Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/Ck51eA081sqLICziway3EXtym_k.roa
File:                     Ck51eA081sqLICziway3EXtym_k.roa (raw, json)
Hash identifier:          2MWWtOANjJSmkcfpJCe5Dn7HPUNug/jW3r3pG5kbs+E=
Subject key identifier:   0A:4E:75:78:0D:3C:D6:CA:8B:20:2C:E2:C1:AC:B7:11:7B:72:9B:F9
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0198E70868A4F3CCFBEACF5F226694C6FF5C
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/Ck51eA081sqLICziway3EXtym_k.roa
Signing time:             Tue 26 Aug 2025 15:39:04 +0000
ROA not before:           Tue 26 Aug 2025 15:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210538
IP address blocks:        31.42.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e7:08:68:a4:f3:cc:fb:ea:cf:5f:22:66:94:c6:ff:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Aug 26 15:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a4e75780d3cd6ca8b202ce2c1acb7117b729bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7f:6b:3a:8f:fa:a2:5a:45:59:29:bd:0b:46:
                    4c:96:59:04:2d:a0:0e:54:00:8a:d5:f5:c4:1c:68:
                    e2:40:65:2e:c2:64:3e:99:1c:66:da:5a:77:07:85:
                    f2:fc:d9:7d:3c:e9:ef:43:89:41:dc:db:7c:11:42:
                    e8:0d:70:a9:b2:b4:1c:0a:55:15:be:75:59:37:ec:
                    e1:db:47:da:fc:6a:f2:d6:ff:89:c8:ac:12:cc:0c:
                    9f:bb:b8:0b:29:fe:3e:33:26:57:09:6f:16:c7:37:
                    d2:1a:fd:54:f1:bf:a7:7c:fa:0d:df:1e:1e:17:b5:
                    12:9d:8c:8a:2f:b7:f8:8b:e3:a0:32:16:53:0b:a0:
                    43:c5:7c:cf:d5:a1:6a:c7:79:b1:e4:66:8f:c9:a0:
                    e5:d0:a9:02:59:b4:1e:44:ce:0a:6c:20:13:1a:43:
                    44:97:c6:15:3a:ae:e4:ae:80:67:d2:9c:35:e3:be:
                    d3:1d:3c:7f:c2:99:3d:ec:7d:83:65:c9:f1:4b:89:
                    14:04:22:72:0f:05:10:46:da:f6:af:cf:6c:a0:83:
                    68:cd:0d:d7:92:21:d3:91:ca:e4:ac:c1:49:5d:92:
                    d1:da:0d:3e:ac:95:c2:05:64:64:42:ce:f4:96:4c:
                    7d:23:8e:74:63:06:70:dd:e4:d8:b5:fe:0f:2b:ae:
                    68:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4E:75:78:0D:3C:D6:CA:8B:20:2C:E2:C1:AC:B7:11:7B:72:9B:F9
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/Ck51eA081sqLICziway3EXtym_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f4:ae:da:ff:7f:a4:10:34:c9:65:ca:7c:ce:fd:5b:2e:c7:
         1f:42:a1:40:b3:78:48:8c:fc:ab:61:5e:39:a7:ee:8d:d3:d7:
         67:d5:80:3d:3e:d3:bd:e9:d1:50:fc:a5:61:6c:d5:66:eb:56:
         5a:38:a7:0b:f8:66:3f:0b:ab:ae:16:06:3f:4d:d8:3f:3d:c3:
         11:13:61:ef:ae:91:a0:de:07:e7:a3:b9:c1:6b:2f:14:f0:9a:
         16:4f:fb:df:b8:7e:d5:6d:8e:ea:0d:ca:0f:ff:f6:77:39:c0:
         0d:95:a3:1a:0f:dc:1f:1d:2f:44:26:06:c1:cb:c3:ff:83:5f:
         bb:26:e2:a5:be:c8:c2:ee:09:9a:37:73:76:3c:11:f8:e1:f7:
         06:af:1b:ab:48:5c:cd:18:16:eb:5c:20:72:96:75:fc:c5:d2:
         68:6b:8a:91:6f:34:c5:69:ad:54:65:9f:a5:a9:6c:75:5b:b4:
         47:df:c7:dd:2a:91:61:55:57:7e:46:66:17:59:81:43:6b:5e:
         64:0e:86:af:a4:bb:bc:a7:74:b8:6d:92:89:1a:fc:7d:db:e7:
         c6:62:39:9b:a0:3c:8c:db:ca:12:9c:43:f6:a2:c5:d2:3d:75:
         49:da:16:0c:9f:81:ca:c3:71:39:bc:ec:cd:60:0d:04:b5:7d:
         77:72:c9:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjnCGik88z76s9fImaUxv9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwODI2MTUzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRlNzU3ODBkM2NkNmNhOGIyMDJjZTJjMWFjYjcxMTdiNzI5YmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn39rOo/6olpFWSm9C0ZMllkELaAO
VACK1fXEHGjiQGUuwmQ+mRxm2lp3B4Xy/Nl9POnvQ4lB3Nt8EULoDXCpsrQcClUV
vnVZN+zh20fa/Gry1v+JyKwSzAyfu7gLKf4+MyZXCW8WxzfSGv1U8b+nfPoN3x4e
F7USnYyKL7f4i+OgMhZTC6BDxXzP1aFqx3mx5GaPyaDl0KkCWbQeRM4KbCATGkNE
l8YVOq7kroBn0pw1477THTx/wpk97H2DZcnxS4kUBCJyDwUQRtr2r89soINozQ3X
kiHTkcrkrMFJXZLR2g0+rJXCBWRkQs70lkx9I450YwZw3eTYtf4PK65oswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApOdXgNPNbKiyAs4sGstxF7cpv5MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvQ2s1MWVBMDgxc3FMSUN6aXdheTNFWHR5bV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp/MA0G
CSqGSIb3DQEBCwUAA4IBAQBj9K7a/3+kEDTJZcp8zv1bLscfQqFAs3hIjPyrYV45
p+6N09dn1YA9PtO96dFQ/KVhbNVm61ZaOKcL+GY/C6uuFgY/Tdg/PcMRE2HvrpGg
3gfno7nBay8U8JoWT/vfuH7VbY7qDcoP//Z3OcANlaMaD9wfHS9EJgbBy8P/g1+7
JuKlvsjC7gmaN3N2PBH44fcGrxurSFzNGBbrXCBylnX8xdJoa4qRbzTFaa1UZZ+l
qWx1W7RH38fdKpFhVVd+RmYXWYFDa15kDoavpLu8p3S4bZKJGvx92+fGYjmboDyM
28oSnEP2osXSPXVJ2hYMn4HKw3E5vOzNYA0EtX13cskZ
-----END CERTIFICATE-----