Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/7uqgpP9wFK8eGPAcoJ-sEDnAHd0.roa
File:                     7uqgpP9wFK8eGPAcoJ-sEDnAHd0.roa (raw, json)
Hash identifier:          Xz+LC7Kd3zBVRX5yVg4o11ClYwI2C9PnbUjpiLfa0yU=
Subject key identifier:   EE:EA:A0:A4:FF:70:14:AF:1E:18:F0:1C:A0:9F:AC:10:39:C0:1D:DD
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       01971FD7F07FDC043BF3F9B63E24A47D1FC2
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/7uqgpP9wFK8eGPAcoJ-sEDnAHd0.roa
Signing time:             Fri 30 May 2025 06:18:54 +0000
ROA not before:           Fri 30 May 2025 06:18:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205220
IP address blocks:        31.22.75.0/24 maxlen: 24
                          194.117.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1f:d7:f0:7f:dc:04:3b:f3:f9:b6:3e:24:a4:7d:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 30 06:18:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eeeaa0a4ff7014af1e18f01ca09fac1039c01ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dd:46:e1:69:99:e7:13:ce:ce:17:e9:58:2d:
                    70:54:3e:db:fc:35:6b:f6:31:b1:f2:16:92:3e:a7:
                    0e:f1:5f:0c:05:d3:24:c8:b5:1a:de:b4:d2:d1:9a:
                    64:5a:a1:b3:bf:83:84:c7:97:78:1f:43:e1:c2:bf:
                    91:f1:93:36:08:c1:7d:ac:14:a4:f7:19:a0:8c:48:
                    f5:03:b4:91:6b:7d:b1:ba:9b:81:cd:da:d8:ee:f2:
                    09:82:e9:23:cd:b2:b7:e2:18:4f:40:00:ae:e6:8f:
                    72:fa:a9:65:2e:55:f7:57:22:35:e7:65:2c:cb:9b:
                    b9:5f:b5:dd:56:de:d7:2d:ab:f2:0d:0e:61:11:5a:
                    60:9e:37:b5:6b:e0:9c:4d:27:eb:5b:cf:45:38:c3:
                    79:4a:4a:bb:1b:5f:eb:aa:05:ff:9f:30:1e:25:dd:
                    24:21:d8:a1:d9:b8:ee:07:29:a5:c5:8e:df:ca:77:
                    14:8a:76:9e:34:94:fc:89:b0:07:1e:9d:6a:bb:48:
                    ad:03:3b:86:f6:53:c7:f9:3d:e3:e6:50:d1:0a:61:
                    65:8f:55:23:21:a9:00:4d:ce:8d:66:e9:4c:86:fe:
                    a6:11:47:3c:5e:b7:22:51:a7:00:65:2d:b6:a7:c4:
                    28:c3:36:ef:5a:2c:4a:6c:8d:db:53:48:66:63:52:
                    a9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:EA:A0:A4:FF:70:14:AF:1E:18:F0:1C:A0:9F:AC:10:39:C0:1D:DD
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/7uqgpP9wFK8eGPAcoJ-sEDnAHd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.75.0/24
                  194.117.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9f:fd:5b:0c:4b:0b:7e:db:68:a7:8e:fc:3f:eb:e1:b3:87:
         23:af:4d:40:1b:45:27:af:20:f5:35:46:d1:4c:ba:4f:95:e9:
         e1:a5:6f:a7:53:1f:c1:6e:bb:c1:90:ab:cf:ae:7f:5f:fd:41:
         2d:3a:85:b7:5d:6d:ba:d4:bb:8c:f9:3d:f8:3f:32:7d:d4:13:
         24:42:6d:81:02:42:36:71:74:64:8b:8a:b1:4a:db:6b:61:ec:
         ef:70:fa:c7:64:f2:9c:a1:de:28:ce:e5:32:4f:66:f4:f0:88:
         0e:30:d0:93:3c:3d:eb:cb:ed:4e:97:cd:16:02:61:47:31:dc:
         c6:be:fb:ce:e4:f9:5e:e2:63:3e:2c:54:01:b5:84:76:a8:24:
         33:98:e0:f4:e0:50:21:4d:38:25:65:ec:f9:a4:a7:a7:73:ba:
         26:e7:c5:df:fd:d8:0c:1c:3a:cc:d3:3c:f4:16:2c:6d:29:19:
         2e:a5:5d:fb:49:75:3c:f3:5c:9b:db:9c:be:5c:5d:18:67:f9:
         dc:99:d0:59:d5:56:07:4a:fc:fa:5d:07:40:5f:ff:ca:60:5f:
         5d:dd:42:ba:c3:b9:1d:74:d3:ba:d5:b4:08:9f:50:d2:88:52:
         2d:d5:60:86:52:14:02:2b:e4:5d:b7:09:8e:a2:c1:84:89:58:
         02:fa:e9:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcf1/B/3AQ78/m2PiSkfR/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNTMwMDYxODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWVhYTBhNGZmNzAxNGFmMWUxOGYwMWNhMDlmYWMxMDM5YzAxZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv91G4WmZ5xPOzhfpWC1wVD7b/DVr
9jGx8haSPqcO8V8MBdMkyLUa3rTS0ZpkWqGzv4OEx5d4H0Phwr+R8ZM2CMF9rBSk
9xmgjEj1A7SRa32xupuBzdrY7vIJgukjzbK34hhPQACu5o9y+qllLlX3VyI152Us
y5u5X7XdVt7XLavyDQ5hEVpgnje1a+CcTSfrW89FOMN5Skq7G1/rqgX/nzAeJd0k
Idih2bjuBymlxY7fyncUinaeNJT8ibAHHp1qu0itAzuG9lPH+T3j5lDRCmFlj1Uj
IakATc6NZulMhv6mEUc8XrciUacAZS22p8QowzbvWixKbI3bU0hmY1KpPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO7qoKT/cBSvHhjwHKCfrBA5wB3dMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvN3VxZ3BQOXdGSzhlR1BBY29KLXNFRG5BSGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxZLAwQA
wnXhMA0GCSqGSIb3DQEBCwUAA4IBAQBNn/1bDEsLfttop478P+vhs4cjr01AG0Un
ryD1NUbRTLpPlenhpW+nUx/BbrvBkKvPrn9f/UEtOoW3XW261LuM+T34PzJ91BMk
Qm2BAkI2cXRki4qxSttrYezvcPrHZPKcod4ozuUyT2b08IgOMNCTPD3ry+1Ol80W
AmFHMdzGvvvO5Ple4mM+LFQBtYR2qCQzmOD04FAhTTglZez5pKenc7om58Xf/dgM
HDrM0zz0FixtKRkupV37SXU881yb25y+XF0YZ/ncmdBZ1VYHSvz6XQdAX//KYF9d
3UK6w7kddNO61bQIn1DSiFIt1WCGUhQCK+RdtwmOosGEiVgC+ul6
-----END CERTIFICATE-----