Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/O-s7sLwyvER4n7KZ25-xO-rbC6M.roa
File:                     O-s7sLwyvER4n7KZ25-xO-rbC6M.roa (raw, json)
Hash identifier:          S3u//Ykp1StY/C11qR48/ymNimiE+nEYX14hg2A2Bbw=
Subject key identifier:   3B:EB:3B:B0:BC:32:BC:44:78:9F:B2:99:DB:9F:B1:3B:EA:DB:0B:A3
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       0197A83DEE3F60B4DF222EC38A412460220F
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/O-s7sLwyvER4n7KZ25-xO-rbC6M.roa
Signing time:             Wed 25 Jun 2025 17:58:40 +0000
ROA not before:           Wed 25 Jun 2025 17:58:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.31.234.0/23 maxlen: 24
                          81.31.242.0/23 maxlen: 23
                          81.31.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:3d:ee:3f:60:b4:df:22:2e:c3:8a:41:24:60:22:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jun 25 17:58:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3beb3bb0bc32bc44789fb299db9fb13beadb0ba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:97:07:fc:55:9f:44:0d:ab:cd:4a:64:1b:fe:
                    96:23:a5:ee:0d:8d:eb:7a:14:54:36:58:89:68:2d:
                    95:4a:5b:f7:0b:f1:06:fe:c9:5a:57:1b:2e:2e:1c:
                    cb:dd:70:70:1c:15:e1:a2:c0:4c:96:4e:58:a1:57:
                    ea:a8:0b:cf:4c:cd:dd:8d:41:60:0d:7b:4f:15:e4:
                    79:a5:a9:73:22:fe:a4:25:86:05:ef:d5:05:40:48:
                    2a:aa:79:41:64:93:62:99:05:b7:19:5e:66:ff:57:
                    35:0a:ca:7b:49:11:6a:a7:c8:41:0b:d9:66:fc:a5:
                    c7:00:2a:67:bf:f9:63:d6:a6:9b:70:72:08:68:65:
                    eb:3e:07:4f:3d:bc:a5:d4:6f:a1:e1:82:e7:43:4b:
                    d5:86:94:b6:b9:00:b3:b3:19:32:3b:c3:e5:54:ef:
                    01:c7:66:20:2f:29:be:56:2f:b0:96:66:3e:d1:04:
                    bb:e8:4c:b3:7d:29:a5:5e:c1:db:0d:9a:1c:e7:2d:
                    96:38:b7:6e:d4:b3:a5:92:52:81:d9:96:b8:4d:eb:
                    68:40:bb:02:25:05:5a:82:e4:21:6f:a6:54:68:73:
                    28:a9:8a:6b:ea:f7:77:2a:a9:56:f5:31:fa:91:7f:
                    c6:9e:e6:a4:5a:c9:87:91:96:03:ac:1b:2a:08:17:
                    55:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:EB:3B:B0:BC:32:BC:44:78:9F:B2:99:DB:9F:B1:3B:EA:DB:0B:A3
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/O-s7sLwyvER4n7KZ25-xO-rbC6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.234.0/23
                  81.31.242.0-81.31.247.255

    Signature Algorithm: sha256WithRSAEncryption
         18:b3:54:a8:23:fc:98:4e:9d:24:91:24:94:49:fb:4e:a2:0b:
         b2:f6:24:3a:00:c3:91:e6:0d:26:d2:02:a8:f4:cf:69:cf:d9:
         d2:5b:66:83:9c:90:0b:dc:63:46:d2:2e:a6:3c:6e:29:a1:02:
         8f:7b:f5:4a:79:db:b2:40:66:b3:92:d6:6f:6b:ca:d0:69:d4:
         4e:ff:55:1c:d9:85:32:0f:ea:98:b8:46:4c:6a:8e:83:65:23:
         c7:8e:7a:a0:49:59:c8:da:62:49:7c:70:08:19:fa:8e:e9:1b:
         84:a8:3a:40:00:63:3d:f3:fc:55:ba:b0:5a:c5:71:82:4f:cd:
         25:24:7e:9a:0d:91:36:68:c7:c3:21:32:91:fc:f7:05:24:21:
         aa:72:00:c2:af:2d:a0:fe:9c:e6:e4:3f:9c:b0:2b:9d:43:fe:
         88:42:dc:82:09:f8:21:4f:88:32:b6:05:2f:11:bf:d2:9b:10:
         cd:f7:f9:27:e6:7e:1f:b7:4b:d7:c2:35:b7:61:57:b0:f0:24:
         5e:71:2e:d0:33:e5:aa:45:3a:a7:a8:79:9e:a4:24:5f:2b:64:
         23:5a:be:af:ef:91:92:ff:63:ac:60:2b:ac:9e:4c:df:2e:26:
         ea:65:d5:14:a7:27:d0:25:12:63:78:48:98:f7:f0:ab:27:f7:
         18:5e:64:3f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZeoPe4/YLTfIi7DikEkYCIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwNjI1MTc1ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmViM2JiMGJjMzJiYzQ0Nzg5ZmIyOTlkYjlmYjEzYmVhZGIwYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZcH/FWfRA2rzUpkG/6WI6XuDY3r
ehRUNliJaC2VSlv3C/EG/slaVxsuLhzL3XBwHBXhosBMlk5YoVfqqAvPTM3djUFg
DXtPFeR5palzIv6kJYYF79UFQEgqqnlBZJNimQW3GV5m/1c1Csp7SRFqp8hBC9lm
/KXHACpnv/lj1qabcHIIaGXrPgdPPbyl1G+h4YLnQ0vVhpS2uQCzsxkyO8PlVO8B
x2YgLym+Vi+wlmY+0QS76EyzfSmlXsHbDZoc5y2WOLdu1LOlklKB2Za4TetoQLsC
JQVaguQhb6ZUaHMoqYpr6vd3KqlW9TH6kX/GnuakWsmHkZYDrBsqCBdVOQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDvrO7C8MrxEeJ+ymdufsTvq2wujMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvTy1zN3NMd3l2RVI0bjdLWjI1LXhPLXJiQzZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBUR/qMAwD
BAFRH/IDBANRH/AwDQYJKoZIhvcNAQELBQADggEBABizVKgj/JhOnSSRJJRJ+06i
C7L2JDoAw5HmDSbSAqj0z2nP2dJbZoOckAvcY0bSLqY8bimhAo979Up527JAZrOS
1m9rytBp1E7/VRzZhTIP6pi4RkxqjoNlI8eOeqBJWcjaYkl8cAgZ+o7pG4SoOkAA
Yz3z/FW6sFrFcYJPzSUkfpoNkTZox8MhMpH89wUkIapyAMKvLaD+nObkP5ywK51D
/ohC3IIJ+CFPiDK2BS8Rv9KbEM33+Sfmfh+3S9fCNbdhV7DwJF5xLtAz5apFOqeo
eZ6kJF8rZCNavq/vkZL/Y6xgK6yeTN8uJupl1RSnJ9AlEmN4SJj38Ksn9xheZD8=
-----END CERTIFICATE-----