Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/vIlI_dchwexZNflF7gIM73uLcOg.roa
File:                     vIlI_dchwexZNflF7gIM73uLcOg.roa (raw, json)
Hash identifier:          pny1c3FWYabHzSSLkClEvdiIBKMwq09M8u+AIiKsPlk=
Subject key identifier:   BC:89:48:FD:D7:21:C1:EC:59:35:F9:45:EE:02:0C:EF:7B:8B:70:E8
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       0197C67AC1370589B779865311EF1B7286FC
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/vIlI_dchwexZNflF7gIM73uLcOg.roa
Signing time:             Tue 01 Jul 2025 14:53:42 +0000
ROA not before:           Tue 01 Jul 2025 14:53:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207459
IP address blocks:        46.31.76.0/24 maxlen: 24
                          46.31.78.0/24 maxlen: 24
                          46.31.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:7a:c1:37:05:89:b7:79:86:53:11:ef:1b:72:86:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Jul  1 14:53:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc8948fdd721c1ec5935f945ee020cef7b8b70e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:99:1d:9d:59:d9:d5:b8:8a:e7:3b:9c:91:29:
                    48:f4:ef:45:f2:bc:24:e1:58:e0:a4:09:a6:3a:a6:
                    dd:7f:ad:51:b9:eb:eb:ce:76:3b:98:90:de:97:3c:
                    64:84:57:be:8a:a6:6e:4c:02:28:9a:5d:3b:24:5d:
                    8d:dc:06:a3:20:f6:a0:4c:9f:0c:d8:5b:04:92:83:
                    6a:73:bb:79:a8:21:26:3b:b9:7c:8d:f1:ff:53:41:
                    53:b8:bb:83:5a:d4:4a:ce:f7:8d:40:44:dc:0c:66:
                    a8:77:ee:d9:09:17:68:03:51:f2:c6:17:13:ff:f2:
                    f3:91:20:8e:f6:36:72:ce:2e:71:b6:fe:a0:3b:63:
                    3d:f4:fa:a3:5c:b1:98:7c:1f:56:92:9d:de:e9:73:
                    50:72:81:06:12:ae:ca:73:80:15:7b:09:20:37:22:
                    d6:ce:bd:f2:98:de:8b:12:85:84:46:52:20:1c:3a:
                    ac:9b:97:b6:ee:56:5a:49:01:bb:b4:f1:5a:60:85:
                    f3:a7:45:b8:79:1f:3a:17:8d:21:8a:48:55:91:66:
                    f6:28:14:2b:d0:10:af:02:6a:18:da:01:5b:b0:7f:
                    1b:48:8e:be:50:84:e4:82:49:3b:ac:16:a3:25:47:
                    79:31:93:36:6a:46:20:65:8d:5c:69:2c:fe:47:13:
                    d8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:89:48:FD:D7:21:C1:EC:59:35:F9:45:EE:02:0C:EF:7B:8B:70:E8
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/vIlI_dchwexZNflF7gIM73uLcOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.76.0/24
                  46.31.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:7e:a6:dc:05:eb:ef:e2:2f:be:06:5c:13:f1:16:83:75:0a:
         f6:f0:be:34:9f:46:f5:17:5b:02:d1:70:77:64:30:60:72:8a:
         14:7b:4e:40:64:53:a5:a4:34:b3:2e:11:d7:03:c5:d4:d3:ef:
         de:e4:cd:38:ff:6e:1c:d6:0b:a2:7c:e3:4e:67:f3:13:21:4a:
         6d:fa:2e:6f:12:80:44:83:a8:fd:a4:b5:dc:c0:41:7b:78:de:
         b0:0c:7f:98:f9:b3:d1:44:29:a4:d2:78:40:f8:b9:39:80:33:
         17:54:dd:d5:ec:db:b1:74:8f:d5:92:05:3c:0f:a9:db:df:f7:
         e4:ca:fe:09:7a:d8:81:ec:fa:99:bd:30:95:42:d6:bd:11:c6:
         8e:54:89:b6:c1:ff:df:6e:6b:54:93:47:36:b4:a8:54:51:dd:
         d3:53:3a:a0:2a:ba:4b:60:0c:1c:22:b0:01:ba:4b:21:7a:09:
         a8:cf:42:a5:e1:79:f7:2c:0d:c2:66:df:7a:3f:5b:f1:56:7f:
         6e:1e:68:d7:ca:5d:1d:08:f0:57:ae:f1:d8:8b:e9:d1:b5:fc:
         41:0c:b8:83:a6:4f:d4:14:74:d4:9d:39:e7:e3:00:bc:69:70:
         ca:5d:c9:44:e9:43:4e:c7:31:ed:f7:27:28:bb:17:81:15:34:
         74:27:81:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfGesE3BYm3eYZTEe8bcob8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwNzAxMTQ1MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzg5NDhmZGQ3MjFjMWVjNTkzNWY5NDVlZTAyMGNlZjdiOGI3MGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5kdnVnZ1biK5zuckSlI9O9F8rwk
4VjgpAmmOqbdf61RuevrznY7mJDelzxkhFe+iqZuTAIoml07JF2N3AajIPagTJ8M
2FsEkoNqc7t5qCEmO7l8jfH/U0FTuLuDWtRKzveNQETcDGaod+7ZCRdoA1HyxhcT
//LzkSCO9jZyzi5xtv6gO2M99PqjXLGYfB9Wkp3e6XNQcoEGEq7Kc4AVewkgNyLW
zr3ymN6LEoWERlIgHDqsm5e27lZaSQG7tPFaYIXzp0W4eR86F40hikhVkWb2KBQr
0BCvAmoY2gFbsH8bSI6+UITkgkk7rBajJUd5MZM2akYgZY1caSz+RxPYpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLyJSP3XIcHsWTX5Re4CDO97i3DoMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvdklsSV9kY2h3ZXhaTmZsRjdnSU03M3VMY09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh9MAwQB
Lh9OMA0GCSqGSIb3DQEBCwUAA4IBAQAVfqbcBevv4i++BlwT8RaDdQr28L40n0b1
F1sC0XB3ZDBgcooUe05AZFOlpDSzLhHXA8XU0+/e5M04/24c1guifONOZ/MTIUpt
+i5vEoBEg6j9pLXcwEF7eN6wDH+Y+bPRRCmk0nhA+Lk5gDMXVN3V7NuxdI/VkgU8
D6nb3/fkyv4JetiB7PqZvTCVQta9EcaOVIm2wf/fbmtUk0c2tKhUUd3TUzqgKrpL
YAwcIrABukshegmoz0Kl4Xn3LA3CZt96P1vxVn9uHmjXyl0dCPBXrvHYi+nRtfxB
DLiDpk/UFHTUnTnn4wC8aXDKXclE6UNOxzHt9ycouxeBFTR0J4Hc
-----END CERTIFICATE-----