Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/WXokG7cKriDfqWoaHraaATikOZM.roa
File:                     WXokG7cKriDfqWoaHraaATikOZM.roa (raw, json)
Hash identifier:          l03IsJpcA1hZ2SxrPxTFFWqboVv9JIckV/GXuLQrkcI=
Subject key identifier:   59:7A:24:1B:B7:0A:AE:20:DF:A9:6A:1A:1E:B6:9A:01:38:A4:39:93
Certificate issuer:       /CN=08418e9690d0fb711abf3874e1c500a627693c0a
Certificate serial:       0194228E35BDF7E2FD57B7E3B18B2CAD10A3
Authority key identifier: 08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/WXokG7cKriDfqWoaHraaATikOZM.roa
Signing time:             Wed 01 Jan 2025 15:48:52 +0000
ROA not before:           Wed 01 Jan 2025 15:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33171
IP address blocks:        31.217.254.0/24 maxlen: 24
                          2a11:7346::/32 maxlen: 32
                          2a11:7347::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:35:bd:f7:e2:fd:57:b7:e3:b1:8b:2c:ad:10:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08418e9690d0fb711abf3874e1c500a627693c0a
        Validity
            Not Before: Jan  1 15:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=597a241bb70aae20dfa96a1a1eb69a0138a43993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:40:39:68:cb:04:88:ce:68:a5:7a:3b:78:77:
                    f8:14:e7:a1:8e:ea:de:c7:0a:83:f5:f6:f1:f4:6f:
                    a2:0e:bd:b6:5f:34:bf:ab:21:46:1d:c0:2d:f7:4a:
                    1b:91:5c:3a:1a:99:df:36:08:d5:ab:a4:4d:3f:d6:
                    f3:64:8b:ee:02:d6:9b:e8:dd:7a:a1:e3:8c:7d:20:
                    e2:1c:e3:72:29:f0:d4:94:47:eb:69:45:07:ac:6d:
                    03:d3:d1:e1:0e:f9:b6:19:11:2a:f8:34:32:8e:7a:
                    cb:a0:38:99:0d:99:46:9c:4b:26:e6:4f:ba:8a:3f:
                    46:95:07:75:f6:b8:e6:af:b4:51:39:27:6f:1b:e5:
                    a1:df:36:b3:9f:52:b4:d8:b5:05:74:82:1f:a6:b4:
                    1b:17:12:02:04:21:96:9e:4c:21:6a:16:b1:29:9b:
                    29:70:87:4c:57:c5:d0:4a:1f:ad:4e:35:34:fe:d8:
                    fe:1a:79:fc:82:50:63:08:fa:08:f4:cf:e9:67:59:
                    14:7c:52:69:6a:0d:9c:fe:54:30:5c:d1:56:14:60:
                    b6:a6:57:f7:fb:91:b3:f2:93:39:87:43:52:7e:0e:
                    2e:29:b4:53:4a:ab:6a:ef:c8:44:f6:33:59:38:d3:
                    7a:84:61:fd:e7:be:13:a4:cb:8f:0c:3d:52:10:f3:
                    33:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7A:24:1B:B7:0A:AE:20:DF:A9:6A:1A:1E:B6:9A:01:38:A4:39:93
            X509v3 Authority Key Identifier:
