Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/cmLjyeJCay-rIpV13cL4nS3umqA.roa
File:                     cmLjyeJCay-rIpV13cL4nS3umqA.roa (raw, json)
Hash identifier:          zv80BsoFgYMaUhk2eqxE9kG1WrpCEraiiqsDzPaa4r8=
Subject key identifier:   72:62:E3:C9:E2:42:6B:2F:AB:22:95:75:DD:C2:F8:9D:2D:EE:9A:A0
Certificate issuer:       /CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
Certificate serial:       0197FDAC7AE4438BE9DC53F46AD4A62E9329
Authority key identifier: F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/cmLjyeJCay-rIpV13cL4nS3umqA.roa
Signing time:             Sat 12 Jul 2025 08:07:08 +0000
ROA not before:           Sat 12 Jul 2025 08:07:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213173
IP address blocks:        31.3.216.0/24 maxlen: 24
                          84.54.12.0/24 maxlen: 24
                          193.176.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:ac:7a:e4:43:8b:e9:dc:53:f4:6a:d4:a6:2e:93:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
        Validity
            Not Before: Jul 12 08:07:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7262e3c9e2426b2fab229575ddc2f89d2dee9aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d5:6a:5b:7a:86:d3:a3:54:15:77:11:bc:95:
                    11:fa:c3:ca:96:15:99:9e:b7:22:ff:9c:1c:e9:c2:
                    70:3e:8e:85:41:5b:fd:11:64:87:51:98:b6:1c:ae:
                    20:76:25:1c:34:77:2c:ca:8f:18:09:99:50:18:67:
                    d9:0b:0c:f6:a7:b1:cd:37:29:72:82:88:17:73:ca:
                    23:1b:e2:c9:92:ae:d7:3f:57:f3:0c:ea:a0:58:68:
                    ec:14:39:2e:77:9e:2f:e8:d4:6b:47:51:90:3b:dd:
                    5f:fa:c5:a5:bb:35:15:41:7a:0d:3a:d4:0b:c8:5a:
                    2c:07:09:ad:f3:f7:60:fa:82:d5:d1:23:0c:53:92:
                    b1:97:aa:15:3b:4f:0a:12:a6:8e:d2:d6:77:02:98:
                    29:c5:a7:ed:1a:4b:d0:37:84:bf:3d:fa:22:f6:a0:
                    06:c8:8a:e2:a8:95:8b:f3:e6:7f:22:6c:92:af:90:
                    4f:bf:42:1d:7f:6b:1a:b8:5f:1a:5c:15:b8:0a:2e:
                    64:89:53:74:5b:e0:76:43:d9:e3:7d:e0:cc:33:f1:
                    e7:b8:25:ed:3a:09:5e:ca:ec:17:1a:b0:b9:68:0f:
                    8a:52:2e:45:8f:f3:14:1e:dc:39:c0:15:5b:a8:47:
                    42:53:80:47:13:ce:06:4d:85:69:e4:68:94:ed:2e:
                    da:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:62:E3:C9:E2:42:6B:2F:AB:22:95:75:DD:C2:F8:9D:2D:EE:9A:A0
            X509v3 Authority Key Identifier:
                keyid:F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/cmLjyeJCay-rIpV13cL4nS3umqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.216.0/24
                  84.54.12.0/24
                  193.176.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ef:6a:47:66:df:7a:93:9b:62:c8:d7:06:cb:42:3d:ee:29:
         99:8f:1a:9e:fe:17:80:16:fb:97:11:32:cc:67:e8:88:57:db:
         a6:f4:02:5c:b8:d9:f4:b4:50:cd:2d:5f:93:f2:72:40:a8:b9:
         bd:b6:78:1b:e2:09:98:90:52:1d:94:3c:32:7d:46:16:cd:9b:
         15:13:7f:0f:94:04:f8:5d:ac:7c:d8:b5:ef:a9:15:4c:bf:e6:
         e8:eb:3e:cd:8c:8f:ef:2e:77:51:6d:55:65:33:7b:b7:db:28:
         a3:df:fa:15:00:a3:dc:71:f6:be:dd:01:c2:ec:d9:0d:f9:8f:
         40:df:f2:d4:7c:7b:1d:5c:0e:7f:bf:0d:a8:63:81:5c:91:19:
         03:f1:3a:4f:25:d3:4a:44:10:6b:e7:d5:1b:81:03:7b:2b:40:
         63:b6:5a:d9:54:42:6e:b3:c9:4b:1e:22:2d:c9:5f:64:d8:63:
         35:a9:82:a2:e6:ee:45:40:72:cf:ee:bd:b5:c0:ca:97:d4:73:
         65:78:64:c6:0e:5b:37:d9:4b:09:e3:36:6a:94:6c:9e:3f:cc:
         61:f4:7a:f9:20:26:f8:29:17:7b:73:20:1f:8c:c9:fb:34:83:
         ac:49:79:9f:e8:36:f5:22:b4:0c:1a:3d:ea:74:8b:5c:98:27:
         e7:33:79:3c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf9rHrkQ4vp3FP0atSmLpMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OTc3YWY1ODBjODUwY2M4YmY5MDY0OWY5YmRhOGE2YTQ4
YmYzOTYwHhcNMjUwNzEyMDgwNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYyZTNjOWUyNDI2YjJmYWIyMjk1NzVkZGMyZjg5ZDJkZWU5YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9VqW3qG06NUFXcRvJUR+sPKlhWZ
nrci/5wc6cJwPo6FQVv9EWSHUZi2HK4gdiUcNHcsyo8YCZlQGGfZCwz2p7HNNyly
gogXc8ojG+LJkq7XP1fzDOqgWGjsFDkud54v6NRrR1GQO91f+sWluzUVQXoNOtQL
yFosBwmt8/dg+oLV0SMMU5Kxl6oVO08KEqaO0tZ3ApgpxaftGkvQN4S/Pfoi9qAG
yIriqJWL8+Z/ImySr5BPv0Idf2sauF8aXBW4Ci5kiVN0W+B2Q9njfeDMM/HnuCXt
OgleyuwXGrC5aA+KUi5Fj/MUHtw5wBVbqEdCU4BHE84GTYVp5GiU7S7aewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHJi48niQmsvqyKVdd3C+J0t7pqgMB8GA1UdIwQY
MBaAFPeXevWAyFDMi/kGSfm9qKaki/OWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2Mt
MjExMjgwMjcyNTVkLzEvY21ManllSkNheS1ySXBWMTNjTDRuUzN1bXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2MtMjExMjgwMjcyNTVk
LzEvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHwPYAwQA
VDYMAwQAwbDvMA0GCSqGSIb3DQEBCwUAA4IBAQCb72pHZt96k5tiyNcGy0I97imZ
jxqe/heAFvuXETLMZ+iIV9um9AJcuNn0tFDNLV+T8nJAqLm9tngb4gmYkFIdlDwy
fUYWzZsVE38PlAT4Xax82LXvqRVMv+bo6z7NjI/vLndRbVVlM3u32yij3/oVAKPc
cfa+3QHC7NkN+Y9A3/LUfHsdXA5/vw2oY4FckRkD8TpPJdNKRBBr59UbgQN7K0Bj
tlrZVEJus8lLHiItyV9k2GM1qYKi5u5FQHLP7r21wMqX1HNleGTGDls32UsJ4zZq
lGyeP8xh9Hr5ICb4KRd7cyAfjMn7NIOsSXmf6Db1IrQMGj3qdItcmCfnM3k8
-----END CERTIFICATE-----