Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E30TsJDihYeTVTsCAq6_2cF7UK8.roa
File:                     E30TsJDihYeTVTsCAq6_2cF7UK8.roa (raw, json)
Hash identifier:          13bh1tzGtCoaP0qE0aZcWNao8g8CIFNNuNeAdgLaOlQ=
Subject key identifier:   13:7D:13:B0:90:E2:85:87:93:55:3B:02:02:AE:BF:D9:C1:7B:50:AF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019788B61812703C2DCE6B5CEFDD01F23330
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E30TsJDihYeTVTsCAq6_2cF7UK8.roa
Signing time:             Thu 19 Jun 2025 15:02:04 +0000
ROA not before:           Thu 19 Jun 2025 15:02:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42794
IP address blocks:        31.13.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:b6:18:12:70:3c:2d:ce:6b:5c:ef:dd:01:f2:33:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 19 15:02:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=137d13b090e2858793553b0202aebfd9c17b50af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:47:f4:f0:02:d0:e0:1e:91:e0:f7:fe:8b:d0:
                    de:87:f6:8a:67:18:fc:2e:29:70:25:20:8e:cb:92:
                    6c:6c:32:11:20:94:70:56:82:b5:5a:c9:fd:dd:4b:
                    92:b9:63:75:7f:c4:95:6e:73:47:49:73:fd:37:eb:
                    4e:bb:a7:71:91:30:b8:85:3d:4c:2e:06:95:b3:18:
                    74:03:5a:72:3e:b0:ab:97:3c:62:bb:8c:50:2c:48:
                    e2:de:74:53:ac:90:ae:dd:13:9e:41:c9:4d:84:a5:
                    35:9a:24:bf:d0:a3:f0:00:ef:cf:da:76:06:a2:ed:
                    c3:91:24:8b:5c:24:1a:cd:81:7e:f7:40:6e:aa:a1:
                    43:cb:b5:9b:a5:a1:07:05:8b:16:09:c6:a1:0c:91:
                    b8:c5:c9:8a:38:58:d2:62:fe:82:89:91:c6:a2:aa:
                    5d:33:46:74:a7:19:78:52:28:c0:8e:25:be:dd:4a:
                    dc:fa:13:e5:7e:f1:e8:f4:91:c2:26:a3:dc:c2:e3:
                    11:69:30:16:57:58:d2:14:ae:1e:c1:76:b6:91:1f:
                    f3:ed:e2:bc:b7:71:fe:10:e3:06:c4:d3:f4:7a:9a:
                    51:d2:7f:78:52:22:25:09:e7:9e:1a:61:78:b3:36:
                    a0:f1:5b:88:3c:09:d2:9c:6e:b1:2a:88:c1:7b:f3:
                    c1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:7D:13:B0:90:E2:85:87:93:55:3B:02:02:AE:BF:D9:C1:7B:50:AF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E30TsJDihYeTVTsCAq6_2cF7UK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:42:d8:49:00:34:45:c6:93:e4:b0:e3:f3:dc:20:44:c1:f2:
         cc:83:3e:11:4f:01:bc:4d:43:4c:c2:8d:9d:e7:24:2b:db:8e:
         1f:8c:17:81:de:a3:0a:4f:46:92:c3:61:c2:c6:1e:b7:fc:71:
         cf:5e:c0:2d:43:f7:17:cf:26:f6:27:69:a1:96:ae:fc:ad:fa:
         59:33:ed:5a:a6:d6:8a:35:3c:40:0d:e3:ef:bc:5e:e4:0a:cf:
         aa:49:fb:20:a0:f8:6e:8b:b5:b0:a4:84:74:1a:02:45:43:74:
         13:bc:7d:84:cb:2b:4a:b7:e0:2c:1e:8d:61:db:bd:50:1e:27:
         d7:d0:fa:fc:c8:b8:02:8e:e9:ae:f8:61:c7:a1:a3:ac:df:3a:
         d7:a4:54:ab:72:79:d8:bb:60:80:35:65:10:a2:02:ee:61:4b:
         4b:8d:57:0f:ea:f7:45:3a:3d:2c:03:f6:c6:7f:16:18:8c:bb:
         e3:a1:8d:05:ad:9c:20:5f:ec:a4:93:d8:6c:ba:aa:0e:3f:42:
         8a:2d:a3:c4:86:38:03:04:d8:20:f8:7a:8e:db:79:a2:17:28:
         ec:1c:6f:30:a5:e6:17:fc:37:1b:a9:81:39:b6:35:e3:5f:37:
         45:e4:b6:06:fa:b4:83:63:6d:01:f3:d7:2f:de:e3:06:d8:50:
         a6:0b:cf:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIthgScDwtzmtc790B8jMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjE5MTUwMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzdkMTNiMDkwZTI4NTg3OTM1NTNiMDIwMmFlYmZkOWMxN2I1MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0f08ALQ4B6R4Pf+i9Deh/aKZxj8
LilwJSCOy5JsbDIRIJRwVoK1Wsn93UuSuWN1f8SVbnNHSXP9N+tOu6dxkTC4hT1M
LgaVsxh0A1pyPrCrlzxiu4xQLEji3nRTrJCu3ROeQclNhKU1miS/0KPwAO/P2nYG
ou3DkSSLXCQazYF+90BuqqFDy7WbpaEHBYsWCcahDJG4xcmKOFjSYv6CiZHGoqpd
M0Z0pxl4UijAjiW+3Urc+hPlfvHo9JHCJqPcwuMRaTAWV1jSFK4ewXa2kR/z7eK8
t3H+EOMGxNP0eppR0n94UiIlCeeeGmF4szag8VuIPAnSnG6xKojBe/PBrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBN9E7CQ4oWHk1U7AgKuv9nBe1CvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRTMwVHNKRGloWWVUVlRzQ0FxNl8yY0Y3VUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAcQthJADRFxpPksOPz3CBEwfLMgz4RTwG8TUNMwo2d
5yQr244fjBeB3qMKT0aSw2HCxh63/HHPXsAtQ/cXzyb2J2mhlq78rfpZM+1aptaK
NTxADePvvF7kCs+qSfsgoPhui7WwpIR0GgJFQ3QTvH2EyytKt+AsHo1h271QHifX
0Pr8yLgCjumu+GHHoaOs3zrXpFSrcnnYu2CANWUQogLuYUtLjVcP6vdFOj0sA/bG
fxYYjLvjoY0FrZwgX+ykk9hsuqoOP0KKLaPEhjgDBNgg+HqO23miFyjsHG8wpeYX
/DcbqYE5tjXjXzdF5LYG+rSDY20B89cv3uMG2FCmC8/T
-----END CERTIFICATE-----