Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/uGyfl12bvyJ2eV3o7doqVU6voOE.roa
File:                     uGyfl12bvyJ2eV3o7doqVU6voOE.roa (raw, json)
Hash identifier:          a09UlLa9GmADfOkOHhG1EZH/uY1F2w2X5XhkL2/q/aU=
Subject key identifier:   B8:6C:9F:97:5D:9B:BF:22:76:79:5D:E8:ED:DA:2A:55:4E:AF:A0:E1
Certificate issuer:       /CN=24147c8b3f37850e9f9074993845c4e069f8efe2
Certificate serial:       0196618ECD72B955527126DE45B66679C529
Authority key identifier: 24:14:7C:8B:3F:37:85:0E:9F:90:74:99:38:45:C4:E0:69:F8:EF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBR8iz83hQ6fkHSZOEXE4Gn47-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/uGyfl12bvyJ2eV3o7doqVU6voOE.roa
Signing time:             Wed 23 Apr 2025 07:31:10 +0000
ROA not before:           Wed 23 Apr 2025 07:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        31.187.0.0/18 maxlen: 18
                          31.187.0.0/19 maxlen: 19
                          31.187.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/JBR8iz83hQ6fkHSZOEXE4Gn47-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/JBR8iz83hQ6fkHSZOEXE4Gn47-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBR8iz83hQ6fkHSZOEXE4Gn47-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:8e:cd:72:b9:55:52:71:26:de:45:b6:66:79:c5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24147c8b3f37850e9f9074993845c4e069f8efe2
        Validity
            Not Before: Apr 23 07:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b86c9f975d9bbf2276795de8edda2a554eafa0e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cc:6a:c7:0f:76:d1:d5:22:f0:31:7d:23:f8:
                    36:3f:2e:ef:6a:ca:98:c6:8e:c5:06:4d:95:53:ce:
                    16:4b:b0:2d:a6:ae:21:70:61:33:a4:1f:f7:7f:be:
                    e6:e5:36:77:2c:44:1e:29:80:9b:0f:65:40:ce:bb:
                    98:34:6e:47:f9:9a:3a:bd:02:b1:3f:6a:a0:ab:71:
                    7d:57:9a:b8:6c:9f:0c:7f:a5:30:39:b5:35:37:c4:
                    40:56:3d:0a:c3:1f:f7:c5:48:f8:c9:dc:95:b8:03:
                    dd:be:bd:ce:4a:af:66:4e:63:1d:64:45:4f:cd:1b:
                    92:cc:be:22:86:97:50:eb:4a:32:67:fd:a3:e4:91:
                    cf:9c:ae:40:54:ba:09:39:46:35:3a:a8:d1:61:09:
                    bc:53:9a:ad:49:e7:4e:b7:0f:d2:1b:9d:24:56:ad:
                    79:58:54:43:5f:a4:44:0a:33:91:e5:0f:b9:e4:86:
                    b9:5e:ed:0f:82:46:0f:33:ce:fe:28:9a:a7:b6:7f:
                    38:4e:6e:6e:1f:a6:99:28:2a:d3:cd:10:b0:93:1c:
                    4d:48:85:83:50:d5:10:27:46:2d:ba:fc:df:06:05:
                    88:f1:14:d9:f0:3a:3d:7c:fd:3b:f7:e2:0a:c0:f0:
                    3f:58:74:ac:fb:28:b8:81:2f:22:c8:4b:a3:92:b4:
                    78:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:6C:9F:97:5D:9B:BF:22:76:79:5D:E8:ED:DA:2A:55:4E:AF:A0:E1
            X509v3 Authority Key Identifier:
