Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/sEcAqep2NyLTkuYW41YUgHA9f4w.roa
File:                     sEcAqep2NyLTkuYW41YUgHA9f4w.roa (raw, json)
Hash identifier:          3/7vZf5AuYQ6PDHss1zXReAWYubN+OUgtUWtMk8fZcY=
Subject key identifier:   B0:47:00:A9:EA:76:37:22:D3:92:E6:16:E3:56:14:80:70:3D:7F:8C
Certificate issuer:       /CN=b5217a84f715ea48e5cc3783b138ce8c7e70398c
Certificate serial:       0194252167D0223DD47038E7281D818BCC8E
Authority key identifier: B5:21:7A:84:F7:15:EA:48:E5:CC:37:83:B1:38:CE:8C:7E:70:39:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tSF6hPcV6kjlzDeDsTjOjH5wOYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/sEcAqep2NyLTkuYW41YUgHA9f4w.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205228
IP address blocks:        31.42.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/tSF6hPcV6kjlzDeDsTjOjH5wOYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/tSF6hPcV6kjlzDeDsTjOjH5wOYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tSF6hPcV6kjlzDeDsTjOjH5wOYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:67:d0:22:3d:d4:70:38:e7:28:1d:81:8b:cc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5217a84f715ea48e5cc3783b138ce8c7e70398c
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b04700a9ea763722d392e616e3561480703d7f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:20:39:0c:81:d5:0d:ec:4b:12:6c:86:e7:
                    30:b7:35:33:df:b0:5a:43:f2:37:5e:e4:c6:df:63:
                    e6:4a:9e:3c:a4:36:57:2b:8e:fe:f5:a1:7d:20:85:
                    2b:26:25:11:e4:9c:1c:b8:47:ed:d3:ff:fb:e5:f7:
                    be:3f:cb:99:ef:2b:c4:9f:91:0b:ce:87:1f:a7:44:
                    71:55:1e:0a:7f:c6:ae:0c:1a:9e:a9:0b:0a:65:c7:
                    be:1f:8c:4b:25:6c:3d:9a:de:2c:1a:17:4f:82:e6:
                    22:67:e9:65:5c:d9:a5:28:de:a3:ba:72:8c:61:5b:
                    72:ce:50:c5:c4:99:e6:f7:a1:98:05:14:db:11:78:
                    37:5c:48:5a:70:7a:46:74:7c:10:23:16:ec:f9:d7:
                    37:2b:d7:ff:24:12:f8:54:0f:5d:1c:03:f1:a7:05:
                    1c:fe:0f:ca:51:ed:c3:23:63:42:7a:6a:69:8e:0c:
                    9c:e9:a5:e2:27:6e:7b:f1:7c:66:19:88:a4:16:b3:
                    cd:78:7a:ef:2e:7d:b0:49:1c:c9:a1:21:21:4a:7d:
                    f8:8d:7b:49:2d:c3:2e:30:4a:eb:f8:6f:a2:0b:f4:
                    e4:05:f2:d5:c7:fb:60:bb:d3:42:b5:bf:bd:b9:a2:
                    10:31:13:8c:8b:69:f9:a4:89:98:32:6a:f9:8e:ab:
                    f2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:47:00:A9:EA:76:37:22:D3:92:E6:16:E3:56:14:80:70:3D:7F:8C
            X509v3 Authority Key Identifier:
