Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/BZgRuxw6XN5JK6FOhunyeY0a9Fc.roa
File:                     BZgRuxw6XN5JK6FOhunyeY0a9Fc.roa (raw, json)
Hash identifier:          yKRC8CuGjayGobPtwmCDX6ktnCZk3RWj3tDYbdA547A=
Subject key identifier:   05:98:11:BB:1C:3A:5C:DE:49:2B:A1:4E:86:E9:F2:79:8D:1A:F4:57
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       01941F8C93194498BFA01BCD850E0C8ECFA7
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/BZgRuxw6XN5JK6FOhunyeY0a9Fc.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200468
IP address blocks:        31.3.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:93:19:44:98:bf:a0:1b:cd:85:0e:0c:8e:cf:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=059811bb1c3a5cde492ba14e86e9f2798d1af457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ef:bc:1f:d0:f3:48:d7:16:bd:0d:70:0e:3d:
                    b2:82:cf:e1:4d:e8:9f:ef:73:fb:06:22:83:fe:e1:
                    3c:c9:b8:a3:af:c5:ed:bc:f9:e8:d4:66:22:c8:21:
                    00:31:3e:7f:6b:bd:57:37:7c:83:b5:4c:4c:b7:8b:
                    fb:7a:d6:a2:5f:34:d8:c2:ec:86:25:fa:50:c1:83:
                    55:d1:83:51:29:1c:45:8e:0a:e7:88:8a:e0:f0:a2:
                    cd:81:0c:a5:7b:da:a6:de:45:fc:ad:47:01:91:cd:
                    f5:77:c6:a6:91:1a:a2:ab:9a:f0:72:73:5e:9a:a7:
                    a3:e1:86:c0:a4:81:85:60:ab:f8:c0:dc:f6:b1:b8:
                    91:52:c3:4d:88:0c:9a:8e:7d:63:7f:03:36:e6:9f:
                    50:b3:c0:6e:55:f9:64:96:8f:a0:43:4b:75:ef:17:
                    14:c9:4d:c3:be:ff:6f:b3:c6:21:79:df:43:df:8a:
                    0e:36:1b:53:e9:34:35:4e:cb:9e:92:60:ea:6f:b8:
                    ee:1d:b3:20:61:7d:4d:97:4a:6c:84:07:d4:e5:fc:
                    b4:9e:88:00:f3:00:a9:6b:ce:a4:1a:95:fe:ea:ae:
                    fe:8e:f3:f7:48:50:f0:68:33:70:bf:06:84:88:9d:
                    b1:7c:e5:9a:cc:31:8d:98:20:16:06:35:9a:d1:84:
                    a0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:98:11:BB:1C:3A:5C:DE:49:2B:A1:4E:86:E9:F2:79:8D:1A:F4:57
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/BZgRuxw6XN5JK6FOhunyeY0a9Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:71:59:0d:9d:80:a7:77:77:a4:c7:ab:d1:8e:91:38:fb:58:
         e9:6a:22:2f:88:88:b4:e0:d5:b8:de:e2:ba:6b:a2:64:f0:ff:
         41:20:e7:7d:22:10:a1:db:64:07:9e:1c:1b:4d:4d:8f:60:7f:
         e5:3a:c2:49:55:23:fd:6c:84:a9:1d:29:02:16:ec:36:3b:a7:
         b5:28:50:b2:9f:1d:af:d7:32:ad:1d:70:a8:f6:7e:fc:2f:fe:
         22:41:8e:c8:ed:30:ca:05:d5:37:02:2e:5d:b1:c8:0a:db:50:
         f3:31:d8:91:73:73:8f:18:dc:7f:55:8a:ae:a4:32:f1:bf:22:
         9b:6e:6d:a6:5c:7c:69:72:68:62:90:e9:81:34:5c:97:44:c5:
         e0:74:40:1f:9c:94:4c:d4:b9:a9:db:87:f6:9b:84:93:af:5f:
         96:bb:8c:e7:92:32:fa:df:b4:1e:29:4b:b3:a0:fb:7d:2c:c5:
         e8:84:e8:dd:2d:5b:9a:a2:e5:80:ed:9b:69:5a:3c:6c:1f:11:
         5d:6e:9d:8e:2a:56:d2:f6:dc:89:1c:40:c0:e9:56:ba:2c:30:
         55:27:1c:15:ff:6a:15:b5:ac:a1:aa:32:d9:7b:98:be:d9:ef:
         4e:c8:0f:07:41:88:9d:d7:fe:ad:c9:cf:ef:00:25:1f:72:67:
         2e:6f:7a:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJMZRJi/oBvNhQ4Mjs+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk4MTFiYjFjM2E1Y2RlNDkyYmExNGU4NmU5ZjI3OThkMWFmNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO+8H9DzSNcWvQ1wDj2ygs/hTeif
73P7BiKD/uE8ybijr8XtvPno1GYiyCEAMT5/a71XN3yDtUxMt4v7etaiXzTYwuyG
JfpQwYNV0YNRKRxFjgrniIrg8KLNgQyle9qm3kX8rUcBkc31d8amkRqiq5rwcnNe
mqej4YbApIGFYKv4wNz2sbiRUsNNiAyajn1jfwM25p9Qs8BuVflklo+gQ0t17xcU
yU3Dvv9vs8Yhed9D34oONhtT6TQ1TsuekmDqb7juHbMgYX1Nl0pshAfU5fy0nogA
8wCpa86kGpX+6q7+jvP3SFDwaDNwvwaEiJ2xfOWazDGNmCAWBjWa0YSgVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWYEbscOlzeSSuhTobp8nmNGvRXMB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvQlpnUnV4dzZYTjVKSzZGT2h1bnllWTBhOUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwPZMA0G
CSqGSIb3DQEBCwUAA4IBAQA9cVkNnYCnd3ekx6vRjpE4+1jpaiIviIi04NW43uK6
a6Jk8P9BIOd9IhCh22QHnhwbTU2PYH/lOsJJVSP9bISpHSkCFuw2O6e1KFCynx2v
1zKtHXCo9n78L/4iQY7I7TDKBdU3Ai5dscgK21DzMdiRc3OPGNx/VYqupDLxvyKb
bm2mXHxpcmhikOmBNFyXRMXgdEAfnJRM1Lmp24f2m4STr1+Wu4znkjL637QeKUuz
oPt9LMXohOjdLVuaouWA7ZtpWjxsHxFdbp2OKlbS9tyJHEDA6Va6LDBVJxwV/2oV
tayhqjLZe5i+2e9OyA8HQYid1/6tyc/vACUfcmcub3q8
-----END CERTIFICATE-----