Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/1-eNfPNgGjJz34a_6zifXZRNCWXw.roa
File:                     1-eNfPNgGjJz34a_6zifXZRNCWXw.roa (raw, json)
Hash identifier:          BrqTM2h6iG7WyfhfDjhQFT8qhh74OvrPhMC05Ggy8tQ=
Subject key identifier:   F9:E3:5F:3C:D8:06:8C:9C:F7:E1:AF:FA:CE:27:D7:65:13:42:59:7C
Certificate issuer:       /CN=76e05e9ee59477e0155fc1edc0a1830729766e88
Certificate serial:       01968470DBAAC13F0211504EAB008AE28E50
Authority key identifier: 76:E0:5E:9E:E5:94:77:E0:15:5F:C1:ED:C0:A1:83:07:29:76:6E:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/duBenuWUd-AVX8HtwKGDByl2bog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/1-eNfPNgGjJz34a_6zifXZRNCWXw.roa
Signing time:             Wed 30 Apr 2025 02:05:10 +0000
ROA not before:           Wed 30 Apr 2025 02:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12978
IP address blocks:        212.31.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/duBenuWUd-AVX8HtwKGDByl2bog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/duBenuWUd-AVX8HtwKGDByl2bog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/duBenuWUd-AVX8HtwKGDByl2bog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:84:70:db:aa:c1:3f:02:11:50:4e:ab:00:8a:e2:8e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76e05e9ee59477e0155fc1edc0a1830729766e88
        Validity
            Not Before: Apr 30 02:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9e35f3cd8068c9cf7e1afface27d7651342597c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:57:45:54:96:82:19:a3:25:e8:71:3d:03:e5:
                    a0:46:4d:00:6a:92:b5:b5:e9:9a:18:ff:41:2e:96:
                    7c:2b:e7:ff:d2:bd:22:eb:e7:bd:7b:05:51:2d:de:
                    3a:cb:d4:d0:ec:21:8e:a6:2e:81:76:b2:c0:dc:98:
                    db:ed:68:2f:0a:a3:13:1b:03:75:a5:ef:94:f7:3b:
                    e8:31:12:52:8e:7b:bb:bd:40:24:47:88:b6:29:69:
                    1e:a3:6c:95:7a:6f:54:86:e3:7f:28:7e:b0:13:27:
                    76:73:8a:d0:25:d3:d9:ce:20:ad:b1:d1:fe:25:48:
                    b8:d7:fc:e5:e4:8e:5a:5d:71:d7:31:31:78:27:cd:
                    9f:d6:41:9f:69:44:d3:34:d6:85:c9:4d:ca:55:13:
                    e9:ef:16:26:a9:25:33:2f:4e:ce:e7:f7:9f:dd:c2:
                    c3:66:7e:9d:64:ea:3c:a5:cc:46:91:7c:f4:83:a8:
                    17:bf:41:79:cc:2c:8a:57:1c:ee:94:96:95:6c:f7:
                    ea:bb:f0:7f:11:4f:f7:ca:6f:c5:73:a6:19:42:ef:
                    03:96:13:36:e2:f5:9e:17:6e:c9:e9:f5:c4:8c:c5:
                    89:31:2a:13:37:5a:76:a4:bf:fb:f3:82:e4:31:43:
                    7d:df:1a:53:f3:68:b5:d1:a7:f6:2c:cf:a9:a5:45:
                    09:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E3:5F:3C:D8:06:8C:9C:F7:E1:AF:FA:CE:27:D7:65:13:42:59:7C
            X509v3 Authority Key Identifier:
