Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/L80pK6ObZRSScU_AZIXdqKhbLPs.roa
File:                     L80pK6ObZRSScU_AZIXdqKhbLPs.roa (raw, json)
Hash identifier:          18whVklVMP7ZtNSmFR8DrFdceRMOWEFp28FcU5z0yMo=
Subject key identifier:   2F:CD:29:2B:A3:9B:65:14:92:71:4F:C0:64:85:DD:A8:A8:5B:2C:FB
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0197D0C4BC82051C39198C1CBF7346E83803
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/L80pK6ObZRSScU_AZIXdqKhbLPs.roa
Signing time:             Thu 03 Jul 2025 14:50:43 +0000
ROA not before:           Thu 03 Jul 2025 14:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        31.186.168.0/23 maxlen: 23
                          2a02:40c0::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:c4:bc:82:05:1c:39:19:8c:1c:bf:73:46:e8:38:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jul  3 14:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fcd292ba39b651492714fc06485dda8a85b2cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:55:52:85:ab:21:24:07:5f:6f:76:0c:c1:9a:
                    a7:c3:55:95:d2:91:77:44:9f:bb:23:db:a9:a8:b5:
                    3b:b0:2f:20:2e:12:e8:01:1a:92:51:46:22:52:9d:
                    b0:00:3b:0f:78:8b:ef:66:41:d6:f0:4c:05:a5:ad:
                    d5:17:af:b9:92:d1:00:e4:74:66:c9:10:6c:f4:6c:
                    0b:71:c7:26:6a:80:c9:c0:23:d3:1d:94:4e:cc:f0:
                    4c:87:a0:ab:dd:8d:ef:ee:f8:1b:66:12:a1:5c:ba:
                    ff:30:45:71:81:55:bd:6d:6d:52:90:a1:cd:d2:12:
                    eb:59:1e:85:c5:29:d8:45:dc:ed:c2:95:42:a0:a0:
                    d6:84:f4:d1:76:a0:0a:1a:73:65:02:1e:e7:71:1f:
                    52:45:26:9a:aa:df:48:a0:92:94:84:5e:60:7d:bc:
                    9e:45:28:41:26:ff:df:2c:4c:c8:8c:b1:a4:33:1a:
                    d5:92:f6:68:73:de:2d:6c:f4:42:3d:c2:58:20:a5:
                    b3:69:bc:ad:f5:5f:04:c5:6a:1e:67:78:42:43:bc:
                    2f:a7:c8:b8:11:9d:b1:f4:02:c1:51:d2:3f:da:bd:
                    23:e6:16:2a:27:a7:ca:01:40:92:5f:a4:01:95:a4:
                    69:4b:70:28:08:92:6f:c4:08:f3:92:32:75:5e:b1:
                    94:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:CD:29:2B:A3:9B:65:14:92:71:4F:C0:64:85:DD:A8:A8:5B:2C:FB
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/L80pK6ObZRSScU_AZIXdqKhbLPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.168.0/23
                IPv6:
                  2a02:40c0::/36

    Signature Algorithm: sha256WithRSAEncryption
         7d:2d:b6:22:bd:bc:e9:3e:dc:a9:06:b8:29:f3:a8:43:c7:8e:
         8d:25:e4:c1:b4:fe:3c:bf:50:42:6b:21:d4:c1:72:86:b4:6a:
         71:ec:55:17:1e:3d:21:64:e8:e4:ed:48:f1:1b:a2:c7:96:56:
         1a:16:91:01:53:12:5f:80:51:e2:23:b7:46:25:68:d6:c0:15:
         d7:88:9d:df:e8:25:c2:ed:38:c7:08:d7:a9:29:6f:51:07:5a:
         4f:e3:8a:45:1c:a7:a7:07:91:49:e4:4a:0b:ad:da:ba:87:cc:
         5d:9b:e7:0c:c7:27:86:f1:b7:db:eb:34:29:bf:6d:aa:69:60:
         71:cd:10:b1:1a:95:f1:06:af:7b:f1:ea:21:ba:26:11:a5:45:
         03:6c:5e:f5:9d:82:9a:46:e8:a6:0d:53:f5:8e:7c:a6:21:73:
         66:ad:af:12:ab:b9:fb:a6:fc:db:68:e3:d7:37:60:e1:69:c4:
         9b:a9:c6:3a:a1:96:77:d3:3c:78:86:b5:f3:0a:ba:eb:fa:77:
         83:fc:fb:56:d4:7a:e7:73:58:94:95:69:49:c9:9e:5e:11:6e:
         1b:65:17:ff:26:6c:b0:cc:dd:48:6d:73:d5:20:06:dc:fd:eb:
         79:8d:59:ff:64:2a:6b:9f:71:51:5a:ea:4d:4e:92:0a:bb:07:
         24:82:cb:43
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZfQxLyCBRw5GYwcv3NG6DgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwNzAzMTQ1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmNkMjkyYmEzOWI2NTE0OTI3MTRmYzA2NDg1ZGRhOGE4NWIyY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFVShashJAdfb3YMwZqnw1WV0pF3
RJ+7I9upqLU7sC8gLhLoARqSUUYiUp2wADsPeIvvZkHW8EwFpa3VF6+5ktEA5HRm
yRBs9GwLcccmaoDJwCPTHZROzPBMh6Cr3Y3v7vgbZhKhXLr/MEVxgVW9bW1SkKHN
0hLrWR6FxSnYRdztwpVCoKDWhPTRdqAKGnNlAh7ncR9SRSaaqt9IoJKUhF5gfbye
RShBJv/fLEzIjLGkMxrVkvZoc94tbPRCPcJYIKWzabyt9V8ExWoeZ3hCQ7wvp8i4
EZ2x9ALBUdI/2r0j5hYqJ6fKAUCSX6QBlaRpS3AoCJJvxAjzkjJ1XrGUaQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFC/NKSujm2UUknFPwGSF3aioWyz7MB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvTDgwcEs2T2JaUlNTY1VfQVpJWGRxS2hiTFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBH7qoMA4E
AgACMAgDBgQqAkDAADANBgkqhkiG9w0BAQsFAAOCAQEAfS22Ir286T7cqQa4KfOo
Q8eOjSXkwbT+PL9QQmsh1MFyhrRqcexVFx49IWTo5O1I8Ruix5ZWGhaRAVMSX4BR
4iO3RiVo1sAV14id3+glwu04xwjXqSlvUQdaT+OKRRynpweRSeRKC63auofMXZvn
DMcnhvG32+s0Kb9tqmlgcc0QsRqV8Qave/HqIbomEaVFA2xe9Z2Cmkbopg1T9Y58
piFzZq2vEqu5+6b822jj1zdg4WnEm6nGOqGWd9M8eIa18wq66/p3g/z7VtR653NY
lJVpScmeXhFuG2UX/yZssMzdSG1z1SAG3P3reY1Z/2Qqa59xUVrqTU6SCrsHJILL
Qw==
-----END CERTIFICATE-----