Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/IzTlykprYa47CsY3y6FzjPAAIis.roa
File:                     IzTlykprYa47CsY3y6FzjPAAIis.roa (raw, json)
Hash identifier:          LStGQNgjfNAdb8m54IZ8WSpvULJzoLzTT0WYnkkBfps=
Subject key identifier:   23:34:E5:CA:4A:6B:61:AE:3B:0A:C6:37:CB:A1:73:8C:F0:00:22:2B
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       0197E4C5435DAF9C6991ACCEDEB9250DAD17
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/IzTlykprYa47CsY3y6FzjPAAIis.roa
Signing time:             Mon 07 Jul 2025 12:03:42 +0000
ROA not before:           Mon 07 Jul 2025 12:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        31.133.88.0/24 maxlen: 24
                          31.133.89.0/24 maxlen: 24
                          31.133.90.0/24 maxlen: 24
                          31.133.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 19:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:c5:43:5d:af:9c:69:91:ac:ce:de:b9:25:0d:ad:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Jul  7 12:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2334e5ca4a6b61ae3b0ac637cba1738cf000222b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:37:c3:73:fa:22:0d:0d:85:54:4f:2a:fa:50:
                    32:42:84:8b:a6:23:d4:ae:5f:55:b9:a7:9e:c8:e0:
                    41:c8:c0:77:69:c6:e9:6e:9c:8d:7f:40:f0:8c:22:
                    79:64:1c:98:bf:f9:63:73:6c:44:fe:28:25:0a:06:
                    fd:60:99:f4:e5:df:6e:2f:3a:b9:97:eb:37:0f:d6:
                    4b:6f:0f:ec:93:58:ae:59:da:a8:e3:ae:72:f8:d4:
                    f1:6d:bc:fa:1e:be:a3:84:5b:ae:b6:74:a2:25:a9:
                    f8:c3:6b:57:67:9e:4c:62:50:ec:aa:69:c1:0f:96:
                    23:b5:0a:59:3c:7e:bd:d7:98:f4:7f:21:9c:72:da:
                    2f:47:52:41:22:67:63:df:de:e2:ce:66:f1:9d:37:
                    3d:39:4d:8b:73:f7:12:dc:bb:83:d7:5a:87:70:e7:
                    cf:dc:4b:09:ad:7f:4c:fd:ee:90:96:eb:ab:9d:69:
                    74:f9:29:7d:e7:d3:6a:e2:1d:c7:50:69:b9:9e:62:
                    39:5b:41:de:e8:3b:34:00:c5:86:33:37:9c:e4:ba:
                    e5:45:ae:1c:2f:fa:ec:13:4b:73:a3:63:af:d6:d3:
                    e6:fc:6e:19:8b:f2:bd:e0:31:8d:97:a4:5d:9f:0c:
                    a9:ce:2f:a4:4a:66:64:4e:7d:c1:5b:01:1b:b2:02:
                    70:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:34:E5:CA:4A:6B:61:AE:3B:0A:C6:37:CB:A1:73:8C:F0:00:22:2B
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/IzTlykprYa47CsY3y6FzjPAAIis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:3a:ab:48:3d:fe:38:58:f9:31:9b:78:0a:f1:39:23:ca:4c:
         62:f4:57:8b:12:96:13:04:c9:5f:be:15:16:4d:54:48:59:18:
         84:64:da:00:b1:fd:6d:a9:01:b1:ed:20:00:03:71:fe:9c:88:
         d2:de:23:72:1d:f6:fa:ae:01:b7:b6:44:d4:a4:e9:d4:c9:a2:
         fe:86:7d:3c:db:72:84:aa:85:b1:37:50:5e:0e:7b:09:38:a5:
         a2:dc:50:c3:f1:b4:d4:b8:e0:9c:5a:0d:c4:17:bd:74:8f:7a:
         fd:63:db:ae:38:db:d1:08:96:14:9d:6e:1c:0c:67:07:71:9e:
         76:5b:b1:d5:2f:f3:c4:f4:af:08:82:5d:81:da:67:93:16:6c:
         59:c3:1e:c6:23:af:da:ae:98:8f:81:9b:9d:8d:81:64:3b:2a:
         85:a1:a8:20:a8:0d:ab:96:fb:be:6a:ca:f9:21:44:5b:0b:a1:
         76:12:1b:4a:37:e1:6b:3e:a3:15:35:5b:50:a9:3a:f9:97:09:
         fd:ba:98:15:20:c8:50:f1:7c:46:ed:5a:03:66:fb:14:14:09:
         17:4a:b5:08:71:2a:3b:a4:2f:c3:c4:50:e3:df:1f:ed:83:22:
         42:50:81:a4:27:52:68:f9:9d:b8:3a:6e:41:e5:19:c0:cc:89:
         bf:18:04:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkxUNdr5xpkazO3rklDa0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjUwNzA3MTIwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzM0ZTVjYTRhNmI2MWFlM2IwYWM2MzdjYmExNzM4Y2YwMDAyMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTfDc/oiDQ2FVE8q+lAyQoSLpiPU
rl9VuaeeyOBByMB3acbpbpyNf0DwjCJ5ZByYv/ljc2xE/iglCgb9YJn05d9uLzq5
l+s3D9ZLbw/sk1iuWdqo465y+NTxbbz6Hr6jhFuutnSiJan4w2tXZ55MYlDsqmnB
D5YjtQpZPH6915j0fyGcctovR1JBImdj397izmbxnTc9OU2Lc/cS3LuD11qHcOfP
3EsJrX9M/e6QluurnWl0+Sl959Nq4h3HUGm5nmI5W0He6Ds0AMWGMzec5LrlRa4c
L/rsE0tzo2Ov1tPm/G4Zi/K94DGNl6Rdnwypzi+kSmZkTn3BWwEbsgJwbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCM05cpKa2GuOwrGN8uhc4zwACIrMB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvSXpUbHlrcHJZYTQ3Q3NZM3k2RnpqUEFBSWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH4VYMA0G
CSqGSIb3DQEBCwUAA4IBAQCXOqtIPf44WPkxm3gK8Tkjykxi9FeLEpYTBMlfvhUW
TVRIWRiEZNoAsf1tqQGx7SAAA3H+nIjS3iNyHfb6rgG3tkTUpOnUyaL+hn0823KE
qoWxN1BeDnsJOKWi3FDD8bTUuOCcWg3EF710j3r9Y9uuONvRCJYUnW4cDGcHcZ52
W7HVL/PE9K8Igl2B2meTFmxZwx7GI6/arpiPgZudjYFkOyqFoaggqA2rlvu+asr5
IURbC6F2EhtKN+FrPqMVNVtQqTr5lwn9upgVIMhQ8XxG7VoDZvsUFAkXSrUIcSo7
pC/DxFDj3x/tgyJCUIGkJ1Jo+Z24Om5B5RnAzIm/GASh
-----END CERTIFICATE-----