Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZO05M0sRqbnymzVc7a5naFSjE4.roa
File:                     cZO05M0sRqbnymzVc7a5naFSjE4.roa (raw, json)
Hash identifier:          yAgIYM5UJCMMeP9ycBFMreVK9CLoeSx0sbpuOs7zWPc=
Subject key identifier:   71:93:B4:E4:CD:2C:46:A6:E7:CA:6C:D5:73:B6:B9:9D:A1:52:8C:4E
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       01993D1D51CC29856A23BCC4F9514BB43E25
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZO05M0sRqbnymzVc7a5naFSjE4.roa
Signing time:             Fri 12 Sep 2025 08:49:15 +0000
ROA not before:           Fri 12 Sep 2025 08:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214305
IP address blocks:        5.56.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 14:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:1d:51:cc:29:85:6a:23:bc:c4:f9:51:4b:b4:3e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Sep 12 08:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7193b4e4cd2c46a6e7ca6cd573b6b99da1528c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:af:16:98:ab:7f:b1:f3:dc:18:00:ec:e0:69:
                    4b:ae:f8:2c:ed:7a:b1:2d:1d:db:cc:54:8b:f1:43:
                    53:1b:54:b0:e2:ab:f7:d1:70:52:20:ec:46:e3:79:
                    74:25:b9:e4:55:87:d8:16:ff:5e:db:e9:4b:de:5a:
                    40:86:44:17:a2:4e:a8:23:a9:c7:3d:c0:0c:94:f2:
                    6a:0a:56:c7:b9:2d:e7:cd:07:3e:3f:3b:0c:ac:ec:
                    90:59:20:9f:0f:f0:13:88:60:6c:f7:d7:de:a2:45:
                    b4:b1:5b:fe:5c:f9:3a:69:4c:ed:60:74:3b:1f:02:
                    e9:5d:87:fc:98:f8:73:01:51:31:f2:be:2c:de:54:
                    f4:d1:14:00:34:19:e4:c4:f7:7a:81:4c:a3:d3:20:
                    90:ae:62:1c:ca:0a:50:2d:6a:bb:aa:46:cc:89:9d:
                    bd:35:c5:3c:d3:04:00:0a:f4:fb:c1:44:dd:e3:6a:
                    81:2d:aa:0a:7b:3f:e9:8e:ed:48:63:b0:bf:fb:fa:
                    85:ea:21:58:d2:56:7e:60:cd:6f:e4:46:f5:45:cd:
                    9e:2d:99:50:07:e1:01:23:31:8b:e2:dc:4a:d0:af:
                    e3:e1:13:a4:2e:7d:8b:28:d6:7f:79:95:ac:96:db:
                    ec:a8:cb:e4:17:6e:58:c0:8e:95:3f:0b:0e:eb:4b:
                    f2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:93:B4:E4:CD:2C:46:A6:E7:CA:6C:D5:73:B6:B9:9D:A1:52:8C:4E
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZO05M0sRqbnymzVc7a5naFSjE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:05:f5:84:20:93:67:23:ff:aa:05:0d:51:92:db:5c:34:d3:
         06:a7:e2:5d:a7:df:f3:72:f8:83:26:1c:e5:0a:8e:13:f8:4d:
         9a:15:89:ac:7e:96:e7:6b:c2:a4:2f:b8:f1:87:49:02:c0:e2:
         96:f6:2e:01:a6:e5:f0:65:47:90:45:44:3b:12:0b:1f:87:7c:
         04:0a:2a:e0:57:02:e5:fb:11:92:5d:44:18:b3:18:fd:4a:5f:
         50:14:4f:bc:57:43:ac:f8:c7:9d:87:6a:f3:79:0d:27:fe:54:
         1c:bf:96:8b:24:27:36:11:6a:cc:c6:d2:b8:96:58:ec:7e:c4:
         5e:76:fe:d4:53:82:a9:c8:23:d2:c6:2c:98:e4:48:f5:ca:f1:
         d5:62:0a:b1:9e:01:53:04:7f:fc:0b:61:85:0e:95:a4:7f:fa:
         dd:58:1a:4a:16:8c:ef:19:66:34:d8:65:f6:d2:b4:42:d9:be:
         f4:b3:de:56:e6:be:26:41:70:8f:3a:6b:35:77:f5:93:c1:30:
         40:b0:ed:9f:d9:78:ce:a2:b8:24:8a:77:71:ac:5d:86:ee:f4:
         31:b0:f3:ad:25:71:9c:19:c0:11:b3:73:69:56:c0:49:49:3d:
         66:82:51:3e:43:7b:91:4a:3a:03:9f:53:77:1a:e0:24:b7:62:
         51:78:c5:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9HVHMKYVqI7zE+VFLtD4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwOTEyMDg0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkzYjRlNGNkMmM0NmE2ZTdjYTZjZDU3M2I2Yjk5ZGExNTI4YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzK8WmKt/sfPcGADs4GlLrvgs7Xqx
LR3bzFSL8UNTG1Sw4qv30XBSIOxG43l0JbnkVYfYFv9e2+lL3lpAhkQXok6oI6nH
PcAMlPJqClbHuS3nzQc+PzsMrOyQWSCfD/ATiGBs99feokW0sVv+XPk6aUztYHQ7
HwLpXYf8mPhzAVEx8r4s3lT00RQANBnkxPd6gUyj0yCQrmIcygpQLWq7qkbMiZ29
NcU80wQACvT7wUTd42qBLaoKez/pju1IY7C/+/qF6iFY0lZ+YM1v5Eb1Rc2eLZlQ
B+EBIzGL4txK0K/j4ROkLn2LKNZ/eZWsltvsqMvkF25YwI6VPwsO60vy9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGTtOTNLEam58ps1XO2uZ2hUoxOMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvY1pPMDVNMHNScWJueW16VmM3YTVuYUZTakU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgfMA0G
CSqGSIb3DQEBCwUAA4IBAQAMBfWEIJNnI/+qBQ1RkttcNNMGp+Jdp9/zcviDJhzl
Co4T+E2aFYmsfpbna8KkL7jxh0kCwOKW9i4BpuXwZUeQRUQ7Egsfh3wECirgVwLl
+xGSXUQYsxj9Sl9QFE+8V0Os+Medh2rzeQ0n/lQcv5aLJCc2EWrMxtK4lljsfsRe
dv7UU4KpyCPSxiyY5Ej1yvHVYgqxngFTBH/8C2GFDpWkf/rdWBpKFozvGWY02GX2
0rRC2b70s95W5r4mQXCPOms1d/WTwTBAsO2f2XjOorgkindxrF2G7vQxsPOtJXGc
GcARs3NpVsBJST1mglE+Q3uRSjoDn1N3GuAkt2JReMXf
-----END CERTIFICATE-----