Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/v3bSpbjTC6psVgr1XbQzjcFGY_8.roa
File:                     v3bSpbjTC6psVgr1XbQzjcFGY_8.roa (raw, json)
Hash identifier:          HNkl/W6ZnjYjwBvB8Em1B1NnaKCl7GplXuw/LB2aQRs=
Subject key identifier:   BF:76:D2:A5:B8:D3:0B:AA:6C:56:0A:F5:5D:B4:33:8D:C1:46:63:FF
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0195B2D665E11FE4CA87D31364F27AF62B4F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/v3bSpbjTC6psVgr1XbQzjcFGY_8.roa
Signing time:             Thu 20 Mar 2025 09:15:49 +0000
ROA not before:           Thu 20 Mar 2025 09:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35048
IP address blocks:        31.40.203.0/24 maxlen: 24
                          212.115.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:d6:65:e1:1f:e4:ca:87:d3:13:64:f2:7a:f6:2b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 20 09:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf76d2a5b8d30baa6c560af55db4338dc14663ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e0:79:ad:cd:4c:61:ae:a9:e4:11:f0:e5:e3:
                    9a:3d:ae:fb:ab:13:a4:b2:d5:d9:1e:d9:f7:ca:c0:
                    09:b5:b8:dc:46:ad:36:b9:21:52:f1:3d:48:a1:13:
                    d8:a6:8c:46:47:9e:87:31:f7:a7:c8:65:96:6f:44:
                    d6:59:3c:a1:8d:cc:67:71:7f:9d:09:4a:bc:14:3c:
                    5c:89:f1:d4:ad:cf:16:e5:8b:f4:5c:d5:64:61:93:
                    1f:9c:5c:32:3c:cc:b8:f1:3a:40:c9:49:b5:55:31:
                    56:3f:bd:45:e8:5b:39:4c:1c:f2:8a:10:2b:d5:1e:
                    62:31:50:ba:a6:08:9c:29:5b:7d:6d:a9:5d:0b:32:
                    06:ea:f1:c4:50:16:e4:58:55:71:2f:d4:3d:6f:a7:
                    43:23:70:32:64:02:0d:a4:cc:eb:c7:9b:f4:b9:8b:
                    ee:57:a7:99:e9:43:ec:1c:e2:68:72:5e:60:f4:23:
                    5a:78:b0:7b:f0:40:9e:f3:c2:c3:9a:a4:b0:ff:68:
                    47:1d:ef:b5:e8:fd:f0:ce:d0:96:13:9a:d5:ef:9f:
                    2c:5a:eb:98:e4:f9:56:50:31:98:08:da:b8:83:c8:
                    c3:ff:75:46:a9:52:77:aa:dd:9c:b8:8a:ce:56:f0:
                    e7:96:df:b0:35:c9:42:49:08:16:0b:5a:d7:e6:34:
                    39:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:76:D2:A5:B8:D3:0B:AA:6C:56:0A:F5:5D:B4:33:8D:C1:46:63:FF
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/v3bSpbjTC6psVgr1XbQzjcFGY_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.203.0/24
                  212.115.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:54:51:8c:30:d8:30:69:01:36:f8:4a:a9:0f:32:28:fe:ea:
         28:22:c0:06:0d:20:78:e1:9c:67:91:e3:b3:de:e7:70:77:bb:
         2f:5e:ba:3a:fc:35:11:32:b3:4e:2c:10:7e:b1:45:14:db:de:
         23:0e:da:48:60:0e:87:20:78:01:50:e4:88:6e:c1:4d:30:34:
         b8:e1:52:d0:df:f3:11:74:a3:86:5c:23:b2:2b:60:dc:f2:ad:
         1d:86:21:71:f4:cb:d2:d1:88:bd:48:a1:fc:79:fd:1c:f3:4c:
         d6:25:78:cb:38:d4:e0:f3:31:61:1f:17:8e:56:bc:1d:db:b0:
         1b:52:76:53:45:7f:35:44:8c:9c:ba:0f:e0:aa:18:be:0a:54:
         80:3c:4a:e1:3e:22:74:03:20:56:0d:e3:77:21:25:61:b0:39:
         9d:5d:7e:17:f0:80:f9:bf:2c:f9:06:b0:2f:a9:4d:fc:ac:36:
         9d:19:40:75:be:c2:a9:68:f4:7b:f8:82:26:84:6c:b9:17:6c:
         5a:e5:d7:a5:0b:7d:d0:1f:5c:4a:66:20:63:70:e2:91:58:f4:
         c0:69:37:85:09:51:9e:60:02:83:ab:1d:48:ba:02:5c:ba:0d:
         56:e8:b7:be:21:5c:9f:0b:70:c1:2e:29:cf:3c:13:d5:13:62:
         96:5d:12:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWy1mXhH+TKh9MTZPJ69itPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMzIwMDkxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjc2ZDJhNWI4ZDMwYmFhNmM1NjBhZjU1ZGI0MzM4ZGMxNDY2M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluB5rc1MYa6p5BHw5eOaPa77qxOk
stXZHtn3ysAJtbjcRq02uSFS8T1IoRPYpoxGR56HMfenyGWWb0TWWTyhjcxncX+d
CUq8FDxcifHUrc8W5Yv0XNVkYZMfnFwyPMy48TpAyUm1VTFWP71F6Fs5TBzyihAr
1R5iMVC6pgicKVt9baldCzIG6vHEUBbkWFVxL9Q9b6dDI3AyZAINpMzrx5v0uYvu
V6eZ6UPsHOJocl5g9CNaeLB78ECe88LDmqSw/2hHHe+16P3wztCWE5rV758sWuuY
5PlWUDGYCNq4g8jD/3VGqVJ3qt2cuIrOVvDnlt+wNclCSQgWC1rX5jQ5FQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL920qW40wuqbFYK9V20M43BRmP/MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdjNiU3BialRDNnBzVmdyMVhiUXpqY0ZHWV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyjLAwQA
1HMxMA0GCSqGSIb3DQEBCwUAA4IBAQBcVFGMMNgwaQE2+EqpDzIo/uooIsAGDSB4
4ZxnkeOz3udwd7svXro6/DURMrNOLBB+sUUU294jDtpIYA6HIHgBUOSIbsFNMDS4
4VLQ3/MRdKOGXCOyK2Dc8q0dhiFx9MvS0Yi9SKH8ef0c80zWJXjLONTg8zFhHxeO
Vrwd27AbUnZTRX81RIycug/gqhi+ClSAPErhPiJ0AyBWDeN3ISVhsDmdXX4X8ID5
vyz5BrAvqU38rDadGUB1vsKpaPR7+IImhGy5F2xa5delC33QH1xKZiBjcOKRWPTA
aTeFCVGeYAKDqx1IugJcug1W6Le+IVyfC3DBLinPPBPVE2KWXRLM
-----END CERTIFICATE-----