Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/_F9CbaknJSWn0mVzJPOP4tRKo9o.roa
File:                     _F9CbaknJSWn0mVzJPOP4tRKo9o.roa (raw, json)
Hash identifier:          I0SYT1j5GoUF7v4r119jalWeSStWvqLdzwjXzafAmSc=
Subject key identifier:   FC:5F:42:6D:A9:27:25:25:A7:D2:65:73:24:F3:8F:E2:D4:4A:A3:DA
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0198277E9EE5AF6C0CE1E1ADE4F7A1EE325A
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/_F9CbaknJSWn0mVzJPOP4tRKo9o.roa
Signing time:             Sun 20 Jul 2025 11:01:06 +0000
ROA not before:           Sun 20 Jul 2025 11:01:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        5.56.31.0/24 maxlen: 24
                          109.122.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:7e:9e:e5:af:6c:0c:e1:e1:ad:e4:f7:a1:ee:32:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jul 20 11:01:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc5f426da9272525a7d2657324f38fe2d44aa3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d2:40:04:74:40:25:c2:bf:7e:5a:8b:12:45:
                    fd:7f:e0:79:95:44:1d:d4:f2:57:1b:08:89:cf:98:
                    2d:05:8e:d8:55:b1:27:74:85:a4:5a:8c:36:e8:ef:
                    91:b0:a8:85:db:8e:07:25:dc:1e:a2:85:ba:8f:d3:
                    dd:6c:21:88:18:64:45:df:3b:fc:5a:be:7d:ef:5e:
                    ed:c0:3c:2e:20:e2:fe:eb:9a:d3:cc:3a:3a:bf:7f:
                    fb:fc:29:96:be:3a:29:a6:fb:c8:be:3b:8f:14:f3:
                    08:50:5c:e9:6f:85:40:92:54:f9:f8:9a:ac:4d:97:
                    ae:de:6e:91:77:7d:8b:42:43:6b:d4:8b:01:49:d0:
                    b4:e0:c5:78:44:97:38:cf:b1:5b:41:fb:9f:55:6c:
                    07:fd:7b:b7:06:3d:db:ae:47:ed:06:ae:ad:0a:ec:
                    63:7e:02:5a:cb:da:36:2c:39:6c:10:7e:5d:5f:57:
                    e6:80:b3:ea:22:62:d5:ce:49:d3:cf:35:b8:69:ca:
                    79:07:85:0b:30:22:18:50:92:74:64:3f:ea:28:19:
                    35:97:1c:38:4e:73:1b:79:cb:f5:7a:43:5c:40:84:
                    d4:2c:54:44:3f:9e:a3:ad:7d:10:5f:4d:01:0b:98:
                    19:2a:5c:56:8e:f9:7f:8e:ab:f1:b1:8f:b5:30:ec:
                    ec:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5F:42:6D:A9:27:25:25:A7:D2:65:73:24:F3:8F:E2:D4:4A:A3:DA
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/_F9CbaknJSWn0mVzJPOP4tRKo9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.31.0/24
                  109.122.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:29:d2:44:06:96:36:98:c3:d4:d6:b3:17:cc:25:1b:f5:eb:
         a3:14:ae:4c:2f:ac:cd:6c:cc:53:d4:eb:fb:70:6f:17:a0:2b:
         2d:6a:04:b0:67:f4:5d:a0:f8:8c:a0:30:e2:13:ed:bf:7e:35:
         d1:94:d0:19:1e:8b:53:79:6d:27:8f:96:40:5e:7e:ae:5e:86:
         0a:a1:c8:b5:88:1f:37:9f:5f:c9:8b:28:e4:ba:15:8f:cc:af:
         03:c5:4f:52:be:21:6b:30:42:d4:1b:46:d2:63:6d:fa:62:5c:
         e4:e0:24:5d:fd:d1:a3:b4:6d:7d:e5:6f:a4:fe:a4:4a:85:02:
         5a:7e:5e:cb:ba:2d:cf:57:99:89:5c:d2:ba:46:01:fa:fe:c8:
         d7:35:5c:88:26:f0:4e:dd:3f:df:48:81:9d:aa:b6:a9:f3:73:
         68:cc:50:43:9e:c7:54:f8:f1:a7:7b:a2:b1:bf:f4:fe:24:53:
         b7:3d:cb:63:56:d6:62:7e:e8:68:cc:13:f2:18:95:fc:29:4c:
         56:ea:44:37:4c:90:32:a0:9c:85:6b:92:fb:34:04:9b:e9:fb:
         3b:d7:16:63:c9:c2:fe:96:b7:ad:3b:5a:f6:53:45:d0:cf:c7:
         0b:57:bc:39:97:2f:41:69:91:af:39:83:cb:a1:e4:24:28:66:
         9b:80:24:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgnfp7lr2wM4eGt5Peh7jJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNzIwMTEwMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVmNDI2ZGE5MjcyNTI1YTdkMjY1NzMyNGYzOGZlMmQ0NGFhM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9JABHRAJcK/flqLEkX9f+B5lUQd
1PJXGwiJz5gtBY7YVbEndIWkWow26O+RsKiF244HJdweooW6j9PdbCGIGGRF3zv8
Wr59717twDwuIOL+65rTzDo6v3/7/CmWvjoppvvIvjuPFPMIUFzpb4VAklT5+Jqs
TZeu3m6Rd32LQkNr1IsBSdC04MV4RJc4z7FbQfufVWwH/Xu3Bj3brkftBq6tCuxj
fgJay9o2LDlsEH5dX1fmgLPqImLVzknTzzW4acp5B4ULMCIYUJJ0ZD/qKBk1lxw4
TnMbecv1ekNcQITULFREP56jrX0QX00BC5gZKlxWjvl/jqvxsY+1MOzsiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPxfQm2pJyUlp9JlcyTzj+LUSqPaMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvX0Y5Q2Jha25KU1duMG1WekpQT1A0dFJLbzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTgfAwQA
bXo9MA0GCSqGSIb3DQEBCwUAA4IBAQA7KdJEBpY2mMPU1rMXzCUb9eujFK5ML6zN
bMxT1Ov7cG8XoCstagSwZ/RdoPiMoDDiE+2/fjXRlNAZHotTeW0nj5ZAXn6uXoYK
oci1iB83n1/JiyjkuhWPzK8DxU9SviFrMELUG0bSY236Ylzk4CRd/dGjtG195W+k
/qRKhQJafl7Lui3PV5mJXNK6RgH6/sjXNVyIJvBO3T/fSIGdqrap83NozFBDnsdU
+PGne6Kxv/T+JFO3PctjVtZifuhozBPyGJX8KUxW6kQ3TJAyoJyFa5L7NASb6fs7
1xZjycL+lretO1r2U0XQz8cLV7w5ly9BaZGvOYPLoeQkKGabgCS9
-----END CERTIFICATE-----