Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/A15OC13YGMvTmICTCy1AZnVK3To.roa
File:                     A15OC13YGMvTmICTCy1AZnVK3To.roa (raw, json)
Hash identifier:          PwsIGkVItakh2uZVvAdvG2pZjqN/gexEPiOMZusjdcA=
Subject key identifier:   03:5E:4E:0B:5D:D8:18:CB:D3:98:80:93:0B:2D:40:66:75:4A:DD:3A
Certificate issuer:       /CN=6d7b79604af1f3908f4817956626353ee6ffc1f4
Certificate serial:       019426D987631A2BF281C1D0E8DCDAD4088D
Authority key identifier: 6D:7B:79:60:4A:F1:F3:90:8F:48:17:95:66:26:35:3E:E6:FF:C1:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/A15OC13YGMvTmICTCy1AZnVK3To.roa
Signing time:             Thu 02 Jan 2025 11:49:37 +0000
ROA not before:           Thu 02 Jan 2025 11:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44558
IP address blocks:        31.209.96.0/20 maxlen: 20
                          185.37.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:87:63:1a:2b:f2:81:c1:d0:e8:dc:da:d4:08:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7b79604af1f3908f4817956626353ee6ffc1f4
        Validity
            Not Before: Jan  2 11:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=035e4e0b5dd818cbd39880930b2d4066754add3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7e:03:f3:ee:e7:e8:7e:7c:a9:28:ce:39:78:
                    e2:7a:cc:a4:41:db:91:f4:40:f4:50:9a:98:f8:3b:
                    18:28:c8:82:2a:5a:c4:47:d8:1e:51:9a:e5:10:8a:
                    b5:82:2e:0f:d0:52:d2:c9:70:40:d3:51:db:ef:a3:
                    b0:6d:11:d4:ad:01:1a:0f:a3:ce:c1:2c:7a:f3:40:
                    bb:54:18:a9:a5:36:34:81:a0:6a:cb:b0:fc:d7:45:
                    09:e9:a3:95:8b:ad:0c:00:86:4f:e7:dd:ec:4f:b1:
                    c1:c7:64:f8:bb:0e:77:e2:e3:63:73:65:43:2b:be:
                    a5:91:aa:5c:ad:65:5e:75:bb:3b:fe:b6:96:65:68:
                    26:44:15:f7:da:0d:db:f0:29:30:57:06:af:ca:fa:
                    c6:f3:42:d4:63:c9:e1:16:fc:fd:6d:49:45:c2:48:
                    41:66:9c:9b:32:4f:5c:e9:21:39:67:e2:c9:f2:26:
                    3b:bf:71:d6:4b:d7:41:e6:97:18:44:c2:80:30:30:
                    58:8a:cb:15:5b:7f:21:7e:ad:df:34:7d:d6:98:a5:
                    48:9a:ed:ad:bb:dd:ec:49:e2:1b:1e:fa:87:8e:2c:
                    5b:db:19:24:98:23:db:06:7c:ca:88:c3:24:cb:07:
                    32:f2:f7:3c:99:8f:4c:4c:b6:ce:28:f5:dc:f9:d5:
                    18:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5E:4E:0B:5D:D8:18:CB:D3:98:80:93:0B:2D:40:66:75:4A:DD:3A
            X509v3 Authority Key Identifier:
                keyid:6D:7B:79:60:4A:F1:F3:90:8F:48:17:95:66:26:35:3E:E6:FF:C1:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/A15OC13YGMvTmICTCy1AZnVK3To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.96.0/20
