Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/YJlnZEqnS37-I2Pc0d4O5814-u0.roa
File:                     YJlnZEqnS37-I2Pc0d4O5814-u0.roa (raw, json)
Hash identifier:          zdgbWKDI7O/AK1o+TR6T6xJN+uAFFoKLguHyz0cngBg=
Subject key identifier:   60:99:67:64:4A:A7:4B:7E:FE:23:63:DC:D1:DE:0E:E7:CD:78:FA:ED
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0197C3BAB663C30AF6C61145F9DA38BBC884
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/YJlnZEqnS37-I2Pc0d4O5814-u0.roa
Signing time:             Tue 01 Jul 2025 02:04:42 +0000
ROA not before:           Tue 01 Jul 2025 02:04:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        31.22.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 17:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c3:ba:b6:63:c3:0a:f6:c6:11:45:f9:da:38:bb:c8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Jul  1 02:04:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=609967644aa74b7efe2363dcd1de0ee7cd78faed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f3:2c:51:fe:81:aa:90:b8:12:73:fa:91:7e:
                    2b:73:79:36:2b:d3:2e:3d:29:a1:c0:3b:2b:d5:bc:
                    4d:3a:ab:f3:0f:8b:eb:6f:a5:64:3a:76:c5:69:76:
                    2e:ba:e2:e2:5e:d0:2c:f6:79:2d:26:18:6b:e7:71:
                    83:6c:0e:d6:86:90:7f:b1:87:e1:8d:98:97:95:dd:
                    2b:fa:50:d2:06:1a:84:29:32:5f:dc:b1:39:d7:79:
                    f7:45:d6:2b:76:37:2f:86:1a:b6:e2:f8:9a:de:b5:
                    11:66:88:ac:0f:e4:a0:21:23:2d:d4:a7:fe:dd:12:
                    f2:98:33:da:71:08:d7:65:53:d0:a6:d7:ba:8b:09:
                    7b:31:f4:67:32:77:e3:92:94:7d:21:e0:19:07:0e:
                    b3:a0:b2:24:c3:bc:42:e3:e7:6a:74:3b:e0:73:52:
                    db:6a:fc:56:8c:2e:36:81:d0:12:97:2a:a8:b2:4a:
                    e0:95:aa:c2:da:c5:15:59:aa:b3:ac:96:85:82:63:
                    21:57:53:df:0c:e5:40:a7:d8:23:3b:8d:55:be:12:
                    b2:2e:6b:64:42:da:8e:8c:47:10:6d:ab:f6:41:8e:
                    4a:0d:77:6e:f5:98:2b:a4:de:39:24:37:3c:be:4d:
                    d7:82:c7:1c:46:fe:24:52:cc:94:1a:19:1a:07:cc:
                    4e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:99:67:64:4A:A7:4B:7E:FE:23:63:DC:D1:DE:0E:E7:CD:78:FA:ED
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/YJlnZEqnS37-I2Pc0d4O5814-u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:5b:70:ac:42:0d:47:55:3a:52:0d:73:5b:f1:b6:90:61:0f:
         d4:83:b2:92:c2:fd:d0:8b:fa:1a:5e:5f:80:cf:1a:f3:ae:00:
         0b:94:b7:3c:03:d5:16:3a:59:21:c4:ec:e5:c2:c4:ff:de:15:
         d1:90:3c:57:79:e8:ea:dc:d8:ac:7e:f4:1f:74:b4:c0:b8:82:
         69:c0:24:81:47:97:3f:11:d7:a7:88:a4:fe:eb:75:82:e6:9b:
         4d:a3:d9:15:04:88:89:da:3d:29:af:e6:8c:c8:0e:70:09:a0:
         27:f5:bf:99:67:12:2f:cb:a7:d4:1c:e4:8e:b7:30:69:3f:6e:
         bf:b8:cd:aa:69:7a:42:11:5c:06:b5:a5:cc:22:25:4a:d3:43:
         7a:cb:62:9f:10:6a:d9:bf:24:93:8d:7b:37:76:d3:b4:b6:2f:
         46:70:08:a5:92:eb:a5:96:a4:60:e4:c3:11:77:ac:c0:8d:f3:
         47:b8:d6:fe:36:da:9e:c7:8c:46:0b:e3:7c:7c:5d:c1:98:25:
         ea:94:8d:b5:ea:23:15:83:ae:a6:25:53:c2:2a:32:df:00:59:
         b3:8c:58:a7:9a:40:ac:1a:8a:74:42:f2:3b:28:0c:8c:f0:c0:
         67:7f:81:7c:0a:09:d8:28:d5:85:ad:51:2a:6f:c0:b5:dc:47:
         b6:38:39:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfDurZjwwr2xhFF+do4u8iEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNzAxMDIwNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk5Njc2NDRhYTc0YjdlZmUyMzYzZGNkMWRlMGVlN2NkNzhmYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fMsUf6BqpC4EnP6kX4rc3k2K9Mu
PSmhwDsr1bxNOqvzD4vrb6VkOnbFaXYuuuLiXtAs9nktJhhr53GDbA7WhpB/sYfh
jZiXld0r+lDSBhqEKTJf3LE513n3RdYrdjcvhhq24via3rURZoisD+SgISMt1Kf+
3RLymDPacQjXZVPQpte6iwl7MfRnMnfjkpR9IeAZBw6zoLIkw7xC4+dqdDvgc1Lb
avxWjC42gdASlyqoskrglarC2sUVWaqzrJaFgmMhV1PfDOVAp9gjO41VvhKyLmtk
QtqOjEcQbav2QY5KDXdu9ZgrpN45JDc8vk3XgsccRv4kUsyUGhkaB8xOYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCZZ2RKp0t+/iNj3NHeDufNePrtMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvWUpsblpFcW5TMzctSTJQYzBkNE81ODE0LXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxZJMA0G
CSqGSIb3DQEBCwUAA4IBAQCBW3CsQg1HVTpSDXNb8baQYQ/Ug7KSwv3Qi/oaXl+A
zxrzrgALlLc8A9UWOlkhxOzlwsT/3hXRkDxXeejq3NisfvQfdLTAuIJpwCSBR5c/
EdeniKT+63WC5ptNo9kVBIiJ2j0pr+aMyA5wCaAn9b+ZZxIvy6fUHOSOtzBpP26/
uM2qaXpCEVwGtaXMIiVK00N6y2KfEGrZvySTjXs3dtO0ti9GcAilkuullqRg5MMR
d6zAjfNHuNb+Ntqex4xGC+N8fF3BmCXqlI216iMVg66mJVPCKjLfAFmzjFinmkCs
Gop0QvI7KAyM8MBnf4F8CgnYKNWFrVEqb8C13Ee2ODmv
-----END CERTIFICATE-----