                keyid:24:14:7C:8B:3F:37:85:0E:9F:90:74:99:38:45:C4:E0:69:F8:EF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBR8iz83hQ6fkHSZOEXE4Gn47-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/uGyfl12bvyJ2eV3o7doqVU6voOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/JBR8iz83hQ6fkHSZOEXE4Gn47-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         77:ca:c7:13:e4:e9:f1:45:c0:54:5e:45:d4:23:a4:82:3c:c7:
         33:43:fc:d9:fb:83:5d:b9:84:d8:40:95:ed:be:08:bc:38:bc:
         f8:5b:ed:cc:e5:19:8c:d9:0a:27:fd:ca:d9:7e:19:a4:70:53:
         d7:c5:2f:a9:b3:5e:d2:69:38:2b:b9:cf:ad:b1:ac:7a:84:23:
         93:f9:f8:f1:37:63:9c:ed:bb:43:39:8b:4e:7a:dc:3f:20:b7:
         61:f9:0a:d6:38:87:0a:40:0f:82:ad:f3:35:3d:94:ce:55:81:
         3f:e2:25:d8:78:75:6d:16:86:bc:e0:44:0a:3f:de:08:85:43:
         08:8a:34:e7:a3:f4:90:1d:21:aa:d2:6b:ac:b1:9f:cc:45:20:
         b4:b5:c7:25:dd:44:04:66:68:eb:e3:06:72:64:28:c3:4f:05:
         85:c0:4a:07:1a:78:5e:ba:58:63:4d:9e:43:7e:d6:79:80:b8:
         0a:ce:0b:4c:a3:6b:1d:b6:b3:99:dc:cb:d4:e9:a5:64:96:fe:
         e8:46:0f:1f:a2:82:ab:e4:45:14:9f:26:25:92:04:92:c6:c6:
         45:b5:7f:8e:2c:74:7d:bc:27:83:a6:6b:e5:f7:45:22:94:16:
         fd:d2:4c:f1:de:ad:16:e1:ef:01:f9:02:41:4a:61:46:f3:03:
         26:bf:f0:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZhjs1yuVVScSbeRbZmecUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTQ3YzhiM2YzNzg1MGU5ZjkwNzQ5OTM4NDVjNGUwNjlm
OGVmZTIwHhcNMjUwNDIzMDczMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODZjOWY5NzVkOWJiZjIyNzY3OTVkZThlZGRhMmE1NTRlYWZhMGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycxqxw920dUi8DF9I/g2Py7vasqY
xo7FBk2VU84WS7Atpq4hcGEzpB/3f77m5TZ3LEQeKYCbD2VAzruYNG5H+Zo6vQKx
P2qgq3F9V5q4bJ8Mf6UwObU1N8RAVj0Kwx/3xUj4ydyVuAPdvr3OSq9mTmMdZEVP
zRuSzL4ihpdQ60oyZ/2j5JHPnK5AVLoJOUY1OqjRYQm8U5qtSedOtw/SG50kVq15
WFRDX6RECjOR5Q+55Ia5Xu0PgkYPM87+KJqntn84Tm5uH6aZKCrTzRCwkxxNSIWD
UNUQJ0YtuvzfBgWI8RTZ8Do9fP079+IKwPA/WHSs+yi4gS8iyEujkrR44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhsn5ddm78idnld6O3aKlVOr6DhMB8GA1UdIwQY
MBaAFCQUfIs/N4UOn5B0mThFxOBp+O/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJSOGl6ODNoUTZma0hTWk9FWEU0R240Ny1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS84ZGE1ZmUtZjQwNS00Y2UwLWIyZDEt
YjM1MzViNGNhNTBmLzEvdUd5ZmwxMmJ2eUoyZVYzbzdkb3FWVTZ2b09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS84ZGE1ZmUtZjQwNS00Y2UwLWIyZDEtYjM1MzViNGNhNTBm
LzEvSkJSOGl6ODNoUTZma0hTWk9FWEU0R240Ny1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGH7sAMA0G
CSqGSIb3DQEBCwUAA4IBAQB3yscT5OnxRcBUXkXUI6SCPMczQ/zZ+4NduYTYQJXt
vgi8OLz4W+3M5RmM2Qon/crZfhmkcFPXxS+ps17SaTgruc+tsax6hCOT+fjxN2Oc
7btDOYtOetw/ILdh+QrWOIcKQA+CrfM1PZTOVYE/4iXYeHVtFoa84EQKP94IhUMI
ijTno/SQHSGq0mussZ/MRSC0tccl3UQEZmjr4wZyZCjDTwWFwEoHGnheulhjTZ5D
ftZ5gLgKzgtMo2sdtrOZ3MvU6aVklv7oRg8fooKr5EUUnyYlkgSSxsZFtX+OLHR9
vCeDpmvl90UilBb90kzx3q0W4e8B+QJBSmFG8wMmv/Cu
-----END CERTIFICATE-----