Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ch0MG1Pf_PwDPyZwFVxvjBk8eXE.roa
File:                     ch0MG1Pf_PwDPyZwFVxvjBk8eXE.roa (raw, json)
Hash identifier:          v4I5l9w0eZIAMijusASzIenyF5WUP0NZIKYlKivPmyQ=
Subject key identifier:   72:1D:0C:1B:53:DF:FC:FC:03:3F:26:70:15:5C:6F:8C:19:3C:79:71
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0196A380359C25EB0526BFE76F7C345A2A90
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ch0MG1Pf_PwDPyZwFVxvjBk8eXE.roa
Signing time:             Tue 06 May 2025 02:50:10 +0000
ROA not before:           Tue 06 May 2025 02:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        31.132.52.0/24 maxlen: 24
                          162.218.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a3:80:35:9c:25:eb:05:26:bf:e7:6f:7c:34:5a:2a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: May  6 02:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=721d0c1b53dffcfc033f2670155c6f8c193c7971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:d3:8c:fc:80:03:aa:2d:2f:97:e0:59:9a:
                    09:59:7c:b4:99:b6:0f:f7:62:f4:0e:ea:29:f9:ea:
                    3b:c2:b4:1b:fd:b8:c1:e6:1b:13:b8:0d:2a:75:e0:
                    b7:8f:bb:92:e4:dd:c5:ec:a6:4a:10:3a:5f:76:d8:
                    91:d1:0b:9e:c3:de:7c:34:52:5f:92:15:85:e2:6a:
                    57:af:20:5c:89:1a:e6:62:36:f9:2a:27:a5:29:14:
                    15:e1:ab:64:2c:85:8c:58:d7:97:53:ee:0b:d2:96:
                    69:b9:ed:e5:a4:85:84:a1:e5:eb:1f:ac:60:7f:04:
                    f8:e2:d7:92:5e:92:3c:5b:b9:e3:5b:aa:41:0c:10:
                    23:11:dc:28:c3:3d:22:81:f1:62:fe:3a:48:47:58:
                    42:92:56:db:96:08:1c:37:67:99:8c:88:16:ed:0f:
                    58:35:1f:cb:3c:55:5b:bf:db:85:12:46:b6:e9:23:
                    a4:08:2b:01:9f:9a:72:6b:1f:0e:be:f0:76:f1:10:
                    55:91:20:b3:65:35:51:e5:f8:9f:73:7d:9a:22:37:
                    f0:1e:f0:55:8e:92:25:ad:e7:d0:f6:ca:60:20:06:
                    92:09:e5:e5:8c:0d:6e:b1:9d:9e:bb:ae:90:f4:fb:
                    70:26:da:32:35:89:a2:24:9f:b4:5f:6a:09:a0:cf:
                    52:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:1D:0C:1B:53:DF:FC:FC:03:3F:26:70:15:5C:6F:8C:19:3C:79:71
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ch0MG1Pf_PwDPyZwFVxvjBk8eXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.52.0/24
                  162.218.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:df:61:73:b6:b0:7c:a2:12:f0:dd:2e:69:4c:65:88:3e:24:
         d3:1f:e4:d2:2b:c1:43:ec:ce:64:62:ac:3a:b2:31:e8:50:52:
         be:06:4e:7a:65:c4:dc:cf:54:ff:b4:f4:a3:45:22:bd:27:60:
         ac:2f:04:73:29:63:ca:33:4a:e5:89:b3:9b:c5:27:8c:00:d1:
         51:b0:15:b6:96:a0:d8:ee:5d:38:cd:c4:23:1a:76:12:1d:07:
         95:bf:dd:68:3c:de:f9:78:16:55:02:9d:05:c3:d4:ed:c3:1f:
         bf:15:71:e8:ff:5a:bb:ab:81:5c:d7:db:b0:a8:fc:10:3c:62:
         3c:9b:a8:01:eb:23:70:a9:f7:a9:80:62:67:3d:cb:4a:5e:a5:
         bc:0c:ee:9e:80:b7:5c:33:45:3f:8e:82:c6:70:74:21:36:45:
         0c:f4:20:3e:60:fb:5b:e3:0c:95:a3:a8:4d:81:e2:ad:ca:35:
         7a:ef:52:84:b4:bd:b3:cd:b9:6b:7e:e3:3c:2f:84:ea:4d:4b:
         40:62:e3:26:1e:81:51:5e:0b:82:21:82:c4:84:1b:8f:2f:50:
         f3:1e:5b:00:86:0f:43:38:b1:49:a8:47:a0:42:43:af:bc:d2:
         73:eb:19:81:df:7a:45:bd:8b:79:0f:9e:f8:d7:29:b7:9f:6d:
         e5:fb:8a:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZajgDWcJesFJr/nb3w0WiqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNTA2MDI1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjFkMGMxYjUzZGZmY2ZjMDMzZjI2NzAxNTVjNmY4YzE5M2M3OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLLTjPyAA6otL5fgWZoJWXy0mbYP
92L0Duop+eo7wrQb/bjB5hsTuA0qdeC3j7uS5N3F7KZKEDpfdtiR0Quew958NFJf
khWF4mpXryBciRrmYjb5KielKRQV4atkLIWMWNeXU+4L0pZpue3lpIWEoeXrH6xg
fwT44teSXpI8W7njW6pBDBAjEdwowz0igfFi/jpIR1hCklbblggcN2eZjIgW7Q9Y
NR/LPFVbv9uFEka26SOkCCsBn5pyax8OvvB28RBVkSCzZTVR5fifc32aIjfwHvBV
jpIlrefQ9spgIAaSCeXljA1usZ2eu66Q9PtwJtoyNYmiJJ+0X2oJoM9S+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHIdDBtT3/z8Az8mcBVcb4wZPHlxMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvY2gwTUcxUGZfUHdEUHlad0ZWeHZqQms4ZVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4Q0AwQA
otpfMA0GCSqGSIb3DQEBCwUAA4IBAQBS32FztrB8ohLw3S5pTGWIPiTTH+TSK8FD
7M5kYqw6sjHoUFK+Bk56ZcTcz1T/tPSjRSK9J2CsLwRzKWPKM0rlibObxSeMANFR
sBW2lqDY7l04zcQjGnYSHQeVv91oPN75eBZVAp0Fw9Ttwx+/FXHo/1q7q4Fc19uw
qPwQPGI8m6gB6yNwqfepgGJnPctKXqW8DO6egLdcM0U/joLGcHQhNkUM9CA+YPtb
4wyVo6hNgeKtyjV671KEtL2zzblrfuM8L4TqTUtAYuMmHoFRXguCIYLEhBuPL1Dz
HlsAhg9DOLFJqEegQkOvvNJz6xmB33pFvYt5D5741ym3n23l+4od
-----END CERTIFICATE-----