                  185.37.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:92:9d:e7:c7:87:2c:47:8f:8e:c5:35:46:5f:5a:1d:eb:7e:
         89:a5:4f:82:2a:7a:2f:c2:6b:9e:70:eb:e0:23:1e:a7:eb:b7:
         f9:7c:c9:62:51:c6:fe:6e:42:76:1a:d5:e6:4f:d9:d8:5a:1b:
         95:f5:10:73:53:93:5c:cf:be:de:c0:48:d6:a1:05:eb:7d:69:
         d6:74:79:c6:16:a6:7e:6e:f9:d2:a2:56:86:0d:a3:b9:e0:d5:
         8f:97:c6:58:5b:79:ec:7e:e7:49:c0:af:be:ca:97:5a:5a:ff:
         e7:da:00:14:af:20:69:f6:46:40:b2:eb:9e:cc:26:25:2b:02:
         09:3f:32:09:95:8a:5d:b5:78:27:c8:10:88:e3:5d:03:21:22:
         9c:5d:5f:2e:d2:d0:b1:9d:d9:5f:9f:08:e3:51:9f:84:67:78:
         2e:3a:04:83:cf:05:0e:b5:0d:a8:79:c4:06:fb:24:9b:34:4b:
         72:ad:1e:b0:94:1e:73:f9:b9:b6:f4:d0:9b:18:de:d2:ae:68:
         cc:2a:dd:a1:35:3a:a5:df:53:81:d4:80:05:53:ad:f2:8b:0c:
         13:76:5f:7e:0f:c8:d2:7f:c0:47:bc:27:af:76:c6:7c:50:20:
         8d:62:22:13:1f:ce:b0:e3:b8:4a:17:54:20:48:e4:dd:1d:11:
         61:b3:4a:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2YdjGivygcHQ6Nza1AiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkN2I3OTYwNGFmMWYzOTA4ZjQ4MTc5NTY2MjYzNTNlZTZm
ZmMxZjQwHhcNMjUwMTAyMTE0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzVlNGUwYjVkZDgxOGNiZDM5ODgwOTMwYjJkNDA2Njc1NGFkZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3H4D8+7n6H58qSjOOXjiesykQduR
9ED0UJqY+DsYKMiCKlrER9geUZrlEIq1gi4P0FLSyXBA01Hb76OwbRHUrQEaD6PO
wSx680C7VBippTY0gaBqy7D810UJ6aOVi60MAIZP593sT7HBx2T4uw534uNjc2VD
K76lkapcrWVedbs7/raWZWgmRBX32g3b8CkwVwavyvrG80LUY8nhFvz9bUlFwkhB
ZpybMk9c6SE5Z+LJ8iY7v3HWS9dB5pcYRMKAMDBYissVW38hfq3fNH3WmKVImu2t
u93sSeIbHvqHjixb2xkkmCPbBnzKiMMkywcy8vc8mY9MTLbOKPXc+dUYQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFANeTgtd2BjL05iAkwstQGZ1St06MB8GA1UdIwQY
MBaAFG17eWBK8fOQj0gXlWYmNT7m/8H0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlh0NVlFcng4NUNQU0JlVlppWTFQdWJfd2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85M2E3MzQtM2NiNy00MTJjLWI0NWYt
Mjc1YjZlOWZiYzYzLzEvQTE1T0MxM1lHTXZUbUlDVEN5MUFablZLM1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85M2E3MzQtM2NiNy00MTJjLWI0NWYtMjc1YjZlOWZiYzYz
LzEvYlh0NVlFcng4NUNQU0JlVlppWTFQdWJfd2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEH9FgAwQC
uSW4MA0GCSqGSIb3DQEBCwUAA4IBAQBVkp3nx4csR4+OxTVGX1od636JpU+CKnov
wmuecOvgIx6n67f5fMliUcb+bkJ2GtXmT9nYWhuV9RBzU5Ncz77ewEjWoQXrfWnW
dHnGFqZ+bvnSolaGDaO54NWPl8ZYW3nsfudJwK++ypdaWv/n2gAUryBp9kZAsuue
zCYlKwIJPzIJlYpdtXgnyBCI410DISKcXV8u0tCxndlfnwjjUZ+EZ3guOgSDzwUO
tQ2oecQG+ySbNEtyrR6wlB5z+bm29NCbGN7SrmjMKt2hNTql31OB1IAFU63yiwwT
dl9+D8jSf8BHvCevdsZ8UCCNYiITH86w47hKF1QgSOTdHRFhs0pu
-----END CERTIFICATE-----