Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/oqk7vyXZrC-D5_5cpZHpWjEfCJw.roa
File:                     oqk7vyXZrC-D5_5cpZHpWjEfCJw.roa (raw, json)
Hash identifier:          Iyl0VEv5gWpgZiq6xlIMrOhBw5qUY0Z75JnVHakz9ZQ=
Subject key identifier:   A2:A9:3B:BF:25:D9:AC:2F:83:E7:FE:5C:A5:91:E9:5A:31:1F:08:9C
Certificate issuer:       /CN=079d9053717a16a76c10ae838f5625055be0481f
Certificate serial:       0194258ECB0011F35100F9759108FA2942C7
Authority key identifier: 07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/oqk7vyXZrC-D5_5cpZHpWjEfCJw.roa
Signing time:             Thu 02 Jan 2025 05:48:22 +0000
ROA not before:           Thu 02 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12735
IP address blocks:        31.169.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:cb:00:11:f3:51:00:f9:75:91:08:fa:29:42:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=079d9053717a16a76c10ae838f5625055be0481f
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2a93bbf25d9ac2f83e7fe5ca591e95a311f089c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:31:77:9b:f9:87:7a:07:57:d1:ce:02:23:
                    6f:01:18:ef:a9:6b:56:61:59:c3:f4:cb:b6:bf:54:
                    76:d8:f6:31:0d:ec:2b:4d:78:5b:9f:4a:2a:e5:a4:
                    a2:0c:96:fc:b7:e4:37:c8:e1:d7:a6:67:ea:08:19:
                    c0:b4:49:73:9f:2d:f4:c3:7d:d9:8d:75:dc:28:c5:
                    7f:32:4a:b1:cf:f7:96:a3:0e:a7:a5:5b:c2:87:6c:
                    48:1b:59:f8:cb:32:fc:24:91:75:ce:28:1a:cf:2c:
                    8f:01:9e:89:52:12:b6:20:b4:54:62:ce:fa:6f:02:
                    34:08:6e:3e:8b:db:fa:f2:37:41:ce:bd:66:45:76:
                    c6:c8:18:90:19:27:d4:2c:70:f6:7e:a1:47:69:b1:
                    df:e8:d4:d1:71:7d:ee:73:80:9f:b5:63:f9:d1:4d:
                    e0:7c:b6:e5:7b:59:35:5b:b6:1b:60:29:57:2a:4c:
                    fd:85:bc:5b:b5:e7:c1:80:9a:b3:fe:89:35:b3:4e:
                    6f:36:a0:f4:59:a8:ab:99:03:2c:cb:6d:01:e1:90:
                    a1:a0:1e:58:42:b6:ad:39:8a:a0:9a:18:44:25:de:
                    7e:c1:84:92:ad:bd:f9:d5:d3:2f:f9:9e:f5:f9:47:
                    ad:e5:2b:ed:6e:8f:b2:48:45:98:83:f5:14:42:97:
                    47:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A9:3B:BF:25:D9:AC:2F:83:E7:FE:5C:A5:91:E9:5A:31:1F:08:9C
            X509v3 Authority Key Identifier:
                keyid:07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/oqk7vyXZrC-D5_5cpZHpWjEfCJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:b2:e0:30:4b:54:34:17:5a:16:d7:2b:11:0a:16:69:d5:3c:
         0d:c2:97:d0:9e:52:a9:66:62:3d:d2:0c:64:11:3f:c4:4f:94:
         ac:e2:db:82:22:66:e3:50:9d:83:c3:97:12:16:59:79:a2:f7:
         b9:e9:5a:2e:e1:b0:2d:bb:11:fa:b4:72:86:c9:22:25:28:eb:
         a8:6e:40:53:b7:6d:7a:7a:c3:5e:2f:ff:9e:96:10:b9:a2:69:
         58:66:64:6f:32:25:e1:fe:5c:28:88:bd:e0:ff:60:0e:ba:ab:
         e8:80:9c:38:27:d0:d4:48:81:17:43:ff:e0:fb:2c:96:9b:8a:
         c4:aa:3a:23:53:69:01:1d:77:31:5d:3a:2a:8e:66:12:ca:81:
         84:bc:a0:11:59:de:86:d6:e4:2c:d2:ca:bf:29:d0:ec:22:f7:
         05:35:48:fe:f2:72:fb:eb:3a:54:ba:25:88:ce:e8:e3:a3:27:
         9c:60:7c:f0:de:4f:a4:dc:9a:b7:97:77:5d:a5:c0:e5:d9:34:
         86:76:31:2a:35:3c:52:5b:0a:68:d3:2d:14:a8:54:ff:36:e2:
         4e:4d:00:4a:ac:74:fb:c0:cd:c5:42:9a:c1:8a:75:ca:4e:5f:
         96:d0:b0:90:83:fb:fe:ed:51:aa:16:4d:83:45:4d:8a:58:de:
         ef:84:7e:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljssAEfNRAPl1kQj6KULHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OWQ5MDUzNzE3YTE2YTc2YzEwYWU4MzhmNTYyNTA1NWJl
MDQ4MWYwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmE5M2JiZjI1ZDlhYzJmODNlN2ZlNWNhNTkxZTk1YTMxMWYwODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvgxd5v5h3oHV9HOAiNvARjvqWtW
YVnD9Mu2v1R22PYxDewrTXhbn0oq5aSiDJb8t+Q3yOHXpmfqCBnAtElzny30w33Z
jXXcKMV/Mkqxz/eWow6npVvCh2xIG1n4yzL8JJF1zigazyyPAZ6JUhK2ILRUYs76
bwI0CG4+i9v68jdBzr1mRXbGyBiQGSfULHD2fqFHabHf6NTRcX3uc4CftWP50U3g
fLble1k1W7YbYClXKkz9hbxbtefBgJqz/ok1s05vNqD0WairmQMsy20B4ZChoB5Y
QratOYqgmhhEJd5+wYSSrb351dMv+Z71+Uet5Svtbo+ySEWYg/UUQpdHRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKpO78l2awvg+f+XKWR6VoxHwicMB8GA1UdIwQY
MBaAFAedkFNxehanbBCug49WJQVb4EgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAt
MjdkMDNlMzkzZmI3LzEvb3FrN3Z5WFpyQy1ENV81Y3BaSHBXakVmQ0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAtMjdkMDNlMzkzZmI3
LzEvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lbMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsuAwS1Q0F1oW1ysRChZp1TwNwpfQnlKpZmI90gxk
ET/ET5Ss4tuCImbjUJ2Dw5cSFll5ove56Vou4bAtuxH6tHKGySIlKOuobkBTt216
esNeL/+elhC5omlYZmRvMiXh/lwoiL3g/2AOuqvogJw4J9DUSIEXQ//g+yyWm4rE
qjojU2kBHXcxXToqjmYSyoGEvKARWd6G1uQs0sq/KdDsIvcFNUj+8nL76zpUuiWI
zujjoyecYHzw3k+k3Jq3l3ddpcDl2TSGdjEqNTxSWwpo0y0UqFT/NuJOTQBKrHT7
wM3FQprBinXKTl+W0LCQg/v+7VGqFk2DRU2KWN7vhH7x
-----END CERTIFICATE-----