Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/PYsPgn9EIHR5AYha-d_1rxDJZs0.roa
File:                     PYsPgn9EIHR5AYha-d_1rxDJZs0.roa (raw, json)
Hash identifier:          QRdgsHwd+qGrv8yp41/SIFOyI0EFbmqDBRqqwNJuLIY=
Subject key identifier:   3D:8B:0F:82:7F:44:20:74:79:01:88:5A:F9:DF:F5:AF:10:C9:66:CD
Certificate issuer:       /CN=7139b69078f96cabaf718a39bb58678aeac1ccc2
Certificate serial:       019428273BDF58F128F38D9DEB02993A3A8F
Authority key identifier: 71:39:B6:90:78:F9:6C:AB:AF:71:8A:39:BB:58:67:8A:EA:C1:CC:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cTm2kHj5bKuvcYo5u1hniurBzMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/PYsPgn9EIHR5AYha-d_1rxDJZs0.roa
Signing time:             Thu 02 Jan 2025 17:54:07 +0000
ROA not before:           Thu 02 Jan 2025 17:54:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197999
IP address blocks:        31.217.216.0/21 maxlen: 21
                          193.33.216.0/23 maxlen: 23
                          2a03:1a80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/cTm2kHj5bKuvcYo5u1hniurBzMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/cTm2kHj5bKuvcYo5u1hniurBzMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cTm2kHj5bKuvcYo5u1hniurBzMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:3b:df:58:f1:28:f3:8d:9d:eb:02:99:3a:3a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7139b69078f96cabaf718a39bb58678aeac1ccc2
        Validity
            Not Before: Jan  2 17:54:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d8b0f827f4420747901885af9dff5af10c966cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8c:6e:09:a6:14:47:6f:39:1a:05:27:88:9e:
                    73:74:a7:6a:f3:d9:85:3a:7e:a9:da:c1:3f:00:f8:
                    37:82:49:6f:37:cb:f5:5b:3d:14:a4:2f:ce:9c:45:
                    0a:bb:3c:1e:96:62:a0:81:27:25:38:6a:d8:28:40:
                    ec:31:87:ec:98:7c:42:60:6c:0f:e9:0e:d8:fc:f5:
                    81:92:ee:d0:2e:4f:e6:6c:0c:3c:62:8c:4a:14:79:
                    f0:4b:2a:9a:f9:0c:34:78:6a:a3:4d:08:44:38:94:
                    35:d7:e3:27:a1:9e:54:1f:fe:28:27:63:5a:b6:e6:
                    b5:69:9a:75:ab:d4:b4:38:4c:3e:e3:10:32:05:08:
                    48:2c:17:59:92:dd:dd:d8:af:fb:86:82:81:a9:d8:
                    8c:d4:84:80:fd:2e:5c:e1:65:04:3e:51:5a:ef:3a:
                    6e:5d:16:fa:a6:b9:d5:69:59:71:b4:db:02:5b:52:
                    97:81:b1:10:00:21:ad:9a:58:d2:fa:2a:8d:a9:9f:
                    7e:4a:97:a6:2a:4d:85:30:d6:3a:3b:8c:80:8d:82:
                    13:0c:62:af:fb:83:32:4d:4b:6d:bc:bd:8c:85:d6:
                    43:d1:27:c9:16:b1:8b:7f:53:5b:a3:ed:ed:d9:89:
                    5b:bf:4d:57:b3:05:94:c2:31:cb:78:fa:e0:b9:65:
                    f6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8B:0F:82:7F:44:20:74:79:01:88:5A:F9:DF:F5:AF:10:C9:66:CD
            X509v3 Authority Key Identifier:
