Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/bFwnlPb3JkTM0-_fQyjycPLTOXg.roa
File:                     bFwnlPb3JkTM0-_fQyjycPLTOXg.roa (raw, json)
Hash identifier:          T3+8uVMg57oldqwBxpb7FIVcJ3Kl6M0sjRANKp19Uzo=
Subject key identifier:   6C:5C:27:94:F6:F7:26:44:CC:D3:EF:DF:43:28:F2:70:F2:D3:39:78
Certificate issuer:       /CN=6a54370c4ba9bde2b98376bf8f942a94926c1519
Certificate serial:       019425FD8AA838173D372530D63033F56305
Authority key identifier: 6A:54:37:0C:4B:A9:BD:E2:B9:83:76:BF:8F:94:2A:94:92:6C:15:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alQ3DEupveK5g3a_j5QqlJJsFRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/bFwnlPb3JkTM0-_fQyjycPLTOXg.roa
Signing time:             Thu 02 Jan 2025 07:49:20 +0000
ROA not before:           Thu 02 Jan 2025 07:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56656
IP address blocks:        31.134.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/alQ3DEupveK5g3a_j5QqlJJsFRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/alQ3DEupveK5g3a_j5QqlJJsFRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alQ3DEupveK5g3a_j5QqlJJsFRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:8a:a8:38:17:3d:37:25:30:d6:30:33:f5:63:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a54370c4ba9bde2b98376bf8f942a94926c1519
        Validity
            Not Before: Jan  2 07:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c5c2794f6f72644ccd3efdf4328f270f2d33978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b9:8a:41:00:be:4f:c4:67:e7:16:71:f0:99:
                    73:95:de:d7:a4:e5:78:7f:80:60:ae:4f:93:9a:db:
                    d5:e6:2d:89:f9:df:46:04:65:a3:78:99:88:87:34:
                    41:65:13:e5:5e:f0:7d:98:a6:2c:3a:91:07:c9:e0:
                    ab:34:86:59:b6:f9:fe:13:3a:50:49:0d:1c:18:b5:
                    11:c4:42:93:08:ab:93:e1:1e:0e:c5:a9:fe:fb:2e:
                    1e:60:08:a1:4b:04:80:dd:a9:01:39:3a:1c:e6:de:
                    c9:e6:ee:4e:66:06:6a:d8:0e:ab:8a:52:77:71:69:
                    8b:61:3f:d7:d4:13:e0:85:13:e2:26:b3:d6:b2:6d:
                    02:3b:5e:f4:b1:91:ba:7d:37:39:a6:05:be:4a:33:
                    39:19:d4:77:18:95:4f:a0:c1:69:52:7f:b4:7c:74:
                    62:91:e6:a6:60:9d:cd:af:c3:e6:ce:ec:28:50:0b:
                    c9:83:0c:9f:78:ed:d1:6a:bc:99:d1:9a:a1:34:a7:
                    d3:03:c4:b4:8e:ea:bf:9d:1b:93:cc:f1:cc:f3:1f:
                    e1:0b:06:bd:ca:b2:df:ce:50:e8:15:25:9e:49:a8:
                    44:83:17:2d:26:23:3c:ea:f6:a2:cd:72:55:ce:9c:
                    3b:5c:65:20:27:6a:8a:22:0c:75:32:42:49:65:eb:
                    d5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5C:27:94:F6:F7:26:44:CC:D3:EF:DF:43:28:F2:70:F2:D3:39:78
            X509v3 Authority Key Identifier:
