Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/d-c3fV9q29dsWUsutXEO_XUxELA.roa
File:                     d-c3fV9q29dsWUsutXEO_XUxELA.roa (raw, json)
Hash identifier:          odfjS8/wqJCuj1kyoe6nkIiHEr+jKawF6ritEznO31s=
Subject key identifier:   77:E7:37:7D:5F:6A:DB:D7:6C:59:4B:2E:B5:71:0E:FD:75:31:10:B0
Certificate issuer:       /CN=e5a6794b91b81406412a137870bfde3b170de094
Certificate serial:       019727DE62365127B36E080420D5E6A49E69
Authority key identifier: E5:A6:79:4B:91:B8:14:06:41:2A:13:78:70:BF:DE:3B:17:0D:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/d-c3fV9q29dsWUsutXEO_XUxELA.roa
Signing time:             Sat 31 May 2025 19:42:54 +0000
ROA not before:           Sat 31 May 2025 19:42:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47693
IP address blocks:        185.43.31.0/24 maxlen: 24
                          2a10:48c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:27:de:62:36:51:27:b3:6e:08:04:20:d5:e6:a4:9e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a6794b91b81406412a137870bfde3b170de094
        Validity
            Not Before: May 31 19:42:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77e7377d5f6adbd76c594b2eb5710efd753110b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:32:17:05:20:2b:ea:c8:74:ea:4d:a7:ac:1d:
                    d1:42:a6:85:17:08:32:d4:03:43:1d:4e:a1:d1:92:
                    f5:dd:3b:a0:90:2f:46:8b:2e:d6:57:5f:64:9c:f0:
                    df:40:25:2a:5a:b9:35:b0:41:f5:77:d5:e0:b8:41:
                    e4:9c:b7:76:bd:16:8b:d9:d6:36:04:7d:36:15:96:
                    9a:38:87:19:ea:8c:a8:43:2a:d3:86:bd:cc:a2:f3:
                    63:ce:24:d4:a9:7c:12:03:0d:14:e7:c8:49:b8:06:
                    7d:9a:ea:e6:bc:64:3d:d0:14:84:2e:a9:bb:70:ea:
                    50:30:40:b5:3e:11:2e:df:39:04:0f:eb:47:c4:7b:
                    23:c5:0d:dc:fb:b8:26:b5:56:c7:87:fa:aa:c4:d8:
                    56:89:be:8a:cf:6e:8a:6e:b4:96:7a:a7:fe:96:f9:
                    df:7a:26:78:c2:e0:50:31:5b:7b:a9:18:f5:17:7c:
                    cf:6d:13:3e:f0:b9:0c:3d:33:91:48:79:a2:6d:9b:
                    26:9b:75:e8:6c:86:c2:b4:2f:e9:73:39:7a:7d:03:
                    91:20:28:fa:f9:69:d3:a1:60:07:2c:0e:25:2c:08:
                    61:80:88:1b:89:01:13:e6:64:1f:86:3d:22:74:e7:
                    ed:41:e8:10:9e:77:6a:93:e2:89:0a:02:b7:55:40:
                    d5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E7:37:7D:5F:6A:DB:D7:6C:59:4B:2E:B5:71:0E:FD:75:31:10:B0
            X509v3 Authority Key Identifier:
                keyid:E5:A6:79:4B:91:B8:14:06:41:2A:13:78:70:BF:DE:3B:17:0D:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/d-c3fV9q29dsWUsutXEO_XUxELA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.31.0/24
