Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sWIjgX3QVxVSX26S9pHF5E3pjN4.roa
File:                     sWIjgX3QVxVSX26S9pHF5E3pjN4.roa (raw, json)
Hash identifier:          d9FlA8hG+kNnltDamJSIQnXgFCOCvEUasZrP2Lzdiqs=
Subject key identifier:   B1:62:23:81:7D:D0:57:15:52:5F:6E:92:F6:91:C5:E4:4D:E9:8C:DE
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       01974AABBABE29C0B2BC2FB459413626DBCC
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sWIjgX3QVxVSX26S9pHF5E3pjN4.roa
Signing time:             Sat 07 Jun 2025 13:54:17 +0000
ROA not before:           Sat 07 Jun 2025 13:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48737
IP address blocks:        31.169.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4a:ab:ba:be:29:c0:b2:bc:2f:b4:59:41:36:26:db:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jun  7 13:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b16223817dd05715525f6e92f691c5e44de98cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:89:da:33:6f:bb:47:4f:9a:f1:b6:b3:87:2f:
                    b7:c4:75:60:eb:7e:28:6f:52:7b:ac:b3:81:5a:c9:
                    97:e1:56:e1:0a:ca:d7:ae:1c:09:f5:53:4d:cb:22:
                    42:82:cd:29:05:8f:fc:e3:1e:b0:f3:bc:c1:5e:9e:
                    51:06:e7:b6:38:eb:af:bb:d2:eb:27:97:62:f3:a2:
                    ef:64:1e:28:aa:cd:55:a3:51:8b:fb:cb:46:0c:cf:
                    65:57:79:03:76:c9:9d:12:f4:d2:c8:2d:4c:f2:3e:
                    ff:83:b7:58:d3:86:ff:2c:ee:86:2f:bd:f7:d1:4c:
                    c0:3d:43:90:ff:3d:47:a8:0a:7c:1e:6a:f0:a6:f4:
                    f9:3f:02:19:9d:c0:7f:f7:c8:46:aa:ac:6b:09:63:
                    fb:66:0a:19:13:4e:5d:97:9b:a1:a0:2a:8c:3a:af:
                    b1:25:29:ca:1e:31:03:26:77:9f:91:ed:ae:e4:9f:
                    35:09:88:37:ee:17:bc:0c:49:1f:63:2a:9f:1d:96:
                    d7:03:9c:14:ce:d6:5f:46:70:3e:21:39:d8:8f:a5:
                    5b:4b:3f:c7:73:5f:b1:fc:fb:f1:cb:66:34:93:6c:
                    69:4f:8b:93:d6:61:c8:27:de:a2:ab:e0:ca:27:47:
                    b6:32:70:47:dc:fe:6c:b0:95:e4:14:dc:28:c1:bb:
                    79:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:62:23:81:7D:D0:57:15:52:5F:6E:92:F6:91:C5:E4:4D:E9:8C:DE
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sWIjgX3QVxVSX26S9pHF5E3pjN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:13:f3:ef:1e:e5:cf:89:3b:9f:36:50:9d:55:9f:5e:1c:ef:
         be:d3:c9:d3:b3:e6:7a:4b:70:e1:02:38:c0:42:a9:cd:18:5d:
         42:60:0a:ac:5a:8d:47:cb:6a:51:52:5c:a1:e4:dc:57:86:6c:
         71:3e:11:56:c2:14:07:91:ae:06:e5:44:53:21:40:58:d2:5d:
         d5:34:bb:75:c5:12:d3:b8:a1:42:ce:c9:42:04:96:7c:5f:ca:
         58:24:f1:da:bc:6a:79:af:36:99:17:32:72:8c:f4:fc:a9:73:
         2e:32:66:7e:16:76:4d:7b:dc:a9:ab:36:d5:23:40:23:87:90:
         56:65:3e:e8:18:30:2c:f2:69:52:bf:6e:c9:04:d7:1c:4a:61:
         1e:10:66:91:8b:cc:f4:d1:c3:3c:59:eb:1c:eb:02:38:e1:88:
         39:f3:db:9a:37:1b:b3:4d:a2:72:68:ac:82:cd:ae:41:05:2f:
         34:42:fc:dd:7a:df:cd:6d:9b:24:93:8e:ad:c2:10:64:6f:d4:
         51:c4:c0:56:c4:92:c8:ff:7d:45:8c:26:83:51:7c:21:96:77:
         b6:28:72:a1:78:43:22:67:fd:ce:c8:b6:1e:fc:74:2d:e5:3b:
         1d:87:20:e6:af:ff:90:82:ce:4c:e3:bc:99:e4:19:2c:f1:72:
         f0:52:45:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdKq7q+KcCyvC+0WUE2JtvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjUwNjA3MTM1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTYyMjM4MTdkZDA1NzE1NTI1ZjZlOTJmNjkxYzVlNDRkZTk4Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvonaM2+7R0+a8bazhy+3xHVg634o
b1J7rLOBWsmX4VbhCsrXrhwJ9VNNyyJCgs0pBY/84x6w87zBXp5RBue2OOuvu9Lr
J5di86LvZB4oqs1Vo1GL+8tGDM9lV3kDdsmdEvTSyC1M8j7/g7dY04b/LO6GL733
0UzAPUOQ/z1HqAp8HmrwpvT5PwIZncB/98hGqqxrCWP7ZgoZE05dl5uhoCqMOq+x
JSnKHjEDJnefke2u5J81CYg37he8DEkfYyqfHZbXA5wUztZfRnA+ITnYj6VbSz/H
c1+x/Pvxy2Y0k2xpT4uT1mHIJ96iq+DKJ0e2MnBH3P5ssJXkFNwowbt5OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFiI4F90FcVUl9ukvaRxeRN6YzeMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvc1dJamdYM1FWeFZTWDI2UzlwSEY1RTNwak40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lLMA0G
CSqGSIb3DQEBCwUAA4IBAQCoE/PvHuXPiTufNlCdVZ9eHO++08nTs+Z6S3DhAjjA
QqnNGF1CYAqsWo1Hy2pRUlyh5NxXhmxxPhFWwhQHka4G5URTIUBY0l3VNLt1xRLT
uKFCzslCBJZ8X8pYJPHavGp5rzaZFzJyjPT8qXMuMmZ+FnZNe9ypqzbVI0Ajh5BW
ZT7oGDAs8mlSv27JBNccSmEeEGaRi8z00cM8Wesc6wI44Yg589uaNxuzTaJyaKyC
za5BBS80Qvzdet/NbZskk46twhBkb9RRxMBWxJLI/31FjCaDUXwhlne2KHKheEMi
Z/3OyLYe/HQt5TsdhyDmr/+Qgs5M47yZ5Bks8XLwUkUy
-----END CERTIFICATE-----