                keyid:6A:54:37:0C:4B:A9:BD:E2:B9:83:76:BF:8F:94:2A:94:92:6C:15:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alQ3DEupveK5g3a_j5QqlJJsFRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/bFwnlPb3JkTM0-_fQyjycPLTOXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/67603a-f529-4b18-99fb-503b99d5ad68/1/alQ3DEupveK5g3a_j5QqlJJsFRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:c3:fe:e4:fd:f3:93:87:5b:d9:dc:b4:4a:31:bc:24:70:83:
         7b:89:99:2d:b8:8c:af:5a:8b:5c:95:ba:fe:cb:83:4a:40:81:
         f2:97:cd:f7:21:4d:29:98:1c:02:b2:67:0d:5a:1e:cf:be:ef:
         b6:48:4b:4e:3d:76:86:a7:fd:ff:55:56:84:c3:c8:85:d8:68:
         e2:8d:b0:50:fe:a9:81:67:08:3f:61:1e:e5:44:1e:a6:cd:d5:
         fd:a9:62:a6:e7:7d:55:22:7c:68:6a:82:eb:e6:27:32:bc:84:
         8f:1c:17:f2:33:46:76:64:c7:b0:56:ac:aa:6e:f4:5d:c2:9c:
         74:88:b4:45:3f:49:09:40:8d:cb:2c:b3:ed:2a:3b:5f:7c:90:
         bf:bf:48:6d:6a:b0:2d:ec:d6:3e:70:43:86:1e:33:26:1c:0e:
         e1:5b:d4:69:fd:5e:f3:c1:15:67:47:94:3b:3a:9b:f0:95:cf:
         ef:b4:f2:c9:de:5f:a8:25:c1:ac:f4:2f:dd:7c:05:3c:e1:47:
         74:c4:aa:20:90:c4:fd:f1:40:ff:0b:fc:fe:8b:15:ec:eb:a4:
         b5:74:c3:4b:e5:75:0a:22:c7:49:43:9c:b6:09:b4:34:4e:95:
         2e:80:19:48:fa:5a:7a:c1:e4:61:8a:41:01:7d:a4:a9:1a:9b:
         e3:f4:77:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/YqoOBc9NyUw1jAz9WMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTQzNzBjNGJhOWJkZTJiOTgzNzZiZjhmOTQyYTk0OTI2
YzE1MTkwHhcNMjUwMTAyMDc0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVjMjc5NGY2ZjcyNjQ0Y2NkM2VmZGY0MzI4ZjI3MGYyZDMzOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrmKQQC+T8Rn5xZx8Jlzld7XpOV4
f4Bgrk+TmtvV5i2J+d9GBGWjeJmIhzRBZRPlXvB9mKYsOpEHyeCrNIZZtvn+EzpQ
SQ0cGLURxEKTCKuT4R4Oxan++y4eYAihSwSA3akBOToc5t7J5u5OZgZq2A6rilJ3
cWmLYT/X1BPghRPiJrPWsm0CO170sZG6fTc5pgW+SjM5GdR3GJVPoMFpUn+0fHRi
keamYJ3Nr8PmzuwoUAvJgwyfeO3RaryZ0ZqhNKfTA8S0juq/nRuTzPHM8x/hCwa9
yrLfzlDoFSWeSahEgxctJiM86vaizXJVzpw7XGUgJ2qKIgx1MkJJZevVZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxcJ5T29yZEzNPv30Mo8nDy0zl4MB8GA1UdIwQY
MBaAFGpUNwxLqb3iuYN2v4+UKpSSbBUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxRM0RFdXB2ZUs1ZzNhX2o1UXFsSkpzRlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82NzYwM2EtZjUyOS00YjE4LTk5ZmIt
NTAzYjk5ZDVhZDY4LzEvYkZ3bmxQYjNKa1RNMC1fZlF5anljUExUT1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82NzYwM2EtZjUyOS00YjE4LTk5ZmItNTAzYjk5ZDVhZDY4
LzEvYWxRM0RFdXB2ZUs1ZzNhX2o1UXFsSkpzRlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4ZgMA0G
CSqGSIb3DQEBCwUAA4IBAQBZw/7k/fOTh1vZ3LRKMbwkcIN7iZktuIyvWotclbr+
y4NKQIHyl833IU0pmBwCsmcNWh7Pvu+2SEtOPXaGp/3/VVaEw8iF2GjijbBQ/qmB
Zwg/YR7lRB6mzdX9qWKm531VInxoaoLr5icyvISPHBfyM0Z2ZMewVqyqbvRdwpx0
iLRFP0kJQI3LLLPtKjtffJC/v0htarAt7NY+cEOGHjMmHA7hW9Rp/V7zwRVnR5Q7
Opvwlc/vtPLJ3l+oJcGs9C/dfAU84Ud0xKogkMT98UD/C/z+ixXs66S1dMNL5XUK
IsdJQ5y2CbQ0TpUugBlI+lp6weRhikEBfaSpGpvj9Hci
-----END CERTIFICATE-----