Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XeHM1go-GI1g7SIkVpw1Q5SuQTw.roa
File:                     XeHM1go-GI1g7SIkVpw1Q5SuQTw.roa (raw, json)
Hash identifier:          Ogw+CkOS55R4vmebvZPZnBFCIzIe4CSUTqWGfZmS9VY=
Subject key identifier:   5D:E1:CC:D6:0A:3E:18:8D:60:ED:22:24:56:9C:35:43:94:AE:41:3C
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0197372C47071D7533CE702894AB9A77A10E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XeHM1go-GI1g7SIkVpw1Q5SuQTw.roa
Signing time:             Tue 03 Jun 2025 19:02:17 +0000
ROA not before:           Tue 03 Jun 2025 19:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209290
IP address blocks:        31.40.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:2c:47:07:1d:75:33:ce:70:28:94:ab:9a:77:a1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jun  3 19:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5de1ccd60a3e188d60ed2224569c354394ae413c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:da:2f:05:79:02:af:78:3a:18:44:78:97:71:
                    95:aa:96:03:13:ae:3c:3d:9d:fb:f4:71:14:df:10:
                    45:36:64:e8:62:87:66:ae:ef:42:89:b8:99:2d:d9:
                    75:10:41:22:7c:29:aa:99:ce:b3:09:bf:63:79:80:
                    fa:f0:b5:d3:2d:e4:fa:3f:9e:c1:75:be:e3:aa:20:
                    8d:cf:78:8b:d5:46:15:d9:b5:f8:bb:ca:3d:06:a4:
                    f1:e4:52:22:81:68:66:8b:c0:88:51:1f:90:76:64:
                    eb:93:87:06:1b:cd:75:80:ad:03:88:46:bb:f1:7b:
                    8e:5f:01:d5:3c:77:d8:54:ed:81:41:d4:8a:a6:c8:
                    d1:53:61:6e:bb:70:48:05:51:3c:c5:d7:2b:31:8c:
                    a1:c2:ae:9b:cc:d3:f1:14:06:be:db:fb:71:e8:1d:
                    27:c4:b7:25:1f:43:df:f9:73:08:64:ba:e7:5d:56:
                    4f:81:5a:c4:f7:69:9e:f1:7b:dd:1d:2c:8a:1e:63:
                    4d:24:da:e9:99:20:f2:5a:17:b8:98:0b:cc:d2:c5:
                    25:1d:e3:76:2f:43:46:ff:c9:df:34:c4:9d:f1:2e:
                    d4:86:12:f5:ab:b0:8f:94:a1:98:63:7e:8e:15:9e:
                    41:bd:83:d1:ca:71:80:77:70:5f:50:31:45:d4:9f:
                    b0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E1:CC:D6:0A:3E:18:8D:60:ED:22:24:56:9C:35:43:94:AE:41:3C
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XeHM1go-GI1g7SIkVpw1Q5SuQTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:7a:8f:e2:01:2a:12:39:ca:7c:01:bf:31:5c:5a:26:4e:00:
         66:6f:49:c6:77:17:69:cd:52:d4:c5:58:b0:64:24:c8:6f:cc:
         88:a9:33:72:25:09:0c:1f:98:f0:9c:bf:f1:d0:5f:56:40:6a:
         77:77:32:2f:4e:30:f3:10:e9:c2:32:f1:3d:0a:05:57:b4:95:
         60:44:13:8d:50:4b:34:8c:bb:8e:15:62:20:a2:a4:63:0c:2d:
         dc:96:e5:b3:60:61:d6:d5:a4:04:ae:4b:99:a1:83:57:69:fb:
         ec:22:24:97:c4:49:29:cc:fe:3b:12:4e:48:31:78:02:ef:ea:
         da:89:70:f9:f2:e8:a3:b6:54:9f:65:17:d6:5b:76:35:80:7d:
         f3:7c:32:8a:a2:32:6e:c3:7d:21:f3:ac:35:4e:7b:3f:0e:1b:
         70:02:b2:14:21:aa:fe:8b:9f:a6:02:47:1b:2b:fa:8f:63:4d:
         fa:46:17:9a:8b:18:8f:b9:35:75:cd:f3:bc:46:3d:b4:2b:3d:
         aa:79:f7:5a:fb:3b:35:7d:a2:81:e3:de:9c:96:29:cb:c9:29:
         79:a1:a8:0e:82:2a:bf:7c:34:6d:20:6d:5f:a3:ff:b9:4b:5c:
         3c:e9:50:51:69:ce:8a:86:dc:cc:d0:4b:96:7b:a1:e5:15:73:
         ad:70:06:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3LEcHHXUzznAolKuad6EOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNjAzMTkwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGUxY2NkNjBhM2UxODhkNjBlZDIyMjQ1NjljMzU0Mzk0YWU0MTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NovBXkCr3g6GER4l3GVqpYDE648
PZ379HEU3xBFNmToYodmru9CibiZLdl1EEEifCmqmc6zCb9jeYD68LXTLeT6P57B
db7jqiCNz3iL1UYV2bX4u8o9BqTx5FIigWhmi8CIUR+QdmTrk4cGG811gK0DiEa7
8XuOXwHVPHfYVO2BQdSKpsjRU2Fuu3BIBVE8xdcrMYyhwq6bzNPxFAa+2/tx6B0n
xLclH0Pf+XMIZLrnXVZPgVrE92me8XvdHSyKHmNNJNrpmSDyWhe4mAvM0sUlHeN2
L0NG/8nfNMSd8S7UhhL1q7CPlKGYY36OFZ5BvYPRynGAd3BfUDFF1J+wWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3hzNYKPhiNYO0iJFacNUOUrkE8MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWGVITTFnby1HSTFnN1NJa1ZwdzFRNVN1UVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjKMA0G
CSqGSIb3DQEBCwUAA4IBAQBJeo/iASoSOcp8Ab8xXFomTgBmb0nGdxdpzVLUxViw
ZCTIb8yIqTNyJQkMH5jwnL/x0F9WQGp3dzIvTjDzEOnCMvE9CgVXtJVgRBONUEs0
jLuOFWIgoqRjDC3cluWzYGHW1aQErkuZoYNXafvsIiSXxEkpzP47Ek5IMXgC7+ra
iXD58uijtlSfZRfWW3Y1gH3zfDKKojJuw30h86w1Tns/DhtwArIUIar+i5+mAkcb
K/qPY036RheaixiPuTV1zfO8Rj20Kz2qefda+zs1faKB496clinLySl5oagOgiq/
fDRtIG1fo/+5S1w86VBRac6KhtzM0EuWe6HlFXOtcAaV
-----END CERTIFICATE-----