Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8kYUqvbvlN7DmQ-Vpk_6NiZwx_Q.roa
File:                     8kYUqvbvlN7DmQ-Vpk_6NiZwx_Q.roa (raw, json)
Hash identifier:          MHEYsvHY2V0PnvcybwJDQarGRWMbvbbvDave33jlBz0=
Subject key identifier:   F2:46:14:AA:F6:EF:94:DE:C3:99:0F:95:A6:4F:FA:36:26:70:C7:F4
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019681C5DDCED898099F40E7BD9A9910E963
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8kYUqvbvlN7DmQ-Vpk_6NiZwx_Q.roa
Signing time:             Tue 29 Apr 2025 13:39:10 +0000
ROA not before:           Tue 29 Apr 2025 13:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        31.42.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 22:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:c5:dd:ce:d8:98:09:9f:40:e7:bd:9a:99:10:e9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr 29 13:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f24614aaf6ef94dec3990f95a64ffa362670c7f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b7:a8:bd:86:30:0a:18:50:7c:94:a7:21:86:
                    1b:b4:00:24:f9:c1:92:f7:80:c7:e8:cc:e5:bc:47:
                    7b:fb:82:2e:1c:16:36:0f:46:cc:40:6b:18:57:b2:
                    25:c6:32:32:03:bb:6c:06:68:91:7c:66:20:9e:72:
                    29:ae:c2:8a:0f:9d:2a:00:2e:ed:b4:b1:b2:40:09:
                    a5:2e:eb:05:36:f0:4e:f1:a6:2e:82:c4:b9:d1:06:
                    39:4e:32:91:ad:ff:dc:66:2f:13:03:03:9a:e8:ff:
                    d8:03:fa:cb:22:1c:55:f6:e8:10:21:70:6b:e6:b8:
                    bc:9c:e3:22:2b:9b:47:49:95:55:c0:57:22:2b:c5:
                    f8:26:4c:6e:9d:7a:1f:c6:4f:c5:3e:9b:72:a8:b8:
                    ca:2e:70:bd:9e:93:a4:b7:19:7b:cc:df:79:00:6b:
                    37:21:4c:c8:e5:d8:45:76:02:ea:f7:17:b9:35:41:
                    0a:c7:64:8a:b0:44:0a:69:a4:ca:29:92:3c:45:11:
                    77:ef:1f:24:9b:c3:5f:d3:73:94:41:70:bb:ed:0f:
                    4e:2f:03:70:51:ea:f1:9e:d2:40:51:32:32:24:21:
                    cf:21:4c:6f:50:bb:84:b7:f0:21:b9:c4:ad:4d:bf:
                    c4:8d:68:b8:20:ca:7e:8c:e9:bd:e4:88:f8:69:de:
                    32:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:46:14:AA:F6:EF:94:DE:C3:99:0F:95:A6:4F:FA:36:26:70:C7:F4
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/8kYUqvbvlN7DmQ-Vpk_6NiZwx_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e2:fd:86:16:72:4b:43:67:8e:b1:1f:c1:02:f5:1f:3f:b0:
         ce:0f:63:7b:f4:93:51:f4:72:98:b9:07:6c:ea:d7:ee:16:f3:
         0d:ee:4e:ba:38:ca:7b:42:2f:2f:11:be:ad:ca:f2:32:d0:2d:
         40:26:5c:d4:85:c7:04:50:6c:61:25:bb:63:12:93:86:e5:cc:
         3e:5b:db:72:03:4c:cb:b6:6a:43:66:32:88:bc:5b:03:76:f5:
         3b:e6:b5:db:a9:1f:cf:f6:51:bf:e0:da:f9:15:8c:2c:4f:fd:
         eb:ce:e3:8e:26:1c:e9:05:16:54:ed:c4:3d:d4:08:4d:ef:ba:
         91:97:08:0b:f2:a9:02:f3:cb:11:2c:9c:84:92:cd:52:d4:da:
         67:d2:1c:44:f3:d3:fa:ed:d7:5a:3b:90:04:43:18:2e:50:d5:
         35:91:c3:fc:4c:59:e5:54:a7:9b:30:39:3b:e8:52:d0:02:e9:
         d7:2a:27:4d:32:a5:78:f5:70:b8:80:95:55:a1:f1:f2:e0:80:
         2e:70:90:71:fb:ef:ef:20:70:70:f6:a2:b5:f5:d0:ea:61:8c:
         26:7d:32:c4:89:81:80:b7:d3:0b:69:83:d2:cf:8a:67:5d:08:
         fd:42:a1:80:d4:3f:74:4d:59:97:d9:39:51:f2:e8:eb:cd:51:
         a2:e2:c6:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBxd3O2JgJn0DnvZqZEOljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNDI5MTMzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ2MTRhYWY2ZWY5NGRlYzM5OTBmOTVhNjRmZmEzNjI2NzBjN2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnreovYYwChhQfJSnIYYbtAAk+cGS
94DH6MzlvEd7+4IuHBY2D0bMQGsYV7IlxjIyA7tsBmiRfGYgnnIprsKKD50qAC7t
tLGyQAmlLusFNvBO8aYugsS50QY5TjKRrf/cZi8TAwOa6P/YA/rLIhxV9ugQIXBr
5ri8nOMiK5tHSZVVwFciK8X4JkxunXofxk/FPptyqLjKLnC9npOktxl7zN95AGs3
IUzI5dhFdgLq9xe5NUEKx2SKsEQKaaTKKZI8RRF37x8km8Nf03OUQXC77Q9OLwNw
UerxntJAUTIyJCHPIUxvULuEt/AhucStTb/EjWi4IMp+jOm95Ij4ad4yhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJGFKr275Tew5kPlaZP+jYmcMf0MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvOGtZVXF2YnZsTjdEbVEtVnBrXzZOaVp3eF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp5MA0G
CSqGSIb3DQEBCwUAA4IBAQB04v2GFnJLQ2eOsR/BAvUfP7DOD2N79JNR9HKYuQds
6tfuFvMN7k66OMp7Qi8vEb6tyvIy0C1AJlzUhccEUGxhJbtjEpOG5cw+W9tyA0zL
tmpDZjKIvFsDdvU75rXbqR/P9lG/4Nr5FYwsT/3rzuOOJhzpBRZU7cQ91AhN77qR
lwgL8qkC88sRLJyEks1S1Npn0hxE89P67ddaO5AEQxguUNU1kcP8TFnlVKebMDk7
6FLQAunXKidNMqV49XC4gJVVofHy4IAucJBx++/vIHBw9qK19dDqYYwmfTLEiYGA
t9MLaYPSz4pnXQj9QqGA1D90TVmX2TlR8ujrzVGi4sbk
-----END CERTIFICATE-----