03:65:d7:20:49:5e:
         96:95:42:6a:4b:49:6b:f2:85:59:e1:d8:95:83:ec:20:2b:22:
         67:1c:dc:c4:83:09:6a:3a:da:6c:17:28:b2:bc:4d:93:ba:0a:
         42:ca:7f:ba:05:17:c7:d3:e3:c5:db:7f:72:fd:c7:1b:74:ae:
         17:66:47:2a:17:3d:66:a2:44:2f:53:7b:cf:0c:75:a1:63:7a:
         bf:39:1e:8c:64:2b:c6:b3:71:4c:33:67:27:00:5a:61:0d:02:
         37:39:98:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7lXMzJARRtaFHjx76N4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUyNTAyZDhiNzJiYWYyZGFmOTlmYmZhN2ExODQ0ZTYwYTVjZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PlWQS5+gB0BsCiHpIbwcu/H7zV1
AD68YnhCC7nZN/Y9lbhMG+OiHC/RE30bmcUsHyjrc8vwrJcY4XntMq6doWNogh4A
w+8qNScTba61/kdjLDlDXclk014j7ZtC9worHm2QLDb7qXAZtUa4/O5BSsf0PEk8
YDnI/5RmUlL2r/Rr8atz+DoAsduYSfJyRx6IRKNssd1p4vrFZDnk2v2zz04nm0es
w5ZkzfLRkGQgiq2P3e5ByXZ815zshMF/F9JpVSZrNAlQOq4owQNNp0jUheuCua/W
GYnkxYdCNXlJmtckKhd2KM1HN7oCzROEUKHudAMe+6E2IoV7sMDPvI+rmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhSUC2Lcrry2vmfv6ehhE5gpc80MB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvU0ZKUUxZdHl1dkxhLVotX3A2R0VUbUNsenpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyulMA0G
CSqGSIb3DQEBCwUAA4IBAQBHhfewIg4dwn0M7UOg3VU5uwoOkq8YxPW3Q+PiysJB
yKf7NIx5Qe+3oM1slOjomeqaaCwfr8e5WlpeVubs+ECOfEQ0ccxky0J/iTPYbp7I
fT0p23XK7lwh1V6J7a6D0jLmrxdKhKt7Ou8uYiE37cK64xwA40IoZnQU31gRrNzC
IscZGQh/iImVeM0LZ8gCiFoIhC+Om7SY92HraaEDZdcgSV6WlUJqS0lr8oVZ4diV
g+wgKyJnHNzEgwlqOtpsFyiyvE2TugpCyn+6BRfH0+PF239y/ccbdK4XZkcqFz1m
okQvU3vPDHWhY3q/OR6MZCvGs3FMM2cnAFphDQI3OZjC
-----END CERTIFICATE-----