Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/OhJdBiV5gHqK6Q0h6IsDLvme2ZU.roa
File:                     OhJdBiV5gHqK6Q0h6IsDLvme2ZU.roa (raw, json)
Hash identifier:          pcJgkYvH3txJDz3lGEDvCW5qFKnvfNpgB8TIvUtYzQk=
Subject key identifier:   3A:12:5D:06:25:79:80:7A:8A:E9:0D:21:E8:8B:03:2E:F9:9E:D9:95
Certificate issuer:       /CN=1455ca30592313388925ee1441009ad31d4bb41f
Certificate serial:       0197C29791F88BA5D8DEB8D0CDC6F47A6B68
Authority key identifier: 14:55:CA:30:59:23:13:38:89:25:EE:14:41:00:9A:D3:1D:4B:B4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/OhJdBiV5gHqK6Q0h6IsDLvme2ZU.roa
Signing time:             Mon 30 Jun 2025 20:46:42 +0000
ROA not before:           Mon 30 Jun 2025 20:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5398
IP address blocks:        31.44.32.0/20 maxlen: 20
                          31.44.44.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:97:91:f8:8b:a5:d8:de:b8:d0:cd:c6:f4:7a:6b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1455ca30592313388925ee1441009ad31d4bb41f
        Validity
            Not Before: Jun 30 20:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a125d062579807a8ae90d21e88b032ef99ed995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8b:5d:5f:65:f2:29:79:d6:98:96:0a:36:8a:
                    93:53:06:24:d9:ce:4a:8a:3d:bb:18:03:46:50:9f:
                    cd:3b:aa:1d:41:1e:02:d7:c5:df:3d:75:96:78:58:
                    ec:8e:cf:c4:2d:7a:51:ce:6f:92:14:f8:95:3d:79:
                    4b:2d:98:d9:9f:13:97:40:87:03:bd:31:df:ad:bb:
                    74:ab:32:ab:ef:34:cc:a2:e3:03:cb:7f:66:b0:fb:
                    e6:b7:b1:9e:4f:3c:8d:30:79:b2:1d:10:40:de:ba:
                    af:ce:8d:87:cd:e3:7f:ba:93:21:f6:82:b9:b5:6f:
                    20:b2:16:48:01:d2:5a:cd:e5:70:c5:1c:75:8e:64:
                    28:8d:3b:b2:a7:53:6f:ff:87:1d:ef:43:58:3d:c6:
                    a4:78:70:e0:d6:de:d4:a2:f0:b1:be:f7:5e:27:39:
                    89:e1:93:79:b8:92:81:85:47:03:96:48:ab:25:fe:
                    3d:00:da:1f:4e:0c:9e:6d:10:77:c5:51:9b:98:5a:
                    c8:32:c0:63:c2:1b:34:66:81:a8:17:42:91:bc:53:
                    8f:67:dc:6f:35:73:59:02:00:22:f8:e0:3b:ec:fb:
                    a1:af:09:be:6a:fe:1b:0a:49:11:79:59:d9:94:64:
                    cf:9d:2f:42:df:ad:29:e6:da:21:de:dd:63:e1:e6:
                    65:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:12:5D:06:25:79:80:7A:8A:E9:0D:21:E8:8B:03:2E:F9:9E:D9:95
            X509v3 Authority Key Identifier:
                keyid:14:55:CA:30:59:23:13:38:89:25:EE:14:41:00:9A:D3:1D:4B:B4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/OhJdBiV5gHqK6Q0h6IsDLvme2ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:a8:a0:94:9d:f8:a2:b1:3c:75:c4:a3:99:02:6c:16:a2:c2:
         09:ea:c6:ec:e6:98:24:07:92:49:dd:00:8c:30:34:8f:4e:45:
         52:74:c6:eb:a8:ac:b3:32:41:92:75:1f:5b:f5:85:42:0a:20:
         99:d4:fc:1c:2d:88:40:28:53:ad:13:84:ff:81:1c:aa:a7:fa:
         03:97:45:bc:bb:87:f8:b6:fe:9e:0e:f8:0a:4a:60:38:58:9c:
         96:2b:ec:1f:e2:15:11:68:d0:e7:22:fa:1a:2d:37:98:44:61:
         f5:4e:ab:71:b2:c8:84:fb:66:62:31:30:67:9e:2a:6a:f9:3a:
         2f:f3:90:00:f7:e0:2c:ee:a5:0b:a2:e8:fd:09:7e:a9:13:63:
         3c:5f:45:55:21:2b:e9:0b:35:05:5a:c8:89:f3:85:5b:a1:b6:
         88:5b:5c:64:bf:24:31:4c:d3:47:eb:f2:44:d7:09:3e:8c:c3:
         67:fa:68:f8:20:a7:00:f1:08:44:0d:4b:08:96:61:d4:a5:1d:
         e4:7e:46:2c:af:32:b9:2f:99:0e:4d:6e:cd:c5:94:36:0f:de:
         34:ca:98:d9:77:92:e2:d6:26:cf:e4:2b:bf:71:f4:61:af:0a:
         30:95:88:68:87:32:b1:d7:33:bc:06:a7:e1:4a:88:00:b5:72:
         43:79:66:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfCl5H4i6XY3rjQzcb0emtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NTVjYTMwNTkyMzEzMzg4OTI1ZWUxNDQxMDA5YWQzMWQ0
YmI0MWYwHhcNMjUwNjMwMjA0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTEyNWQwNjI1Nzk4MDdhOGFlOTBkMjFlODhiMDMyZWY5OWVkOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4tdX2XyKXnWmJYKNoqTUwYk2c5K
ij27GANGUJ/NO6odQR4C18XfPXWWeFjsjs/ELXpRzm+SFPiVPXlLLZjZnxOXQIcD
vTHfrbt0qzKr7zTMouMDy39msPvmt7GeTzyNMHmyHRBA3rqvzo2HzeN/upMh9oK5
tW8gshZIAdJazeVwxRx1jmQojTuyp1Nv/4cd70NYPcakeHDg1t7UovCxvvdeJzmJ
4ZN5uJKBhUcDlkirJf49ANofTgyebRB3xVGbmFrIMsBjwhs0ZoGoF0KRvFOPZ9xv
NXNZAgAi+OA77Puhrwm+av4bCkkReVnZlGTPnS9C360p5toh3t1j4eZlOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoSXQYleYB6iukNIeiLAy75ntmVMB8GA1UdIwQY
MBaAFBRVyjBZIxM4iSXuFEEAmtMdS7QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkZYS01Ga2pFemlKSmU0VVFRQ2EweDFMdEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMDgzMmUtNjc1Yi00ZWMyLWE4MDIt
OWIyNmNhYjc5NDUxLzEvT2hKZEJpVjVnSHFLNlEwaDZJc0RMdm1lMlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMDgzMmUtNjc1Yi00ZWMyLWE4MDItOWIyNmNhYjc5NDUx
LzEvRkZYS01Ga2pFemlKSmU0VVFRQ2EweDFMdEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEHywgMA0G
CSqGSIb3DQEBCwUAA4IBAQAEqKCUnfiisTx1xKOZAmwWosIJ6sbs5pgkB5JJ3QCM
MDSPTkVSdMbrqKyzMkGSdR9b9YVCCiCZ1PwcLYhAKFOtE4T/gRyqp/oDl0W8u4f4
tv6eDvgKSmA4WJyWK+wf4hURaNDnIvoaLTeYRGH1TqtxssiE+2ZiMTBnnipq+Tov
85AA9+As7qULouj9CX6pE2M8X0VVISvpCzUFWsiJ84VbobaIW1xkvyQxTNNH6/JE
1wk+jMNn+mj4IKcA8QhEDUsIlmHUpR3kfkYsrzK5L5kOTW7NxZQ2D940ypjZd5Li
1ibP5Cu/cfRhrwowlYhohzKx1zO8BqfhSogAtXJDeWZU
-----END CERTIFICATE-----