                IPv6:
                  2a10:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:a4:df:5e:50:a7:d3:bf:e4:98:f3:5e:ef:4b:95:9c:44:d8:
         8a:c9:62:9d:2a:d8:f3:c4:b4:c7:73:3c:48:bd:68:94:50:e5:
         09:9f:62:bc:cb:1f:a0:fb:14:3e:1f:a9:e5:b5:9f:16:50:d1:
         b4:f4:76:0f:86:38:64:5a:ce:99:c6:9f:62:2d:63:fe:2b:9a:
         f6:b2:57:a9:47:7f:7e:da:79:b5:93:65:f7:b0:d6:3f:51:f3:
         df:a5:ab:13:29:3a:80:fc:0b:35:63:3c:11:76:0c:d4:2d:60:
         15:86:29:78:a1:02:a9:73:e5:3d:0a:35:4c:7f:f3:e1:45:28:
         2e:29:9c:7d:f5:61:03:ec:fa:27:55:cf:03:ac:3f:0e:08:ee:
         94:bd:a8:be:f7:ba:17:f9:a4:bb:9b:5e:a1:2f:93:6a:a5:53:
         81:88:32:ea:dd:a2:5b:6e:d7:34:19:7d:70:f8:57:8e:8a:c9:
         8e:27:2b:11:fa:fc:ff:e7:a8:19:14:d1:36:63:bf:a5:aa:33:
         d1:2c:fe:91:5a:fc:74:26:bf:f3:a5:34:cf:df:7e:e7:d2:03:
         76:8b:3b:c9:f8:ea:b8:06:f7:bb:19:a6:3a:ef:87:89:cf:95:
         5e:cd:4b:72:a3:5c:9d:e2:fc:c8:63:71:fb:60:57:af:ed:0b:
         f4:e1:36:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcn3mI2USezbggEINXmpJ5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTY3OTRiOTFiODE0MDY0MTJhMTM3ODcwYmZkZTNiMTcw
ZGUwOTQwHhcNMjUwNTMxMTk0MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U3Mzc3ZDVmNmFkYmQ3NmM1OTRiMmViNTcxMGVmZDc1MzExMGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TIXBSAr6sh06k2nrB3RQqaFFwgy
1ANDHU6h0ZL13TugkC9Giy7WV19knPDfQCUqWrk1sEH1d9XguEHknLd2vRaL2dY2
BH02FZaaOIcZ6oyoQyrThr3MovNjziTUqXwSAw0U58hJuAZ9murmvGQ90BSELqm7
cOpQMEC1PhEu3zkED+tHxHsjxQ3c+7gmtVbHh/qqxNhWib6Kz26KbrSWeqf+lvnf
eiZ4wuBQMVt7qRj1F3zPbRM+8LkMPTORSHmibZsmm3XobIbCtC/pczl6fQORICj6
+WnToWAHLA4lLAhhgIgbiQET5mQfhj0idOftQegQnndqk+KJCgK3VUDVIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHfnN31fatvXbFlLLrVxDv11MRCwMB8GA1UdIwQY
MBaAFOWmeUuRuBQGQSoTeHC/3jsXDeCUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFaNVM1RzRGQVpCS2hONGNMX2VPeGNONEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jYTM0ZWItOGUyMC00YmYxLWIxYjIt
NTg3MjEwOWI2N2E4LzEvZC1jM2ZWOXEyOWRzV1VzdXRYRU9fWFV4RUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jYTM0ZWItOGUyMC00YmYxLWIxYjItNTg3MjEwOWI2N2E4
LzEvNWFaNVM1RzRGQVpCS2hONGNMX2VPeGNONEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSsfMA0E
AgACMAcDBQMqEEjAMA0GCSqGSIb3DQEBCwUAA4IBAQB4pN9eUKfTv+SY817vS5Wc
RNiKyWKdKtjzxLTHczxIvWiUUOUJn2K8yx+g+xQ+H6nltZ8WUNG09HYPhjhkWs6Z
xp9iLWP+K5r2slepR39+2nm1k2X3sNY/UfPfpasTKTqA/As1YzwRdgzULWAVhil4
oQKpc+U9CjVMf/PhRSguKZx99WED7PonVc8DrD8OCO6Uvai+97oX+aS7m16hL5Nq
pVOBiDLq3aJbbtc0GX1w+FeOismOJysR+vz/56gZFNE2Y7+lqjPRLP6RWvx0Jr/z
pTTP337n0gN2izvJ+Oq4Bve7GaY674eJz5VezUtyo1yd4vzIY3H7YFev7Qv04Tbj
-----END CERTIFICATE-----