                keyid:76:E0:5E:9E:E5:94:77:E0:15:5F:C1:ED:C0:A1:83:07:29:76:6E:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/duBenuWUd-AVX8HtwKGDByl2bog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/1-eNfPNgGjJz34a_6zifXZRNCWXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/66e51a-fe82-4b5d-9884-b533f4941afe/1/duBenuWUd-AVX8HtwKGDByl2bog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.31.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b0:95:92:cc:68:31:84:06:2e:7b:87:a2:b4:c4:0d:d0:3e:93:
         aa:74:8d:20:b2:a5:39:63:a4:d5:51:e0:84:cb:6b:64:f1:c6:
         b2:58:62:56:83:34:6d:fc:2d:ae:51:c6:a7:17:bc:fd:78:c6:
         85:b6:e8:dc:3d:cd:3e:cf:6b:86:90:b3:c8:a5:34:d6:64:69:
         51:c3:ed:a0:48:d7:cb:68:5c:ad:2b:82:92:08:26:cc:ee:24:
         ee:ae:fc:df:a1:8a:35:7e:0e:7a:51:06:a4:ad:b7:c9:f0:ba:
         82:58:d9:68:60:09:a8:34:67:12:f1:24:89:1e:10:d5:b6:a9:
         50:f2:20:1d:0a:8d:a7:fb:30:9c:4d:e5:74:d6:be:34:9b:f1:
         4e:83:ea:62:84:ba:0e:ee:80:08:dd:e8:93:76:80:8e:43:47:
         26:90:ae:1d:09:20:69:73:83:01:1d:b7:24:87:bc:f7:ce:d9:
         89:7b:c8:60:94:17:87:d2:85:4a:0d:ee:82:0a:5c:02:3b:8d:
         d3:0f:ec:9d:06:8d:cf:80:57:ad:37:dd:fe:73:58:f6:6b:01:
         a5:81:ce:5b:60:50:98:73:f9:2b:aa:c1:7a:16:df:7a:ac:36:
         37:4d:ac:1c:73:77:f8:9d:ce:43:86:89:f4:b7:9e:22:4e:4c:
         6d:86:8e:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaEcNuqwT8CEVBOqwCK4o5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZTA1ZTllZTU5NDc3ZTAxNTVmYzFlZGMwYTE4MzA3Mjk3
NjZlODgwHhcNMjUwNDMwMDIwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWUzNWYzY2Q4MDY4YzljZjdlMWFmZmFjZTI3ZDc2NTEzNDI1OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VdFVJaCGaMl6HE9A+WgRk0AapK1
temaGP9BLpZ8K+f/0r0i6+e9ewVRLd46y9TQ7CGOpi6BdrLA3Jjb7WgvCqMTGwN1
pe+U9zvoMRJSjnu7vUAkR4i2KWkeo2yVem9UhuN/KH6wEyd2c4rQJdPZziCtsdH+
JUi41/zl5I5aXXHXMTF4J82f1kGfaUTTNNaFyU3KVRPp7xYmqSUzL07O5/ef3cLD
Zn6dZOo8pcxGkXz0g6gXv0F5zCyKVxzulJaVbPfqu/B/EU/3ym/Fc6YZQu8DlhM2
4vWeF27J6fXEjMWJMSoTN1p2pL/784LkMUN93xpT82i10af2LM+ppUUJqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnjXzzYBoyc9+Gv+s4n12UTQll8MB8GA1UdIwQY
MBaAFHbgXp7llHfgFV/B7cChgwcpdm6IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHVCZW51V1VkLUFWWDhIdHdLR0RCeWwyYm9nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS82NmU1MWEtZmU4Mi00YjVkLTk4ODQt
YjUzM2Y0OTQxYWZlLzEvMS1lTmZQTmdHakp6MzRhXzZ6aWZYWlJOQ1dYdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTkvNjZlNTFhLWZlODItNGI1ZC05ODg0LWI1MzNmNDk0MWFm
ZS8xL2R1QmVudVdVZC1BVlg4SHR3S0dEQnlsMmJvZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdQfADAN
BgkqhkiG9w0BAQsFAAOCAQEAsJWSzGgxhAYue4eitMQN0D6TqnSNILKlOWOk1VHg
hMtrZPHGslhiVoM0bfwtrlHGpxe8/XjGhbbo3D3NPs9rhpCzyKU01mRpUcPtoEjX
y2hcrSuCkggmzO4k7q7836GKNX4OelEGpK23yfC6gljZaGAJqDRnEvEkiR4Q1bap
UPIgHQqNp/swnE3ldNa+NJvxToPqYoS6Du6ACN3ok3aAjkNHJpCuHQkgaXODAR23
JIe8987ZiXvIYJQXh9KFSg3uggpcAjuN0w/snQaNz4BXrTfd/nNY9msBpYHOW2BQ
mHP5K6rBehbfeqw2N02sHHN3+J3OQ4aJ9LeeIk5MbYaO4g==
-----END CERTIFICATE-----