Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/A52HcjjVvjURrnqIKzVJffIr5pg.roa
File:                     A52HcjjVvjURrnqIKzVJffIr5pg.roa (raw, json)
Hash identifier:          0khgPx2sOeKgtKjIWQMCspv9EOJEwLPaIfkqJUfbIZI=
Subject key identifier:   03:9D:87:72:38:D5:BE:35:11:AE:7A:88:2B:35:49:7D:F2:2B:E6:98
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       019427483634C3AC51016FA14E3D3D4D4193
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/A52HcjjVvjURrnqIKzVJffIr5pg.roa
Signing time:             Thu 02 Jan 2025 13:50:31 +0000
ROA not before:           Thu 02 Jan 2025 13:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31082
IP address blocks:        31.207.91.0/24 maxlen: 24
                          93.189.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:36:34:c3:ac:51:01:6f:a1:4e:3d:3d:4d:41:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Jan  2 13:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=039d877238d5be3511ae7a882b35497df22be698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0a:80:21:01:fd:5f:de:0d:96:4d:42:6b:f8:
                    ed:ed:12:40:35:66:48:30:11:4a:3a:49:2e:fd:87:
                    97:f2:99:7f:02:2b:9c:5c:61:f6:55:be:d6:f0:fe:
                    b2:f7:19:9f:47:2b:41:c3:22:8d:8f:05:d0:12:ac:
                    05:37:5f:00:1a:45:2c:74:8c:e5:57:cb:44:f3:ad:
                    d9:2f:6c:ad:9a:8e:9e:3f:55:e4:68:2a:35:78:f7:
                    09:e3:3a:6b:fe:21:ad:b3:73:5d:60:21:77:85:55:
                    3b:76:ed:0d:17:d8:58:1b:0e:58:38:a6:c4:29:70:
                    f5:45:a7:b5:44:7b:7f:1c:73:92:bb:26:6a:d2:88:
                    3b:f7:2e:a9:a8:bb:c9:9c:2c:94:d1:54:01:6a:79:
                    61:c9:48:55:b8:2a:57:50:8f:26:63:cc:02:a4:5f:
                    90:23:42:58:c2:39:d9:78:08:92:0a:97:bd:e9:fa:
                    ba:5d:88:d5:02:cf:97:ff:ed:a7:74:d9:94:06:df:
                    fa:8a:d4:fd:7f:1d:87:06:60:c0:9f:61:6d:d5:b7:
                    68:0f:ff:dc:57:ac:99:10:cb:7b:9d:90:e0:28:98:
                    2a:26:eb:e1:62:1d:7c:07:9d:ed:29:af:cb:97:83:
                    f6:2e:c6:8f:8a:db:0f:c9:cb:47:06:f4:2a:74:8b:
                    82:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:9D:87:72:38:D5:BE:35:11:AE:7A:88:2B:35:49:7D:F2:2B:E6:98
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/A52HcjjVvjURrnqIKzVJffIr5pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.91.0/24
                  93.189.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a7:53:06:7c:09:6c:cb:b7:82:c8:ab:ef:5d:40:3a:81:3e:
         7b:8d:f0:02:80:8f:96:fd:55:17:c2:6d:b6:19:e7:c9:c9:79:
         5b:4b:06:bb:2b:b7:38:4e:92:a6:4d:c0:36:c5:18:ea:2a:d6:
         d3:59:0a:9e:41:8e:c6:e2:7e:35:a1:94:78:3a:f3:5a:d6:f8:
         ef:cd:4f:3f:e6:15:e5:69:07:f7:be:35:16:12:db:a3:60:f9:
         de:34:38:39:f8:ab:b3:a5:38:9b:76:2d:4d:b2:91:f7:eb:de:
         ba:d1:a6:cb:0d:2f:5f:3a:b9:9e:aa:2b:40:6d:6b:ec:7a:44:
         15:33:93:cc:6b:d2:a5:88:69:aa:71:48:f6:a3:1b:c9:c3:b0:
         7c:b7:22:0a:f8:cd:5e:fb:88:9c:11:da:ee:73:9a:96:6b:1d:
         35:ba:e3:c3:7b:d4:57:95:67:9a:00:3e:2b:68:d9:d5:c2:87:
         81:56:92:90:83:8e:4b:75:9f:ab:6a:ac:11:82:c4:be:94:0b:
         e4:13:70:49:dd:6c:70:22:49:40:d3:32:97:20:2a:6b:08:8e:
         30:9c:18:01:c1:65:02:d1:8c:dd:04:15:5e:d7:38:61:cd:00:
         88:c9:c6:04:c9:74:f5:f0:73:b6:cd:3a:72:c3:91:71:1f:f1:
         e6:63:f6:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSDY0w6xRAW+hTj09TUGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjUwMTAyMTM1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzlkODc3MjM4ZDViZTM1MTFhZTdhODgyYjM1NDk3ZGYyMmJlNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AqAIQH9X94Nlk1Ca/jt7RJANWZI
MBFKOkku/YeX8pl/AiucXGH2Vb7W8P6y9xmfRytBwyKNjwXQEqwFN18AGkUsdIzl
V8tE863ZL2ytmo6eP1XkaCo1ePcJ4zpr/iGts3NdYCF3hVU7du0NF9hYGw5YOKbE
KXD1Rae1RHt/HHOSuyZq0og79y6pqLvJnCyU0VQBanlhyUhVuCpXUI8mY8wCpF+Q
I0JYwjnZeAiSCpe96fq6XYjVAs+X/+2ndNmUBt/6itT9fx2HBmDAn2Ft1bdoD//c
V6yZEMt7nZDgKJgqJuvhYh18B53tKa/Ll4P2LsaPitsPyctHBvQqdIuCGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAOdh3I41b41Ea56iCs1SX3yK+aYMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvQTUySGNqalZ2alVScm5xSUt6VkpmZklyNXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH89bAwQA
Xb0nMA0GCSqGSIb3DQEBCwUAA4IBAQCjp1MGfAlsy7eCyKvvXUA6gT57jfACgI+W
/VUXwm22GefJyXlbSwa7K7c4TpKmTcA2xRjqKtbTWQqeQY7G4n41oZR4OvNa1vjv
zU8/5hXlaQf3vjUWEtujYPneNDg5+KuzpTibdi1NspH369660abLDS9fOrmeqitA
bWvsekQVM5PMa9KliGmqcUj2oxvJw7B8tyIK+M1e+4icEdruc5qWax01uuPDe9RX
lWeaAD4raNnVwoeBVpKQg45LdZ+raqwRgsS+lAvkE3BJ3WxwIklA0zKXICprCI4w
nBgBwWUC0YzdBBVe1zhhzQCIycYEyXT18HO2zTpyw5FxH/HmY/b2
-----END CERTIFICATE-----