Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/2Z7EtqMWz7jdGLOQTCkczOOupVQ.roa
File:                     2Z7EtqMWz7jdGLOQTCkczOOupVQ.roa (raw, json)
Hash identifier:          bipDGw88FluLLp9GhPHHNjUegq603G3YCRelI4f1Izo=
Subject key identifier:   D9:9E:C4:B6:A3:16:CF:B8:DD:18:B3:90:4C:29:1C:CC:E3:AE:A5:54
Certificate issuer:       /CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
Certificate serial:       019421441C346542EB9EFC9054854B37CEF3
Authority key identifier: 32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/2Z7EtqMWz7jdGLOQTCkczOOupVQ.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200137
IP address blocks:        31.171.210.0/24 maxlen: 24
                          2a0b:71c0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1c:34:65:42:eb:9e:fc:90:54:85:4b:37:ce:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ee1bcd8ce393d98a7583ac13f1425d4faf27c9
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d99ec4b6a316cfb8dd18b3904c291ccce3aea554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0c:19:e4:1d:e7:5f:41:de:1c:2f:5a:1b:fa:
                    1c:27:e7:f3:b7:0a:d6:51:1b:4d:3c:9f:0c:70:d0:
                    ed:c7:e6:6e:c8:69:1d:08:0b:f0:3a:79:85:7f:7f:
                    f5:f3:d7:bd:f3:16:d6:bf:89:88:2d:b2:9c:9e:0b:
                    aa:37:00:0c:30:73:ff:1f:d0:9e:08:b7:ac:3a:5d:
                    1d:14:ec:ce:7a:9b:0e:b7:aa:21:08:c6:7f:71:f8:
                    b9:4a:c1:fd:79:71:19:41:2f:58:ed:1c:0e:95:90:
                    7e:1d:2c:97:5c:14:fe:0c:79:67:39:5f:a7:66:e6:
                    a3:2c:71:59:c6:d5:9c:79:1a:84:92:d2:6d:73:48:
                    b0:6d:98:35:08:cb:11:f4:5d:2b:2b:c3:0b:76:5f:
                    1c:e4:e7:09:c5:71:bb:a9:87:07:65:9c:02:c0:a0:
                    e4:9f:df:86:53:61:02:a3:80:36:3c:0b:74:48:87:
                    a6:83:17:75:0c:53:f1:3a:cf:21:ed:2b:f7:c2:2f:
                    be:65:e1:30:39:e6:c0:36:dc:60:b8:0f:82:1e:54:
                    d0:9a:56:6d:5b:71:33:c6:31:9f:20:87:e0:ed:b4:
                    fa:77:7d:c9:f1:3b:83:79:96:42:a9:b0:6d:70:9d:
                    ac:e6:1a:2f:4f:b8:b5:58:69:08:ea:e5:64:20:c5:
                    27:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:9E:C4:B6:A3:16:CF:B8:DD:18:B3:90:4C:29:1C:CC:E3:AE:A5:54
            X509v3 Authority Key Identifier:
                keyid:32:EE:1B:CD:8C:E3:93:D9:8A:75:83:AC:13:F1:42:5D:4F:AF:27:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/2Z7EtqMWz7jdGLOQTCkczOOupVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/e4e89f-0aad-4707-865a-40012c82979b/1/Mu4bzYzjk9mKdYOsE_FCXU-vJ8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.210.0/24