                keyid:71:39:B6:90:78:F9:6C:AB:AF:71:8A:39:BB:58:67:8A:EA:C1:CC:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cTm2kHj5bKuvcYo5u1hniurBzMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/PYsPgn9EIHR5AYha-d_1rxDJZs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/cab149-d567-48fc-ac9b-20b024c6fc2f/1/cTm2kHj5bKuvcYo5u1hniurBzMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.216.0/21
                  193.33.216.0/23
                IPv6:
                  2a03:1a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:3b:ea:40:12:f2:6a:f7:fc:68:e1:51:7b:6f:f5:92:67:a3:
         d7:d6:4f:4f:f9:08:22:e5:dd:02:38:eb:15:e4:48:87:89:ea:
         4f:18:d3:29:d7:25:3a:1c:f7:28:8d:1f:a4:58:41:ed:52:d8:
         d3:1e:42:c6:d2:e0:6d:5e:26:39:2d:cf:42:18:4f:e2:3a:17:
         66:0d:fa:df:0d:de:50:a1:fb:a3:08:64:e5:bc:40:9c:6e:3c:
         63:7b:64:fb:cb:ad:21:3e:e5:3b:8f:5f:64:4d:97:ef:9c:25:
         39:a0:31:0f:5b:f3:bb:10:45:78:d9:47:3f:2b:a0:26:1a:3b:
         86:ea:27:2f:2e:6c:f4:4f:2a:c1:a3:e7:d7:23:3a:aa:60:78:
         41:8e:85:c5:95:55:ab:71:b7:28:10:07:a6:0b:fd:a0:a9:01:
         f1:76:74:ce:1b:57:dc:43:6b:3c:21:f9:30:8e:aa:15:8f:a8:
         94:6f:2e:b9:c5:97:a8:d0:54:0e:95:27:dc:d7:50:91:61:4c:
         8b:4c:83:9e:e8:b7:4f:10:af:a7:79:da:33:ab:32:61:67:ee:
         d1:f2:a3:52:27:da:76:f4:41:35:d5:cd:a9:40:28:18:0a:84:
         c6:52:3b:7f:00:74:c1:24:a9:7f:52:d5:58:75:47:b1:44:38:
         03:4d:6d:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJzvfWPEo842d6wKZOjqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMzliNjkwNzhmOTZjYWJhZjcxOGEzOWJiNTg2NzhhZWFj
MWNjYzIwHhcNMjUwMTAyMTc1NDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhiMGY4MjdmNDQyMDc0NzkwMTg4NWFmOWRmZjVhZjEwYzk2NmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4xuCaYUR285GgUniJ5zdKdq89mF
On6p2sE/APg3gklvN8v1Wz0UpC/OnEUKuzwelmKggSclOGrYKEDsMYfsmHxCYGwP
6Q7Y/PWBku7QLk/mbAw8YoxKFHnwSyqa+Qw0eGqjTQhEOJQ11+MnoZ5UH/4oJ2Na
tua1aZp1q9S0OEw+4xAyBQhILBdZkt3d2K/7hoKBqdiM1ISA/S5c4WUEPlFa7zpu
XRb6prnVaVlxtNsCW1KXgbEQACGtmljS+iqNqZ9+SpemKk2FMNY6O4yAjYITDGKv
+4MyTUttvL2MhdZD0SfJFrGLf1Nbo+3t2Ylbv01XswWUwjHLePrguWX2vwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD2LD4J/RCB0eQGIWvnf9a8QyWbNMB8GA1UdIwQY
MBaAFHE5tpB4+Wyrr3GKObtYZ4rqwczCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1RtMmtIajViS3V2Y1lvNXUxaG5pdXJCek1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jYWIxNDktZDU2Ny00OGZjLWFjOWIt
MjBiMDI0YzZmYzJmLzEvUFlzUGduOUVJSFI1QVloYS1kXzFyeERKWnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jYWIxNDktZDU2Ny00OGZjLWFjOWItMjBiMDI0YzZmYzJm
LzEvY1RtMmtIajViS3V2Y1lvNXUxaG5pdXJCek1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDH9nYAwQB
wSHYMA0EAgACMAcDBQAqAxqAMA0GCSqGSIb3DQEBCwUAA4IBAQAoO+pAEvJq9/xo
4VF7b/WSZ6PX1k9P+Qgi5d0COOsV5EiHiepPGNMp1yU6HPcojR+kWEHtUtjTHkLG
0uBtXiY5Lc9CGE/iOhdmDfrfDd5QofujCGTlvECcbjxje2T7y60hPuU7j19kTZfv
nCU5oDEPW/O7EEV42Uc/K6AmGjuG6icvLmz0TyrBo+fXIzqqYHhBjoXFlVWrcbco
EAemC/2gqQHxdnTOG1fcQ2s8IfkwjqoVj6iUby65xZeo0FQOlSfc11CRYUyLTIOe
6LdPEK+nedozqzJhZ+7R8qNSJ9p29EE11c2pQCgYCoTGUjt/AHTBJKl/UtVYdUex
RDgDTW3B
-----END CERTIFICATE-----