Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/v5gv7oTWjIuVa1Yqf7whGc0SKGg.roa
File:                     v5gv7oTWjIuVa1Yqf7whGc0SKGg.roa (raw, json)
Hash identifier:          iWPDt7P0zADL3HzbERUHmzurGxkuTYnzNn29hWm+GdY=
Subject key identifier:   BF:98:2F:EE:84:D6:8C:8B:95:6B:56:2A:7F:BC:21:19:CD:12:28:68
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0195DC946DBB59A7369C48F164C63D54DCBE
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/v5gv7oTWjIuVa1Yqf7whGc0SKGg.roa
Signing time:             Fri 28 Mar 2025 11:47:49 +0000
ROA not before:           Fri 28 Mar 2025 11:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        31.42.124.0/24 maxlen: 24
                          31.42.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dc:94:6d:bb:59:a7:36:9c:48:f1:64:c6:3d:54:dc:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Mar 28 11:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf982fee84d68c8b956b562a7fbc2119cd122868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c8:ea:38:cb:a4:13:73:e0:75:84:05:24:76:
                    06:9b:59:64:42:74:18:01:f2:e6:17:2c:d7:89:cc:
                    13:c1:05:86:a5:55:7a:1f:d8:dd:5b:51:0e:89:3d:
                    d3:64:3f:0e:e9:92:10:26:65:36:64:b9:4d:61:db:
                    58:a7:a7:87:ca:eb:17:7c:a4:bc:6e:0d:aa:63:88:
                    66:34:6f:fb:7a:9c:91:af:0f:45:5d:a5:98:33:c4:
                    1a:92:37:fb:e6:6d:44:ce:32:7e:83:93:73:55:d3:
                    8f:c2:76:fb:23:1f:1f:fa:1f:f7:43:6b:da:46:cf:
                    e7:8d:24:51:00:94:e8:93:6a:2f:ad:8f:11:87:f5:
                    59:6f:42:97:05:e6:c2:68:e7:dd:fd:07:a0:61:33:
                    f9:2f:05:fc:69:1b:a6:03:e6:9e:d2:06:b2:c1:b7:
                    84:2e:c0:11:c3:60:e2:67:23:46:50:64:bd:61:cd:
                    8a:97:ca:81:70:4d:37:62:d1:9b:a8:61:87:ae:c5:
                    16:d2:1e:9e:42:d0:f2:c7:07:06:15:a1:5f:c3:aa:
                    31:50:26:a8:9c:83:52:ae:86:68:37:2d:ee:5d:f9:
                    10:2c:d6:12:cc:bb:67:c5:a5:ae:40:7e:3b:03:fb:
                    56:89:90:58:c7:80:54:1e:ee:de:fe:3e:1b:ca:c0:
                    0a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:98:2F:EE:84:D6:8C:8B:95:6B:56:2A:7F:BC:21:19:CD:12:28:68
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/v5gv7oTWjIuVa1Yqf7whGc0SKGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.124.0/24
                  31.42.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:1e:64:68:45:3e:d2:3b:44:76:f2:a5:0a:ee:eb:e3:a9:79:
         52:2b:de:5c:85:e9:3e:5a:6a:91:6c:cb:9e:db:78:91:a2:ed:
         93:8a:40:8e:b5:51:f1:59:6a:8b:f5:91:06:9b:6c:bc:58:60:
         fa:82:c0:4c:7a:df:ef:e9:2b:80:38:5f:3d:00:1d:52:e7:77:
         12:89:c4:b2:2b:a1:19:21:73:c5:43:7f:e3:c4:da:81:38:78:
         3e:8b:e1:0f:0d:b8:8c:25:69:ba:eb:f6:6f:d9:32:76:2d:4d:
         7c:f3:e5:18:81:8f:3b:30:53:02:be:9a:20:d2:25:0e:1e:10:
         ed:4f:5a:37:a3:4b:6d:1c:fb:ec:81:34:97:98:5e:50:63:36:
         d3:0a:6c:49:e8:82:94:45:f5:73:34:4f:d6:55:af:07:65:8b:
         ac:5c:26:16:bd:38:82:2a:83:77:d5:ca:8f:81:0d:88:85:a8:
         16:f6:66:06:53:85:20:cc:09:bf:e9:ac:c6:f5:1a:23:72:6c:
         d8:b1:db:79:03:13:b4:5f:12:21:0b:7c:cf:39:30:46:5c:8b:
         56:ab:63:6a:93:e4:b9:ff:7d:26:64:24:f6:9e:93:5b:e2:3d:
         94:5a:2f:67:db:05:81:44:ee:22:d4:b3:78:f6:76:f0:f0:c4:
         1c:f9:f0:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXclG27Wac2nEjxZMY9VNy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwMzI4MTE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjk4MmZlZTg0ZDY4YzhiOTU2YjU2MmE3ZmJjMjExOWNkMTIyODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8jqOMukE3PgdYQFJHYGm1lkQnQY
AfLmFyzXicwTwQWGpVV6H9jdW1EOiT3TZD8O6ZIQJmU2ZLlNYdtYp6eHyusXfKS8
bg2qY4hmNG/7epyRrw9FXaWYM8Qakjf75m1EzjJ+g5NzVdOPwnb7Ix8f+h/3Q2va
Rs/njSRRAJTok2ovrY8Rh/VZb0KXBebCaOfd/QegYTP5LwX8aRumA+ae0gaywbeE
LsARw2DiZyNGUGS9Yc2Kl8qBcE03YtGbqGGHrsUW0h6eQtDyxwcGFaFfw6oxUCao
nINSroZoNy3uXfkQLNYSzLtnxaWuQH47A/tWiZBYx4BUHu7e/j4bysAKBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+YL+6E1oyLlWtWKn+8IRnNEihoMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvdjVndjdvVFdqSXVWYTFZcWY3d2hHYzBTS0dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyp8AwQA
Hyp+MA0GCSqGSIb3DQEBCwUAA4IBAQA3HmRoRT7SO0R28qUK7uvjqXlSK95chek+
WmqRbMue23iRou2TikCOtVHxWWqL9ZEGm2y8WGD6gsBMet/v6SuAOF89AB1S53cS
icSyK6EZIXPFQ3/jxNqBOHg+i+EPDbiMJWm66/Zv2TJ2LU188+UYgY87MFMCvpog
0iUOHhDtT1o3o0ttHPvsgTSXmF5QYzbTCmxJ6IKURfVzNE/WVa8HZYusXCYWvTiC
KoN31cqPgQ2IhagW9mYGU4UgzAm/6azG9RojcmzYsdt5AxO0XxIhC3zPOTBGXItW
q2Nqk+S5/30mZCT2npNb4j2UWi9n2wWBRO4i1LN49nbw8MQc+fDx
-----END CERTIFICATE-----