                IPv6:
                  2a0b:71c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:96:6c:1e:c7:ba:b9:f5:10:78:11:07:b3:89:31:16:06:98:
         fb:e3:7a:8e:a1:2c:47:fa:0f:8d:d9:5f:1a:14:73:69:f1:b1:
         50:17:bd:d1:78:53:38:49:e8:c1:10:a0:de:74:52:7b:6a:6d:
         e2:74:a5:6c:83:4c:4a:60:a6:b9:28:05:fc:4f:1d:6f:66:77:
         c9:ea:74:87:d0:30:ce:d2:f5:76:2c:4b:aa:69:11:91:70:18:
         d1:aa:7f:a2:04:8c:f9:33:9e:91:3d:79:16:5c:42:73:1a:0d:
         40:2c:14:b6:fc:69:c9:e4:62:30:74:d9:ec:14:8b:1f:07:29:
         ce:33:29:e8:d9:87:ab:67:7c:ad:b1:7c:52:36:45:a1:bf:87:
         22:d7:11:18:a8:47:b8:dc:5c:7b:4f:13:b1:31:3c:cd:ef:3e:
         17:3c:52:bf:5e:f1:cd:3e:48:12:06:6a:27:53:b1:a2:3a:17:
         3c:0a:fa:2b:a8:7d:22:b9:06:95:62:ff:09:e6:2d:a6:eb:51:
         47:91:ea:5b:a4:b4:c6:d4:e5:46:7a:2c:3d:85:db:04:6a:f9:
         8f:2a:0d:f9:56:4e:90:a8:6a:5e:d1:56:b3:9e:4e:f4:83:10:
         55:4e:04:a8:14:68:42:ff:3e:91:46:ff:70:43:5a:15:81:e8:
         1a:86:a8:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRBw0ZULrnvyQVIVLN87zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWUxYmNkOGNlMzkzZDk4YTc1ODNhYzEzZjE0MjVkNGZh
ZjI3YzkwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTllYzRiNmEzMTZjZmI4ZGQxOGIzOTA0YzI5MWNjY2UzYWVhNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAwZ5B3nX0HeHC9aG/ocJ+fztwrW
URtNPJ8McNDtx+ZuyGkdCAvwOnmFf3/189e98xbWv4mILbKcnguqNwAMMHP/H9Ce
CLesOl0dFOzOepsOt6ohCMZ/cfi5SsH9eXEZQS9Y7RwOlZB+HSyXXBT+DHlnOV+n
ZuajLHFZxtWceRqEktJtc0iwbZg1CMsR9F0rK8MLdl8c5OcJxXG7qYcHZZwCwKDk
n9+GU2ECo4A2PAt0SIemgxd1DFPxOs8h7Sv3wi++ZeEwOebANtxguA+CHlTQmlZt
W3EzxjGfIIfg7bT6d33J8TuDeZZCqbBtcJ2s5hovT7i1WGkI6uVkIMUnCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNmexLajFs+43RizkEwpHMzjrqVUMB8GA1UdIwQY
MBaAFDLuG82M45PZinWDrBPxQl1PryfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEt
NDAwMTJjODI5NzliLzEvMlo3RXRxTVd6N2pkR0xPUVRDa2N6T091cFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lNGU4OWYtMGFhZC00NzA3LTg2NWEtNDAwMTJjODI5Nzli
LzEvTXU0YnpZemprOW1LZFlPc0VfRkNYVS12SjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH6vSMA8E
AgACMAkDBwAqC3HAAAIwDQYJKoZIhvcNAQELBQADggEBAFyWbB7Hurn1EHgRB7OJ
MRYGmPvjeo6hLEf6D43ZXxoUc2nxsVAXvdF4UzhJ6MEQoN50UntqbeJ0pWyDTEpg
prkoBfxPHW9md8nqdIfQMM7S9XYsS6ppEZFwGNGqf6IEjPkznpE9eRZcQnMaDUAs
FLb8acnkYjB02ewUix8HKc4zKejZh6tnfK2xfFI2RaG/hyLXERioR7jcXHtPE7Ex
PM3vPhc8Ur9e8c0+SBIGaidTsaI6FzwK+iuofSK5BpVi/wnmLabrUUeR6luktMbU
5UZ6LD2F2wRq+Y8qDflWTpCoal7RVrOeTvSDEFVOBKgUaEL/PpFG/3BDWhWB6BqG
qC0=
-----END CERTIFICATE-----