                keyid:B5:21:7A:84:F7:15:EA:48:E5:CC:37:83:B1:38:CE:8C:7E:70:39:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tSF6hPcV6kjlzDeDsTjOjH5wOYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/sEcAqep2NyLTkuYW41YUgHA9f4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c7bb18-df0b-450b-bd11-870828808f88/1/tSF6hPcV6kjlzDeDsTjOjH5wOYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:25:8a:93:54:22:e9:6f:47:9a:8f:11:b9:05:07:d1:d6:80:
         60:41:c2:f2:be:8b:3d:9b:c7:e6:1e:00:ce:a6:28:e8:2b:4f:
         09:f6:a6:29:2c:ea:84:91:49:52:f1:60:f9:32:9b:00:d7:03:
         9e:ab:7e:81:29:3e:76:2a:c1:72:77:e9:f5:f1:b1:0c:00:7a:
         7b:10:8a:a6:9b:a8:6e:e5:49:38:80:5b:74:20:38:7c:e0:db:
         79:47:54:0a:cf:5f:71:26:fb:a7:b7:60:a2:fa:37:51:7b:79:
         1d:cb:13:53:de:cf:28:c9:88:ad:fd:b7:1c:4b:3d:59:56:35:
         18:5b:aa:db:67:aa:e9:f9:d7:b2:be:ca:c7:fd:56:95:cc:c5:
         a8:84:4b:36:b8:73:76:6d:12:94:64:77:e5:b9:f0:b1:d2:c7:
         90:4f:11:71:ad:9b:f4:b7:36:de:46:a8:fd:d9:78:20:1a:91:
         1e:cb:72:28:83:c4:55:c7:a5:fe:71:2a:4e:e3:ac:34:b0:bb:
         73:47:a5:0d:9d:10:46:6f:4a:d2:e5:10:74:02:86:01:dd:5c:
         21:f4:a8:58:4a:b3:9a:77:9c:ef:0a:3c:25:84:3d:04:6f:dc:
         f5:57:b3:de:0f:1d:48:06:c3:3b:f2:8c:a4:1e:5d:a4:83:81:
         13:70:ca:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWfQIj3UcDjnKB2Bi8yOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MjE3YTg0ZjcxNWVhNDhlNWNjMzc4M2IxMzhjZThjN2U3
MDM5OGMwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ3MDBhOWVhNzYzNzIyZDM5MmU2MTZlMzU2MTQ4MDcwM2Q3ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIEgOQyB1Q3sSxJshucwtzUz37Ba
Q/I3XuTG32PmSp48pDZXK47+9aF9IIUrJiUR5JwcuEft0//75fe+P8uZ7yvEn5EL
zocfp0RxVR4Kf8auDBqeqQsKZce+H4xLJWw9mt4sGhdPguYiZ+llXNmlKN6junKM
YVtyzlDFxJnm96GYBRTbEXg3XEhacHpGdHwQIxbs+dc3K9f/JBL4VA9dHAPxpwUc
/g/KUe3DI2NCemppjgyc6aXiJ2578XxmGYikFrPNeHrvLn2wSRzJoSEhSn34jXtJ
LcMuMErr+G+iC/TkBfLVx/tgu9NCtb+9uaIQMROMi2n5pImYMmr5jqvyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBHAKnqdjci05LmFuNWFIBwPX+MMB8GA1UdIwQY
MBaAFLUheoT3FepI5cw3g7E4zox+cDmMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFNGNmhQY1Y2a2psekRlRHNUak9qSDV3T1l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jN2JiMTgtZGYwYi00NTBiLWJkMTEt
ODcwODI4ODA4Zjg4LzEvc0VjQXFlcDJOeUxUa3VZVzQxWVVnSEE5ZjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jN2JiMTgtZGYwYi00NTBiLWJkMTEtODcwODI4ODA4Zjg4
LzEvdFNGNmhQY1Y2a2psekRlRHNUak9qSDV3T1l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyq2MA0G
CSqGSIb3DQEBCwUAA4IBAQAHJYqTVCLpb0eajxG5BQfR1oBgQcLyvos9m8fmHgDO
pijoK08J9qYpLOqEkUlS8WD5MpsA1wOeq36BKT52KsFyd+n18bEMAHp7EIqmm6hu
5Uk4gFt0IDh84Nt5R1QKz19xJvunt2Ci+jdRe3kdyxNT3s8oyYit/bccSz1ZVjUY
W6rbZ6rp+deyvsrH/VaVzMWohEs2uHN2bRKUZHflufCx0seQTxFxrZv0tzbeRqj9
2XggGpEey3Iog8RVx6X+cSpO46w0sLtzR6UNnRBGb0rS5RB0AoYB3Vwh9KhYSrOa
d5zvCjwlhD0Eb9z1V7PeDx1IBsM78oykHl2kg4ETcMqV
-----END CERTIFICATE-----