Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/GcZeqFRM3Vo0APvxkyx_MnzPveU.roa
File:                     GcZeqFRM3Vo0APvxkyx_MnzPveU.roa (raw, json)
Hash identifier:          a4xzh+76qyVv2r1JqzdGIwl68kZYtgkEbksxJPUpquk=
Subject key identifier:   19:C6:5E:A8:54:4C:DD:5A:34:00:FB:F1:93:2C:7F:32:7C:CF:BD:E5
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       0194266A2A4C489F8C9A02901CC9EE4B7011
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/GcZeqFRM3Vo0APvxkyx_MnzPveU.roa
Signing time:             Thu 02 Jan 2025 09:47:59 +0000
ROA not before:           Thu 02 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48641
IP address blocks:        31.133.96.0/23 maxlen: 23
                          2a04:d040::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:2a:4c:48:9f:8c:9a:02:90:1c:c9:ee:4b:70:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  2 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19c65ea8544cdd5a3400fbf1932c7f327ccfbde5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:07:63:9c:3b:17:d2:0a:8e:6a:8b:94:34:d5:
                    92:54:0c:47:bd:a5:5b:f7:c8:90:66:04:4d:a8:5a:
                    2e:d1:56:24:98:16:7c:87:ac:05:c4:7b:25:55:a0:
                    ee:aa:33:d5:0e:a6:02:e6:78:3b:c8:64:c2:42:a5:
                    77:29:47:b6:19:ec:ad:d8:85:d5:44:f7:af:e3:47:
                    6a:34:8a:f2:59:90:11:33:66:0d:a4:d8:48:fe:a5:
                    04:72:a5:37:91:dc:5e:26:df:ea:11:fc:22:da:d9:
                    16:cb:00:11:5b:01:ce:f4:ab:8f:63:7c:da:6a:6c:
                    e6:5f:a2:05:be:26:0c:ba:13:88:8b:8b:fa:65:ec:
                    ab:41:c8:ab:03:6e:52:a3:3f:dd:95:30:6f:7f:a4:
                    96:e3:00:c5:fc:1a:05:41:a7:9c:44:17:31:5b:b1:
                    d5:ab:92:f7:1a:f8:5b:39:30:a0:a8:c2:06:5d:22:
                    c0:46:7e:34:92:9d:77:74:14:e5:aa:ce:ac:4f:b3:
                    08:d9:a8:f8:4d:c7:ae:cf:ba:30:1e:7b:e5:e9:5d:
                    e2:fc:90:c5:51:ca:76:48:98:6a:65:5d:19:a3:d0:
                    a0:d9:44:92:e7:50:7d:52:e7:6a:78:5b:c4:9d:f6:
                    6f:56:85:c0:da:41:79:cc:67:b6:92:34:91:4a:5a:
                    a4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C6:5E:A8:54:4C:DD:5A:34:00:FB:F1:93:2C:7F:32:7C:CF:BD:E5
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/GcZeqFRM3Vo0APvxkyx_MnzPveU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.96.0/23
                IPv6:
                  2a04:d040::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:f0:7f:6b:eb:47:06:0d:b8:01:02:5e:35:68:a7:b4:81:bf:
         37:4d:82:36:a7:43:49:fd:e0:43:b2:69:a1:88:dc:a3:a0:8c:
         dd:cf:09:9a:7a:ce:2b:ca:74:a1:d2:8d:66:48:3d:7a:c2:ed:
         4a:6c:e3:58:47:32:c1:a4:88:e3:64:97:37:2f:d3:96:9a:73:
         a6:18:c2:e2:e1:26:1d:12:b4:e7:87:19:83:16:bb:5a:fa:a6:
         76:3b:18:e2:8b:f1:c1:7b:c7:ae:1b:ea:b4:83:aa:14:48:39:
         0b:79:a2:dc:e0:cd:bb:db:b1:e3:7c:bb:f2:38:ed:12:ab:37:
         3b:b0:fe:c6:3c:28:8b:f8:0a:9d:d2:56:e3:62:be:9f:72:74:
         e3:58:d7:65:c1:ff:56:83:1f:f4:47:b1:f9:42:23:e6:16:f7:
         30:b5:ca:e6:bd:5f:5d:46:29:d8:e2:8a:dc:98:15:87:5f:72:
         bb:28:51:30:99:8d:39:a2:e9:34:1e:d7:f4:94:b6:08:8c:f2:
         0d:cd:8a:92:cc:57:5a:00:c7:c2:f0:cf:b4:bc:02:02:60:ea:
         26:5c:32:9c:05:2c:9f:24:76:20:4d:fa:2f:c8:a7:a6:1c:5a:
         5f:43:8e:59:3f:f7:58:40:65:9c:6c:d1:36:48:ff:ac:b9:9f:
         a0:c0:0c:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmaipMSJ+MmgKQHMnuS3ARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwMTAyMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWM2NWVhODU0NGNkZDVhMzQwMGZiZjE5MzJjN2YzMjdjY2ZiZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQdjnDsX0gqOaouUNNWSVAxHvaVb
98iQZgRNqFou0VYkmBZ8h6wFxHslVaDuqjPVDqYC5ng7yGTCQqV3KUe2Geyt2IXV
RPev40dqNIryWZARM2YNpNhI/qUEcqU3kdxeJt/qEfwi2tkWywARWwHO9KuPY3za
amzmX6IFviYMuhOIi4v6ZeyrQcirA25Soz/dlTBvf6SW4wDF/BoFQaecRBcxW7HV
q5L3GvhbOTCgqMIGXSLARn40kp13dBTlqs6sT7MI2aj4Tceuz7owHnvl6V3i/JDF
Ucp2SJhqZV0Zo9Cg2USS51B9UudqeFvEnfZvVoXA2kF5zGe2kjSRSlqkvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBnGXqhUTN1aNAD78ZMsfzJ8z73lMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvR2NaZXFGUk0zVm8wQVB2eGt5eF9NbnpQdmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBH4VgMA0E
AgACMAcDBQMqBNBAMA0GCSqGSIb3DQEBCwUAA4IBAQBu8H9r60cGDbgBAl41aKe0
gb83TYI2p0NJ/eBDsmmhiNyjoIzdzwmaes4rynSh0o1mSD16wu1KbONYRzLBpIjj
ZJc3L9OWmnOmGMLi4SYdErTnhxmDFrta+qZ2Oxjii/HBe8euG+q0g6oUSDkLeaLc
4M2727HjfLvyOO0Sqzc7sP7GPCiL+Aqd0lbjYr6fcnTjWNdlwf9Wgx/0R7H5QiPm
FvcwtcrmvV9dRinY4orcmBWHX3K7KFEwmY05ouk0Htf0lLYIjPINzYqSzFdaAMfC
8M+0vAICYOomXDKcBSyfJHYgTfovyKemHFpfQ45ZP/dYQGWcbNE2SP+suZ+gwAxx
-----END CERTIFICATE-----