Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CY5RuSf7ZqfFjpnS8xnBEMVHo7Y.roa
File:                     CY5RuSf7ZqfFjpnS8xnBEMVHo7Y.roa (raw, json)
Hash identifier:          FYLpsue9S+n7FBiBBNfD6aKzQOCWqbmIhb8nVgwGczU=
Subject key identifier:   09:8E:51:B9:27:FB:66:A7:C5:8E:99:D2:F3:19:C1:10:C5:47:A3:B6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019541EBBC1B9D2F8E2DDA7092B91926C4A8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CY5RuSf7ZqfFjpnS8xnBEMVHo7Y.roa
Signing time:             Wed 26 Feb 2025 11:02:02 +0000
ROA not before:           Wed 26 Feb 2025 11:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212591
IP address blocks:        31.13.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:eb:bc:1b:9d:2f:8e:2d:da:70:92:b9:19:26:c4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 26 11:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=098e51b927fb66a7c58e99d2f319c110c547a3b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2b:a3:80:64:85:fa:7a:1b:34:88:40:18:19:
                    b1:b9:6b:39:93:9c:20:a1:18:08:66:8b:f3:f4:0e:
                    7f:de:89:ea:49:63:e4:4b:c0:ff:c6:8b:00:e7:e9:
                    92:e8:92:b4:1e:58:4b:8f:7c:42:3d:51:f5:63:26:
                    56:0c:34:28:b7:ac:13:ab:de:22:2a:d8:51:23:bb:
                    bb:0b:13:bd:83:d9:a2:71:a0:a6:70:c4:45:d6:d7:
                    22:4a:c9:ff:57:3e:4b:1f:8d:7d:f8:e4:e6:40:95:
                    1f:9c:36:e2:c6:ba:79:55:46:04:da:98:4a:f7:0d:
                    76:1b:11:5b:02:84:5b:1e:be:ba:91:f0:07:aa:1c:
                    93:1c:20:ce:79:e7:b3:1a:93:07:d6:4e:f1:e0:37:
                    10:b1:08:57:49:a0:6f:1f:c9:84:92:5b:2e:61:31:
                    73:af:7d:a9:0f:49:c1:d7:bc:fd:a3:9a:4a:66:1e:
                    ec:60:9d:ab:55:d8:09:c7:10:4d:fb:91:b8:ff:09:
                    a3:05:3c:3a:38:93:c6:ab:08:24:cb:2a:1b:c2:ae:
                    13:7d:80:cf:53:5e:35:b9:a6:e7:b6:df:3f:74:0f:
                    35:96:b6:c6:2d:54:f2:65:97:fc:6e:29:d3:0c:e8:
                    28:ea:c7:49:77:e8:f5:3c:73:0c:19:ee:1f:23:60:
                    0c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8E:51:B9:27:FB:66:A7:C5:8E:99:D2:F3:19:C1:10:C5:47:A3:B6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CY5RuSf7ZqfFjpnS8xnBEMVHo7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:b5:15:9b:94:6a:13:62:1a:e0:d1:86:b7:75:5a:84:d9:68:
         77:41:3f:29:39:78:56:9f:f4:63:4b:d6:e1:36:34:bf:b0:81:
         41:a6:24:dc:2a:9b:82:f2:08:1c:31:d7:c1:15:90:d5:99:17:
         80:32:bd:af:67:f2:25:b8:4c:45:6d:16:9a:92:27:fc:37:9a:
         ac:d5:15:ab:57:97:3a:db:a7:34:51:f7:4d:fe:b5:9d:e7:c8:
         97:57:02:dd:68:fb:8d:b7:87:a5:71:5c:ea:85:d8:50:af:83:
         a2:f9:2c:88:d7:9e:63:df:c4:0f:cf:10:a1:70:a1:f0:f7:74:
         1e:b0:c2:87:63:4f:67:8e:af:79:6d:05:fb:26:ab:e7:66:db:
         ec:4b:73:c5:e7:ed:c0:0b:c3:f6:38:38:c2:41:c2:b0:c9:d6:
         cb:7c:e6:a9:a2:d0:29:09:e5:ac:76:2a:86:82:ce:3a:d4:af:
         2e:36:39:ae:04:9f:54:73:c5:f5:53:da:31:00:31:da:01:72:
         f0:0f:c4:c0:f2:56:6a:1d:4f:2e:e0:22:b2:89:82:1e:69:b1:
         ad:90:54:56:c5:93:06:47:e1:73:99:50:a9:87:3d:97:09:41:
         d0:a0:a5:10:88:7b:79:03:28:38:0f:80:99:29:06:b0:63:69:
         9b:00:6e:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVB67wbnS+OLdpwkrkZJsSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjI2MTEwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThlNTFiOTI3ZmI2NmE3YzU4ZTk5ZDJmMzE5YzExMGM1NDdhM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyujgGSF+nobNIhAGBmxuWs5k5wg
oRgIZovz9A5/3onqSWPkS8D/xosA5+mS6JK0HlhLj3xCPVH1YyZWDDQot6wTq94i
KthRI7u7CxO9g9micaCmcMRF1tciSsn/Vz5LH419+OTmQJUfnDbixrp5VUYE2phK
9w12GxFbAoRbHr66kfAHqhyTHCDOeeezGpMH1k7x4DcQsQhXSaBvH8mEklsuYTFz
r32pD0nB17z9o5pKZh7sYJ2rVdgJxxBN+5G4/wmjBTw6OJPGqwgkyyobwq4TfYDP
U141uabntt8/dA81lrbGLVTyZZf8binTDOgo6sdJd+j1PHMMGe4fI2AMrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmOUbkn+2anxY6Z0vMZwRDFR6O2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ1k1UnVTZjdacWZGanBuUzh4bkJFTVZIbzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw3hMA0G
CSqGSIb3DQEBCwUAA4IBAQAPtRWblGoTYhrg0Ya3dVqE2Wh3QT8pOXhWn/RjS9bh
NjS/sIFBpiTcKpuC8ggcMdfBFZDVmReAMr2vZ/IluExFbRaakif8N5qs1RWrV5c6
26c0UfdN/rWd58iXVwLdaPuNt4elcVzqhdhQr4Oi+SyI155j38QPzxChcKHw93Qe
sMKHY09njq95bQX7JqvnZtvsS3PF5+3AC8P2ODjCQcKwydbLfOapotApCeWsdiqG
gs461K8uNjmuBJ9Uc8X1U9oxADHaAXLwD8TA8lZqHU8u4CKyiYIeabGtkFRWxZMG
R+FzmVCphz2XCUHQoKUQiHt5Ayg4D4CZKQawY2mbAG43
-----END CERTIFICATE-----