Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qIy8EEGEKThhCv4eyhu0aaS6jQQ.roa
File:                     qIy8EEGEKThhCv4eyhu0aaS6jQQ.roa (raw, json)
Hash identifier:          FTpKxy8SMv8Ii+e2R+cokRiry1onK0HB+M+lb5hU0DQ=
Subject key identifier:   A8:8C:BC:10:41:84:29:38:61:0A:FE:1E:CA:1B:B4:69:A4:BA:8D:04
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       01942067B5C195E6758A1F6250946639C943
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qIy8EEGEKThhCv4eyhu0aaS6jQQ.roa
Signing time:             Wed 01 Jan 2025 05:47:35 +0000
ROA not before:           Wed 01 Jan 2025 05:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        31.43.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:b5:c1:95:e6:75:8a:1f:62:50:94:66:39:c9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  1 05:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a88cbc1041842938610afe1eca1bb469a4ba8d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:83:1b:6d:93:f9:9b:02:d6:4f:e0:d9:94:8a:
                    88:a5:f5:bb:0c:b8:fc:a3:f1:61:a4:53:aa:c2:6f:
                    57:97:af:03:e0:c6:a9:b0:cc:12:c7:d6:17:66:73:
                    c9:fd:9b:c4:98:6e:90:e5:fb:8e:d3:03:8b:c1:df:
                    b6:58:8f:cb:ee:6b:3e:c5:6d:b2:9f:7f:39:0a:b7:
                    bd:cc:36:f6:06:79:ab:b9:f4:d6:93:2b:d3:d9:af:
                    39:ab:38:14:19:e9:c3:78:0d:e8:54:ba:83:9d:d8:
                    1c:db:a3:d0:9d:3c:13:1d:29:28:e3:c5:27:0e:e4:
                    59:2f:74:a3:73:af:5d:dd:ae:bf:af:4e:3d:14:bf:
                    c9:45:85:1f:20:53:e3:0b:c0:a0:6b:a8:fc:f3:bf:
                    d5:f4:6b:4c:46:10:6c:bb:0a:0b:6d:90:10:87:67:
                    8c:ab:51:d3:34:61:a7:50:d7:11:19:60:ab:f7:59:
                    b6:70:7c:f2:39:c6:dc:fc:fc:c8:fd:23:07:81:fb:
                    72:e9:0a:90:28:83:87:9f:39:ee:5b:90:86:95:41:
                    dd:4f:0c:b2:58:21:31:4a:9e:bb:51:ed:d5:52:3c:
                    fa:04:1d:79:91:4b:0a:88:de:11:33:c8:a5:29:16:
                    55:65:98:d1:78:2e:99:d4:cf:a4:30:25:23:3b:b4:
                    e1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8C:BC:10:41:84:29:38:61:0A:FE:1E:CA:1B:B4:69:A4:BA:8D:04
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/qIy8EEGEKThhCv4eyhu0aaS6jQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:83:f3:f9:9a:ae:43:35:83:68:91:9f:5e:1c:e5:97:83:e1:
         8f:dd:92:ff:a0:ff:4c:20:e2:b6:13:60:dd:f1:b2:d0:a2:79:
         50:d6:cd:21:1a:8d:bc:1b:30:87:30:73:f1:e7:2c:62:ab:b8:
         b2:c2:23:66:0b:ce:1e:d1:55:73:3f:fd:ab:9f:d4:e9:c4:7f:
         0d:be:d1:58:f0:25:b7:27:6c:b9:aa:0f:74:1f:85:4a:96:8c:
         22:f4:50:7c:32:31:a3:f1:4d:d9:99:2f:4b:42:d9:85:07:77:
         90:f0:57:b3:18:d2:01:1f:73:b5:0f:e9:36:d6:cc:26:ac:bb:
         1d:ce:54:46:c3:1f:1f:9f:83:a0:0a:84:f9:24:46:d3:e3:35:
         d1:d2:f3:3f:20:fd:34:36:e4:19:8c:01:e4:1f:81:1c:fb:46:
         97:44:2a:09:d4:86:dc:ee:0e:d3:b7:52:38:fc:6b:9f:b7:e5:
         7b:58:88:3a:b8:d5:86:40:90:60:cd:46:68:94:e3:11:60:6a:
         bc:f9:ef:83:2a:4c:1c:18:c4:68:6a:5f:d9:ce:02:b9:4b:16:
         d3:3c:5e:ac:ee:56:fb:4f:48:3f:31:fe:20:8c:87:53:80:4b:
         42:83:c1:5b:b4:ed:b7:b6:8f:3b:f6:2f:a2:99:ab:3c:47:00:
         a3:26:ba:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7XBleZ1ih9iUJRmOclDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjUwMTAxMDU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODhjYmMxMDQxODQyOTM4NjEwYWZlMWVjYTFiYjQ2OWE0YmE4ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoMbbZP5mwLWT+DZlIqIpfW7DLj8
o/FhpFOqwm9Xl68D4MapsMwSx9YXZnPJ/ZvEmG6Q5fuO0wOLwd+2WI/L7ms+xW2y
n385Cre9zDb2BnmrufTWkyvT2a85qzgUGenDeA3oVLqDndgc26PQnTwTHSko48Un
DuRZL3Sjc69d3a6/r049FL/JRYUfIFPjC8Cga6j887/V9GtMRhBsuwoLbZAQh2eM
q1HTNGGnUNcRGWCr91m2cHzyOcbc/PzI/SMHgfty6QqQKIOHnznuW5CGlUHdTwyy
WCExSp67Ue3VUjz6BB15kUsKiN4RM8ilKRZVZZjReC6Z1M+kMCUjO7ThoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiMvBBBhCk4YQr+HsobtGmkuo0EMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvcUl5OEVFR0VLVGhoQ3Y0ZXlodTBhYVM2alFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyumMA0G
CSqGSIb3DQEBCwUAA4IBAQB2g/P5mq5DNYNokZ9eHOWXg+GP3ZL/oP9MIOK2E2Dd
8bLQonlQ1s0hGo28GzCHMHPx5yxiq7iywiNmC84e0VVzP/2rn9TpxH8NvtFY8CW3
J2y5qg90H4VKlowi9FB8MjGj8U3ZmS9LQtmFB3eQ8FezGNIBH3O1D+k21swmrLsd
zlRGwx8fn4OgCoT5JEbT4zXR0vM/IP00NuQZjAHkH4Ec+0aXRCoJ1Ibc7g7Tt1I4
/Guft+V7WIg6uNWGQJBgzUZolOMRYGq8+e+DKkwcGMRoal/ZzgK5SxbTPF6s7lb7
T0g/Mf4gjIdTgEtCg8FbtO23to879i+imas8RwCjJrqW
-----END CERTIFICATE-----