Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/2HcLLIfy1JMDCVGEVTptM8elLd4.roa
File:                     2HcLLIfy1JMDCVGEVTptM8elLd4.roa (raw, json)
Hash identifier:          LoXji0ZJfkE3eJjr+G7N7ZYdU5+oCyWMzqs03IJOVrg=
Subject key identifier:   D8:77:0B:2C:87:F2:D4:93:03:09:51:84:55:3A:6D:33:C7:A5:2D:DE
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       0197A83DEEC1ECDB7BD02DA6126E43DBC04C
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/2HcLLIfy1JMDCVGEVTptM8elLd4.roa
Signing time:             Wed 25 Jun 2025 17:58:40 +0000
ROA not before:           Wed 25 Jun 2025 17:58:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214271
IP address blocks:        81.31.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:3d:ee:c1:ec:db:7b:d0:2d:a6:12:6e:43:db:c0:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jun 25 17:58:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8770b2c87f2d49303095184553a6d33c7a52dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a1:84:80:c7:53:26:a4:5e:6e:c4:d2:17:15:
                    00:b3:cf:46:2b:d1:71:44:ab:83:ba:c1:a3:9d:9a:
                    92:17:b5:52:a5:7d:5a:51:fc:06:39:ae:3f:c0:6e:
                    f2:9a:a1:71:97:ca:0c:43:9a:cd:19:34:45:24:85:
                    76:f4:5c:37:13:50:5d:f1:6b:84:82:29:fd:c6:65:
                    7d:98:9b:68:bb:6e:80:dc:fc:0c:35:b1:c8:cd:ac:
                    4a:20:38:66:11:bf:cf:9e:21:ae:dc:44:79:92:68:
                    f0:61:2c:b3:77:87:f3:56:6c:50:18:1c:5b:1a:77:
                    45:01:c4:e8:54:dc:ab:12:64:20:44:40:30:ad:57:
                    32:7b:b5:e3:dc:f3:5f:00:fb:76:d7:95:e8:ba:60:
                    94:40:14:82:4c:72:64:fd:60:08:58:d4:71:e5:2b:
                    82:7e:48:71:4b:ac:58:a7:69:6b:02:d7:1c:b7:89:
                    ed:59:42:ec:b2:81:3b:ab:17:10:60:1f:48:7a:71:
                    df:80:70:4e:24:70:d1:aa:58:af:5f:a3:d2:98:f1:
                    56:5c:09:7f:03:0c:74:dc:dd:a6:54:98:cf:cb:e5:
                    68:28:39:ae:8e:13:a6:60:f2:fa:25:0b:d2:c4:0c:
                    e6:21:b3:d0:36:d8:77:13:1f:4e:ec:95:1b:ce:ac:
                    60:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:77:0B:2C:87:F2:D4:93:03:09:51:84:55:3A:6D:33:C7:A5:2D:DE
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/2HcLLIfy1JMDCVGEVTptM8elLd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e8:b6:fa:89:1b:ed:93:b4:43:72:89:f9:ba:ce:02:90:ee:b1:
         78:ab:c4:d7:4b:fd:fc:11:15:a9:98:00:6b:cc:39:33:ef:67:
         7a:fd:df:f6:79:04:3a:ea:29:1e:a8:20:43:28:02:1c:5b:af:
         c3:1e:d4:a7:3e:40:02:ea:a5:ed:94:18:b6:a4:82:82:53:ee:
         b5:f8:9b:bd:e9:03:50:82:99:43:d3:af:5c:dd:a7:ff:47:17:
         69:17:6c:e3:3a:8e:61:c7:09:d6:94:be:5f:21:72:29:92:11:
         93:b8:f2:f5:4d:b9:1b:e0:94:2a:a3:50:4e:0a:82:0f:11:08:
         57:0d:59:b5:55:c0:55:fe:5d:3a:a2:2d:23:06:ca:6d:69:a9:
         6a:05:6e:b4:a0:55:bd:cf:e2:31:d2:dc:06:47:6a:86:bc:aa:
         55:a0:1e:54:d4:bf:e8:f1:74:cf:46:30:98:a7:fa:10:3d:85:
         fb:d4:ed:ce:c3:42:f2:b5:ff:e7:24:22:cc:20:1f:34:6a:60:
         60:01:ea:64:92:53:c5:37:6d:90:a4:d3:1b:7d:b3:b9:47:b2:
         af:c6:a9:a4:a0:05:ac:35:80:97:c6:de:95:a7:e9:85:b4:8e:
         34:1a:bd:f0:a9:8c:fb:89:da:c4:d1:29:94:33:b0:67:79:8c:
         bb:1f:50:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeoPe7B7Nt70C2mEm5D28BMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwNjI1MTc1ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc3MGIyYzg3ZjJkNDkzMDMwOTUxODQ1NTNhNmQzM2M3YTUyZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraGEgMdTJqRebsTSFxUAs89GK9Fx
RKuDusGjnZqSF7VSpX1aUfwGOa4/wG7ymqFxl8oMQ5rNGTRFJIV29Fw3E1Bd8WuE
gin9xmV9mJtou26A3PwMNbHIzaxKIDhmEb/PniGu3ER5kmjwYSyzd4fzVmxQGBxb
GndFAcToVNyrEmQgREAwrVcye7Xj3PNfAPt215XoumCUQBSCTHJk/WAIWNRx5SuC
fkhxS6xYp2lrAtcct4ntWULssoE7qxcQYB9IenHfgHBOJHDRqlivX6PSmPFWXAl/
Awx03N2mVJjPy+VoKDmujhOmYPL6JQvSxAzmIbPQNth3Ex9O7JUbzqxgiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNh3CyyH8tSTAwlRhFU6bTPHpS3eMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvMkhjTExJZnkxSk1EQ1ZHRVZUcHRNOGVsTGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/nMA0G
CSqGSIb3DQEBCwUAA4IBAQDotvqJG+2TtENyifm6zgKQ7rF4q8TXS/38ERWpmABr
zDkz72d6/d/2eQQ66ikeqCBDKAIcW6/DHtSnPkAC6qXtlBi2pIKCU+61+Ju96QNQ
gplD069c3af/RxdpF2zjOo5hxwnWlL5fIXIpkhGTuPL1Tbkb4JQqo1BOCoIPEQhX
DVm1VcBV/l06oi0jBsptaalqBW60oFW9z+Ix0twGR2qGvKpVoB5U1L/o8XTPRjCY
p/oQPYX71O3Ow0Lytf/nJCLMIB80amBgAepkklPFN22QpNMbfbO5R7KvxqmkoAWs
NYCXxt6Vp+mFtI40Gr3wqYz7idrE0SmUM7BneYy7H1B0
-----END CERTIFICATE-----