Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/kskuiZFZ4qnR7ertADOXhwQ9Oco.roa
File:                     kskuiZFZ4qnR7ertADOXhwQ9Oco.roa (raw, json)
Hash identifier:          ZSYBr6SFSDGeJPdXMk2oIUoftKHvv6I70l0Yr4tHKxk=
Subject key identifier:   92:C9:2E:89:91:59:E2:A9:D1:ED:EA:ED:00:33:97:87:04:3D:39:CA
Certificate issuer:       /CN=c44db8b0983acf97a3255152c2ea592adae7735b
Certificate serial:       01998EBE094D5A130B5B46CF199ADCA16E1F
Authority key identifier: C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/kskuiZFZ4qnR7ertADOXhwQ9Oco.roa
Signing time:             Sun 28 Sep 2025 05:14:02 +0000
ROA not before:           Sun 28 Sep 2025 05:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14713
IP address blocks:        31.13.193.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8e:be:09:4d:5a:13:0b:5b:46:cf:19:9a:dc:a1:6e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c44db8b0983acf97a3255152c2ea592adae7735b
        Validity
            Not Before: Sep 28 05:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92c92e899159e2a9d1edeaed00339787043d39ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bc:6c:7d:41:e1:7f:ee:d1:50:02:ab:72:66:
                    48:da:d9:7b:ea:03:bb:79:92:4e:f6:1f:cb:39:5f:
                    d4:44:69:95:08:50:b0:60:c7:87:e2:d3:ee:9f:66:
                    96:1f:86:4f:1c:0f:6c:22:db:19:d8:ae:8b:d9:8b:
                    ab:36:15:6f:8f:07:0b:4a:e8:15:e6:90:b1:25:31:
                    69:ab:32:72:75:ed:6d:3b:f1:56:3e:f1:6a:3b:ed:
                    23:ee:03:22:b2:fa:b6:6c:b8:1c:6e:ec:0b:ce:3a:
                    2a:af:51:88:f8:56:08:ca:e2:61:6e:42:09:e0:ad:
                    fe:95:c7:1f:eb:ca:e2:79:24:fe:1f:f4:8f:bb:0c:
                    a0:c2:0f:31:2a:6f:5e:fc:12:67:57:09:c5:a1:d3:
                    55:aa:aa:7e:33:d1:8e:ef:d4:0d:11:a5:a3:d6:11:
                    2b:05:61:45:f0:c4:63:11:85:a2:90:6a:8c:93:b4:
                    71:82:14:12:73:72:8b:fe:8d:8b:86:9c:8b:50:93:
                    10:86:4a:52:32:a2:05:20:be:de:b4:70:11:36:dc:
                    fb:da:19:18:47:3a:5b:8a:26:37:17:26:42:7a:59:
                    89:d9:81:d0:f3:f7:56:74:57:27:7f:4a:f9:ba:f9:
                    cc:bd:89:2f:89:cf:79:c7:ac:f5:9c:e5:d2:0d:98:
                    98:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C9:2E:89:91:59:E2:A9:D1:ED:EA:ED:00:33:97:87:04:3D:39:CA
            X509v3 Authority Key Identifier:
                keyid:C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/kskuiZFZ4qnR7ertADOXhwQ9Oco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:6f:97:87:1e:18:ba:a6:ce:35:24:21:ba:5f:17:4d:6d:c3:
         84:26:51:f7:fd:e4:ea:6e:81:12:51:0a:9d:3c:8b:3c:fd:ac:
         aa:6c:0c:fe:94:cb:af:0b:b3:fe:77:a8:2f:c8:ac:62:7d:90:
         cb:07:12:e2:6f:c3:3b:70:18:78:c3:f2:75:5f:86:e4:e0:49:
         22:44:b2:0c:c0:1e:b9:0b:e4:c0:88:e9:8c:a1:de:a2:00:3e:
         14:bf:d2:c3:85:de:12:96:2b:cd:33:b8:db:37:97:ad:71:06:
         84:ae:8c:42:67:8d:cc:2c:cc:9b:be:e3:c2:ad:09:e6:c8:14:
         0c:7e:0b:c8:99:43:a9:ef:4d:fa:5b:07:a7:05:b2:6f:2d:15:
         48:e2:ac:27:80:73:dd:81:ea:f0:68:74:e0:75:b3:cb:dc:4c:
         97:8a:3b:2d:e8:c4:91:fe:a5:fa:93:2b:62:b2:20:86:6f:db:
         36:0a:30:45:f6:72:17:a1:52:6e:b2:50:af:ff:b2:4a:0d:58:
         6a:cf:ce:61:d9:d3:92:1d:49:21:db:b4:ac:11:b1:ba:a9:17:
         67:da:3f:5e:bf:8c:cd:34:1d:e1:cc:3f:af:25:08:e4:52:5e:
         be:af:65:cd:b8:58:93:e4:0b:d6:02:e7:23:fc:8c:70:61:fb:
         07:1c:52:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmOvglNWhMLW0bPGZrcoW4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NGRiOGIwOTgzYWNmOTdhMzI1NTE1MmMyZWE1OTJhZGFl
NzczNWIwHhcNMjUwOTI4MDUxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM5MmU4OTkxNTllMmE5ZDFlZGVhZWQwMDMzOTc4NzA0M2QzOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLxsfUHhf+7RUAKrcmZI2tl76gO7
eZJO9h/LOV/URGmVCFCwYMeH4tPun2aWH4ZPHA9sItsZ2K6L2YurNhVvjwcLSugV
5pCxJTFpqzJyde1tO/FWPvFqO+0j7gMisvq2bLgcbuwLzjoqr1GI+FYIyuJhbkIJ
4K3+lccf68rieST+H/SPuwygwg8xKm9e/BJnVwnFodNVqqp+M9GO79QNEaWj1hEr
BWFF8MRjEYWikGqMk7RxghQSc3KL/o2LhpyLUJMQhkpSMqIFIL7etHARNtz72hkY
RzpbiiY3FyZCelmJ2YHQ8/dWdFcnf0r5uvnMvYkvic95x6z1nOXSDZiYWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLJLomRWeKp0e3q7QAzl4cEPTnKMB8GA1UdIwQY
MBaAFMRNuLCYOs+XoyVRUsLqWSra53NbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYt
ZWVkZDk0ZWMxMjhjLzEva3NrdWlaRlo0cW5SN2VydEFET1hod1E5T2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYtZWVkZDk0ZWMxMjhj
LzEveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw3BMA0G
CSqGSIb3DQEBCwUAA4IBAQCEb5eHHhi6ps41JCG6XxdNbcOEJlH3/eTqboESUQqd
PIs8/ayqbAz+lMuvC7P+d6gvyKxifZDLBxLib8M7cBh4w/J1X4bk4EkiRLIMwB65
C+TAiOmMod6iAD4Uv9LDhd4SlivNM7jbN5etcQaEroxCZ43MLMybvuPCrQnmyBQM
fgvImUOp7036WwenBbJvLRVI4qwngHPdgerwaHTgdbPL3EyXijst6MSR/qX6kyti
siCGb9s2CjBF9nIXoVJuslCv/7JKDVhqz85h2dOSHUkh27SsEbG6qRdn2j9ev4zN
NB3hzD+vJQjkUl6+r2XNuFiT5AvWAucj/IxwYfsHHFIL
-----END CERTIFICATE-----