Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/RonOUjE1P34U6vbbFs9w9AsGyN0.roa
File:                     RonOUjE1P34U6vbbFs9w9AsGyN0.roa (raw, json)
Hash identifier:          fOrx68LqSTvTWV0sMnHRK4WODfXfA787GTb+IyVk3b8=
Subject key identifier:   46:89:CE:52:31:35:3F:7E:14:EA:F6:DB:16:CF:70:F4:0B:06:C8:DD
Certificate issuer:       /CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Certificate serial:       0194221F8C49CDF64F172EC38E13B43976C7
Authority key identifier: DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/RonOUjE1P34U6vbbFs9w9AsGyN0.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212647
IP address blocks:        31.172.96.0/21 maxlen: 21
                          2a01:a707::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:49:cd:f6:4f:17:2e:c3:8e:13:b4:39:76:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0ba4f56e6f037725286037afc3c14c293b9b82
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4689ce5231353f7e14eaf6db16cf70f40b06c8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3c:40:6d:13:d6:d9:85:09:28:1d:29:63:1a:
                    b9:1a:f5:28:07:8c:e2:6e:84:93:2e:cf:b0:d7:56:
                    47:49:25:3d:25:32:2a:45:e4:35:6b:89:5d:b5:d9:
                    55:94:91:77:17:20:29:05:a8:55:06:b7:24:8a:de:
                    a5:c0:77:33:1b:94:ac:19:59:1c:87:fe:09:de:a3:
                    f6:08:ec:d8:56:37:16:f9:a3:1a:61:c2:f2:de:7c:
                    8a:74:17:bb:5a:35:88:70:37:73:3e:81:30:82:63:
                    90:4f:b4:7e:b9:88:f9:92:aa:d7:8c:ba:24:1a:d7:
                    59:17:e7:83:8d:b8:09:22:ee:7a:23:7a:c5:86:4a:
                    7b:ae:8b:3a:48:34:53:2f:ef:0b:26:7b:63:7a:b6:
                    e0:4b:c3:42:7f:22:1d:5b:f6:79:3a:af:23:f2:6d:
                    dd:8b:73:ae:1c:f5:21:b4:36:73:ab:02:fd:8a:68:
                    b7:8b:a7:69:9b:af:77:53:cc:a5:29:2a:03:40:89:
                    b0:8c:54:52:6d:b6:53:67:c6:55:e4:65:c4:4d:d8:
                    11:06:93:7d:7b:b7:4b:cd:b5:51:fe:bd:04:86:0d:
                    ab:a7:5b:43:6b:04:63:23:53:bc:79:ab:86:ba:7e:
                    bc:45:c9:3f:e1:06:86:8e:54:86:b6:fc:ac:10:cf:
                    13:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:89:CE:52:31:35:3F:7E:14:EA:F6:DB:16:CF:70:F4:0B:06:C8:DD
            X509v3 Authority Key Identifier:
                keyid:DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/RonOUjE1P34U6vbbFs9w9AsGyN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.96.0/21
                IPv6:
                  2a01:a707::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:a2:3e:0e:95:ff:ee:39:01:16:bb:0a:02:59:e9:6c:e2:50:
         97:ae:81:e7:1a:cc:ad:60:48:24:7b:99:a2:e7:d1:ca:10:87:
         bd:2b:f0:36:39:bd:57:cf:b9:6a:cb:77:4b:5c:0f:0a:ea:f4:
         cd:af:6f:2e:b2:92:1a:ff:09:3e:42:9b:12:a1:56:f2:54:3b:
         98:9e:ad:07:7f:6e:01:7a:74:b0:64:7a:04:d1:ea:44:cd:79:
         3f:56:d9:5b:b1:53:77:ba:30:f5:09:bd:8e:81:f3:d5:a8:91:
         a1:2c:00:55:c1:a3:29:83:51:a9:93:4c:0a:00:f7:76:3c:71:
         6e:43:fb:e3:13:fa:df:61:04:9f:6c:99:f6:91:60:f0:d3:31:
         02:8e:a0:6d:d2:3f:ef:0c:85:db:73:b2:a0:5c:6b:f4:3e:82:
         ae:bb:28:bd:5e:28:b7:c6:45:59:1c:82:f6:40:b3:0f:57:8d:
         50:95:1a:e2:57:95:fc:34:42:e4:a3:1c:40:0c:6e:d9:b6:2d:
         38:cd:79:93:cf:49:7d:fe:4a:71:81:69:51:b5:d9:77:93:65:
         62:7e:a3:5c:72:4c:47:1f:e4:c8:ad:2c:18:4f:f7:9c:69:08:
         e3:77:a6:68:a7:c0:de:44:c6:1a:c4:c8:ce:67:96:b0:70:72:
         32:8e:19:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH4xJzfZPFy7DjhO0OXbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGJhNGY1NmU2ZjAzNzcyNTI4NjAzN2FmYzNjMTRjMjkz
YjliODIwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njg5Y2U1MjMxMzUzZjdlMTRlYWY2ZGIxNmNmNzBmNDBiMDZjOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jxAbRPW2YUJKB0pYxq5GvUoB4zi
boSTLs+w11ZHSSU9JTIqReQ1a4ldtdlVlJF3FyApBahVBrckit6lwHczG5SsGVkc
h/4J3qP2COzYVjcW+aMaYcLy3nyKdBe7WjWIcDdzPoEwgmOQT7R+uYj5kqrXjLok
GtdZF+eDjbgJIu56I3rFhkp7ros6SDRTL+8LJntjerbgS8NCfyIdW/Z5Oq8j8m3d
i3OuHPUhtDZzqwL9imi3i6dpm693U8ylKSoDQImwjFRSbbZTZ8ZV5GXETdgRBpN9
e7dLzbVR/r0Ehg2rp1tDawRjI1O8eauGun68Rck/4QaGjlSGtvysEM8TCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEaJzlIxNT9+FOr22xbPcPQLBsjdMB8GA1UdIwQY
MBaAFN8LpPVubwN3JShgN6/DwUwpO5uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTIt
MzZjNjc4OTAwZjc5LzEvUm9uT1VqRTFQMzRVNnZiYkZzOXc5QXNHeU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTItMzZjNjc4OTAwZjc5
LzEvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDH6xgMA0E
AgACMAcDBQAqAacHMA0GCSqGSIb3DQEBCwUAA4IBAQBvoj4Olf/uOQEWuwoCWels
4lCXroHnGsytYEgke5mi59HKEIe9K/A2Ob1Xz7lqy3dLXA8K6vTNr28uspIa/wk+
QpsSoVbyVDuYnq0Hf24BenSwZHoE0epEzXk/VtlbsVN3ujD1Cb2OgfPVqJGhLABV
waMpg1Gpk0wKAPd2PHFuQ/vjE/rfYQSfbJn2kWDw0zECjqBt0j/vDIXbc7KgXGv0
PoKuuyi9Xii3xkVZHIL2QLMPV41QlRriV5X8NELkoxxADG7Zti04zXmTz0l9/kpx
gWlRtdl3k2VifqNcckxHH+TIrSwYT/ecaQjjd6Zop8DeRMYaxMjOZ5awcHIyjhk4
-----END CERTIFICATE-----