                keyid:08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/WXokG7cKriDfqWoaHraaATikOZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.254.0/24
                IPv6:
                  2a11:7346::/31

    Signature Algorithm: sha256WithRSAEncryption
         09:96:ab:b6:80:98:40:ec:3a:7f:f3:c0:6e:ee:e8:53:8d:25:
         06:9e:b2:e1:7c:87:11:94:f4:2f:4f:0f:92:c7:b6:ab:24:1f:
         12:47:42:71:cf:79:b1:5c:f0:7f:5b:45:69:cb:03:ee:e0:c6:
         58:db:6b:e5:b9:d3:0d:51:b8:9d:19:bb:de:91:6d:5a:e0:1b:
         f9:6d:d2:fe:40:71:fa:22:ef:17:b9:c5:ce:5d:4f:79:ff:00:
         8d:ec:3c:9b:e0:d7:91:36:d4:fc:ae:26:85:3b:ee:b4:aa:0d:
         45:8d:a3:3a:ed:d2:fb:21:8c:7f:0c:35:4e:6f:69:75:32:19:
         70:f3:ee:29:8c:f6:d9:3d:f3:29:5e:49:2a:a7:6d:88:de:e1:
         2f:ba:5e:2f:f8:a8:7a:f4:23:22:05:81:ed:81:1a:d6:c3:be:
         0a:c4:6c:03:43:40:12:b2:21:8d:c0:8b:9f:30:af:d4:10:fd:
         c1:44:b9:03:a6:62:4a:0a:c3:bd:ef:38:6a:63:68:de:92:bc:
         60:11:e1:76:bc:67:7a:eb:a8:a3:c8:c2:b6:f5:be:50:a5:85:
         33:e2:14:a3:01:d3:70:7c:ad:c8:07:78:51:a7:19:9a:72:e7:
         95:85:dc:ff:77:c7:fd:19:f1:ee:a4:a1:66:10:1c:78:5f:22:
         d3:cd:e4:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijjW99+L9V7fjsYssrRCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDE4ZTk2OTBkMGZiNzExYWJmMzg3NGUxYzUwMGE2Mjc2
OTNjMGEwHhcNMjUwMTAxMTU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTdhMjQxYmI3MGFhZTIwZGZhOTZhMWExZWI2OWEwMTM4YTQzOTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UA5aMsEiM5opXo7eHf4FOehjure
xwqD9fbx9G+iDr22XzS/qyFGHcAt90obkVw6GpnfNgjVq6RNP9bzZIvuAtab6N16
oeOMfSDiHONyKfDUlEfraUUHrG0D09HhDvm2GREq+DQyjnrLoDiZDZlGnEsm5k+6
ij9GlQd19rjmr7RROSdvG+Wh3zazn1K02LUFdIIfprQbFxICBCGWnkwhahaxKZsp
cIdMV8XQSh+tTjU0/tj+Gnn8glBjCPoI9M/pZ1kUfFJpag2c/lQwXNFWFGC2plf3
+5Gz8pM5h0NSfg4uKbRTSqtq78hE9jNZONN6hGH9574TpMuPDD1SEPMzpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFl6JBu3Cq4g36lqGh62mgE4pDmTMB8GA1UdIwQY
MBaAFAhBjpaQ0PtxGr84dOHFAKYnaTwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYt
MjJjMGNhMjEzMzgwLzEvV1hva0c3Y0tyaURmcVdvYUhyYWFBVGlrT1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYtMjJjMGNhMjEzMzgw
LzEvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAH9n+MA0E
AgACMAcDBQEqEXNGMA0GCSqGSIb3DQEBCwUAA4IBAQAJlqu2gJhA7Dp/88Bu7uhT
jSUGnrLhfIcRlPQvTw+Sx7arJB8SR0Jxz3mxXPB/W0VpywPu4MZY22vludMNUbid
GbvekW1a4Bv5bdL+QHH6Iu8XucXOXU95/wCN7Dyb4NeRNtT8riaFO+60qg1FjaM6
7dL7IYx/DDVOb2l1Mhlw8+4pjPbZPfMpXkkqp22I3uEvul4v+Kh69CMiBYHtgRrW
w74KxGwDQ0ASsiGNwIufMK/UEP3BRLkDpmJKCsO97zhqY2jekrxgEeF2vGd666ij
yMK29b5QpYUz4hSjAdNwfK3IB3hRpxmacueVhdz/d8f9GfHupKFmEBx4XyLTzeQy
-----END CERTIFICATE-----