Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/qYTgMdJGkAUtjDYiuMMhTxfJQuE.roa
File:                     qYTgMdJGkAUtjDYiuMMhTxfJQuE.roa (raw, json)
Hash identifier:          s9YOPVDXUwDCUpFUzrcMrXpu0dW70tO1ii9LPQmYpUc=
Subject key identifier:   A9:84:E0:31:D2:46:90:05:2D:8C:36:22:B8:C3:21:4F:17:C9:42:E1
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       0196D878FED53B87978D58D7559B10488BD0
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/qYTgMdJGkAUtjDYiuMMhTxfJQuE.roa
Signing time:             Fri 16 May 2025 09:42:10 +0000
ROA not before:           Fri 16 May 2025 09:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34476
IP address blocks:        31.169.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d8:78:fe:d5:3b:87:97:8d:58:d7:55:9b:10:48:8b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: May 16 09:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a984e031d24690052d8c3622b8c3214f17c942e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:3e:b2:d6:92:0d:bc:45:7d:26:70:39:6e:df:
                    04:e9:7b:c1:5b:a8:b5:63:c3:ca:75:0e:59:fe:64:
                    96:e3:01:30:ca:0e:0d:b5:2f:21:82:4a:7e:53:a5:
                    8e:b2:5c:95:e0:03:bf:d9:05:cb:db:59:21:43:1c:
                    4d:45:0e:8c:f3:29:a4:f0:e0:7a:fb:d8:f9:47:f5:
                    3f:0d:88:65:02:67:05:b6:47:b3:25:8b:2d:ee:f2:
                    ed:41:13:ae:71:20:9c:a7:ec:6d:e7:1d:29:fd:04:
                    d6:f8:c9:63:d6:b3:32:2a:38:b0:e2:2c:71:b5:2d:
                    a5:c8:a7:3d:31:a1:a2:13:10:cf:99:58:80:7d:52:
                    3d:8b:ed:5c:78:a9:41:51:5d:83:07:35:34:6d:f5:
                    b5:d5:ac:3c:b2:ba:a8:c5:c5:74:30:78:47:bb:a1:
                    80:9f:ca:7c:62:b8:82:66:94:40:90:c9:50:8d:dd:
                    c6:c5:ca:93:3c:2c:0c:c5:08:57:2f:f7:2b:82:32:
                    a8:b0:f2:ae:fa:86:ae:49:0e:66:19:a4:f2:c0:ce:
                    91:0c:3e:4a:bb:8c:b1:0f:8a:12:d0:8e:9d:54:ee:
                    b2:df:3d:4a:30:a6:c1:05:b0:91:eb:be:4b:e4:48:
                    db:91:15:4c:ad:f4:56:80:af:78:62:cc:67:42:9b:
                    64:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:84:E0:31:D2:46:90:05:2D:8C:36:22:B8:C3:21:4F:17:C9:42:E1
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/qYTgMdJGkAUtjDYiuMMhTxfJQuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:64:aa:f5:31:86:2b:9f:08:a0:27:16:fd:39:a8:41:59:48:
         c7:37:b3:9e:f2:bb:6a:7a:64:88:82:a7:7d:1b:4b:b3:a4:18:
         c7:6a:16:d1:f7:14:a7:ff:20:05:18:be:f6:36:e7:5f:d4:5c:
         d7:16:fc:44:3b:8b:98:90:bd:6e:09:3e:64:78:3c:a9:d1:5d:
         4f:f9:36:9c:f7:f1:6f:f5:4c:55:57:14:91:d6:5d:bd:61:4b:
         43:d9:24:0a:d1:b4:7a:2f:93:84:5b:7c:0d:a7:4a:1a:47:fe:
         50:5d:36:7d:f8:d7:54:7e:c6:05:d8:03:9b:e5:00:de:d0:2b:
         d6:bc:fb:aa:cd:ad:8f:02:b3:2f:3e:d8:e1:f9:9d:24:a0:1d:
         a0:3d:99:ed:70:5d:be:aa:1c:a3:39:de:b1:4a:93:1f:65:46:
         72:57:53:89:e4:2c:0e:c3:22:f0:81:86:10:cf:01:6f:9a:4a:
         69:15:20:d7:d3:8a:ac:f1:fd:8c:43:01:71:84:22:7d:98:fc:
         25:fb:c1:6f:5b:74:70:39:bc:3f:d4:7a:8e:af:01:65:54:a3:
         9d:7c:9f:31:65:32:50:0c:45:25:a2:ed:c4:1e:eb:1d:26:bf:
         6e:e4:74:db:6e:55:1f:1f:0f:81:4d:e1:24:6a:53:53:8c:49:
         cf:13:0a:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbYeP7VO4eXjVjXVZsQSIvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjUwNTE2MDk0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTg0ZTAzMWQyNDY5MDA1MmQ4YzM2MjJiOGMzMjE0ZjE3Yzk0MmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+j6y1pINvEV9JnA5bt8E6XvBW6i1
Y8PKdQ5Z/mSW4wEwyg4NtS8hgkp+U6WOslyV4AO/2QXL21khQxxNRQ6M8ymk8OB6
+9j5R/U/DYhlAmcFtkezJYst7vLtQROucSCcp+xt5x0p/QTW+Mlj1rMyKjiw4ixx
tS2lyKc9MaGiExDPmViAfVI9i+1ceKlBUV2DBzU0bfW11aw8srqoxcV0MHhHu6GA
n8p8YriCZpRAkMlQjd3GxcqTPCwMxQhXL/crgjKosPKu+oauSQ5mGaTywM6RDD5K
u4yxD4oS0I6dVO6y3z1KMKbBBbCR675L5EjbkRVMrfRWgK94YsxnQptkEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmE4DHSRpAFLYw2IrjDIU8XyULhMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvcVlUZ01kSkdrQVV0akRZaXVNTWhUeGZKUXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lLMA0G
CSqGSIb3DQEBCwUAA4IBAQAvZKr1MYYrnwigJxb9OahBWUjHN7Oe8rtqemSIgqd9
G0uzpBjHahbR9xSn/yAFGL72Nudf1FzXFvxEO4uYkL1uCT5keDyp0V1P+Tac9/Fv
9UxVVxSR1l29YUtD2SQK0bR6L5OEW3wNp0oaR/5QXTZ9+NdUfsYF2AOb5QDe0CvW
vPuqza2PArMvPtjh+Z0koB2gPZntcF2+qhyjOd6xSpMfZUZyV1OJ5CwOwyLwgYYQ
zwFvmkppFSDX04qs8f2MQwFxhCJ9mPwl+8FvW3RwObw/1HqOrwFlVKOdfJ8xZTJQ
DEUlou3EHusdJr9u5HTbblUfHw+BTeEkalNTjEnPEwpW
-----END CERTIFICATE-----