Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/IWpRna9rHykplJp5-63YEmNMCDQ.roa
File:                     IWpRna9rHykplJp5-63YEmNMCDQ.roa (raw, json)
Hash identifier:          AJVL1Z40yI/YxBI0chOyVgvXJNOilrGNQaXjuuOSUSU=
Subject key identifier:   21:6A:51:9D:AF:6B:1F:29:29:94:9A:79:FB:AD:D8:12:63:4C:08:34
Certificate issuer:       /CN=894928a39627cd5ee5f975bd897c2d775ab29940
Certificate serial:       0196337925CF1048F8DA7D2E1455DCA44B54
Authority key identifier: 89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/IWpRna9rHykplJp5-63YEmNMCDQ.roa
Signing time:             Mon 14 Apr 2025 08:44:59 +0000
ROA not before:           Mon 14 Apr 2025 08:44:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134854
IP address blocks:        192.48.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:79:25:cf:10:48:f8:da:7d:2e:14:55:dc:a4:4b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Validity
            Not Before: Apr 14 08:44:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=216a519daf6b1f2929949a79fbadd812634c0834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e3:2a:48:5e:a5:88:fd:af:b9:c2:76:e4:6d:
                    3b:22:ce:98:4a:26:b8:aa:34:a1:fb:43:1f:81:27:
                    ec:a2:2d:4c:b6:21:6d:b9:03:9d:13:be:b2:f3:4d:
                    89:31:d8:11:2a:90:5e:bb:80:70:1a:72:c6:4b:ad:
                    3e:fc:8a:aa:28:b5:37:20:0d:41:7b:b1:0a:9b:a8:
                    5a:59:2c:95:26:4a:3c:ee:d4:07:8b:d8:d4:25:f0:
                    d3:02:cb:5d:87:59:25:fb:02:c1:b8:4a:f8:d4:c3:
                    20:9a:c7:f6:c8:55:28:13:33:48:4e:65:ab:c7:0e:
                    6a:53:39:bd:a2:e9:18:17:19:3d:63:29:2a:4a:c1:
                    c4:b8:64:fa:30:90:67:02:74:d6:21:de:a9:72:9b:
                    6d:31:b2:8d:4c:70:13:c7:50:66:1c:0e:82:83:d5:
                    da:f0:02:4e:41:36:9f:9f:c7:0c:00:eb:7c:23:af:
                    4c:dc:5b:6d:b5:70:bc:c4:df:de:fb:da:26:1d:05:
                    ae:76:46:33:6d:4b:54:a1:de:9a:95:ff:f8:7d:06:
                    63:a9:28:15:54:02:c2:d6:2a:ba:21:05:ba:43:19:
                    c0:3b:ad:e6:76:93:13:5e:9a:7f:ae:50:4f:8a:0e:
                    21:a4:62:96:93:9d:80:c7:11:b8:b6:73:17:db:3a:
                    8c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:6A:51:9D:AF:6B:1F:29:29:94:9A:79:FB:AD:D8:12:63:4C:08:34
            X509v3 Authority Key Identifier:
                keyid:89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/IWpRna9rHykplJp5-63YEmNMCDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.48.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:11:99:51:4c:d8:46:c6:00:63:9f:fc:ad:92:42:3f:ae:72:
         d9:37:d7:d2:c6:50:70:c9:34:ce:1d:d2:40:53:1d:f4:fd:d3:
         8b:a4:54:e0:84:30:4e:65:ab:68:8f:f3:6d:ea:41:6b:b2:be:
         9e:22:ce:0f:44:b2:78:20:a0:1f:43:03:7c:8f:c9:62:ef:3e:
         72:a2:92:c8:45:27:01:53:fd:1e:15:b2:de:ad:9f:d1:fd:83:
         f0:33:ff:b7:d7:ef:f0:ff:8c:09:f6:c4:00:cb:84:fc:97:94:
         17:3a:e0:20:d1:af:48:86:b7:bc:b0:04:be:f1:89:5a:e1:f7:
         e2:31:f7:2c:19:f9:75:f9:c6:09:1d:fd:2b:90:76:30:59:1b:
         ab:16:e4:37:47:9a:a9:d6:19:6f:b0:ae:38:fb:0d:73:31:1b:
         78:b4:fc:08:44:9d:62:49:05:93:5d:57:e8:21:40:c2:2d:11:
         48:42:56:a9:d9:8b:95:cc:e4:3a:b0:e0:74:ab:27:69:a4:3c:
         f6:a1:49:eb:b5:3b:4e:1e:9e:19:06:80:9f:7b:7b:f4:94:dc:
         3d:1c:f9:3c:01:e5:fc:d0:fa:37:5d:59:ea:94:ef:d7:16:6e:
         76:7b:37:12:9b:29:eb:ff:7a:74:19:0d:0a:a8:11:64:b1:6f:
         5c:85:3c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzeSXPEEj42n0uFFXcpEtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NDkyOGEzOTYyN2NkNWVlNWY5NzViZDg5N2MyZDc3NWFi
Mjk5NDAwHhcNMjUwNDE0MDg0NDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTZhNTE5ZGFmNmIxZjI5Mjk5NDlhNzlmYmFkZDgxMjYzNGMwODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uMqSF6liP2vucJ25G07Is6YSia4
qjSh+0MfgSfsoi1MtiFtuQOdE76y802JMdgRKpBeu4BwGnLGS60+/IqqKLU3IA1B
e7EKm6haWSyVJko87tQHi9jUJfDTAstdh1kl+wLBuEr41MMgmsf2yFUoEzNITmWr
xw5qUzm9oukYFxk9YykqSsHEuGT6MJBnAnTWId6pcpttMbKNTHATx1BmHA6Cg9Xa
8AJOQTafn8cMAOt8I69M3FtttXC8xN/e+9omHQWudkYzbUtUod6alf/4fQZjqSgV
VALC1iq6IQW6QxnAO63mdpMTXpp/rlBPig4hpGKWk52AxxG4tnMX2zqMNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFqUZ2vax8pKZSaefut2BJjTAg0MB8GA1UdIwQY
MBaAFIlJKKOWJ81e5fl1vYl8LXdasplAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEt
MTU5M2Q0MDQ1Y2JjLzEvSVdwUm5hOXJIeWtwbEpwNS02M1lFbU5NQ0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEtMTU5M2Q0MDQ1Y2Jj
LzEvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDAfMA0G
CSqGSIb3DQEBCwUAA4IBAQCKEZlRTNhGxgBjn/ytkkI/rnLZN9fSxlBwyTTOHdJA
Ux30/dOLpFTghDBOZatoj/Nt6kFrsr6eIs4PRLJ4IKAfQwN8j8li7z5yopLIRScB
U/0eFbLerZ/R/YPwM/+31+/w/4wJ9sQAy4T8l5QXOuAg0a9Ihre8sAS+8Yla4ffi
MfcsGfl1+cYJHf0rkHYwWRurFuQ3R5qp1hlvsK44+w1zMRt4tPwIRJ1iSQWTXVfo
IUDCLRFIQlap2YuVzOQ6sOB0qydppDz2oUnrtTtOHp4ZBoCfe3v0lNw9HPk8AeX8
0Po3XVnqlO/XFm52ezcSmynr/3p0GQ0KqBFksW9chTzt
-----END CERTIFICATE-----