Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/OyEHyocNzfaASvSX9ghIhZoK7Vg.roa
File:                     OyEHyocNzfaASvSX9ghIhZoK7Vg.roa (raw, json)
Hash identifier:          LVpmM0BObmcCqdx4fHr+ScoOKewYgjGRBFNNC7CN86o=
Subject key identifier:   3B:21:07:CA:87:0D:CD:F6:80:4A:F4:97:F6:08:48:85:9A:0A:ED:58
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019681CB5C34C7ACFB5E0C63B6E6BFFDB7E3
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/OyEHyocNzfaASvSX9ghIhZoK7Vg.roa
Signing time:             Tue 29 Apr 2025 13:45:10 +0000
ROA not before:           Tue 29 Apr 2025 13:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        31.42.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:cb:5c:34:c7:ac:fb:5e:0c:63:b6:e6:bf:fd:b7:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr 29 13:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b2107ca870dcdf6804af497f60848859a0aed58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:26:ce:e3:9a:5b:86:4b:52:72:d9:01:9d:16:
                    0a:02:82:55:c8:2a:93:5c:81:f4:c6:7a:92:10:43:
                    9a:d4:d5:ac:43:b8:29:65:2a:cb:37:e6:03:62:98:
                    9d:3b:22:a8:4d:da:d2:08:34:18:db:2f:a1:ed:82:
                    32:9d:0a:68:e6:fc:b5:c7:85:19:70:dd:41:a5:a5:
                    b3:67:17:ed:9b:b1:26:85:dc:22:ba:17:2d:9c:91:
                    83:bf:0e:d7:8a:5f:ff:65:9f:5e:ce:6b:73:35:49:
                    a7:34:22:59:ed:5e:bb:85:a7:17:c8:59:ae:89:06:
                    84:7b:85:17:0b:eb:f2:ab:b2:70:ed:9f:2c:d1:db:
                    5c:6f:d1:0c:75:4e:cc:2f:64:77:cb:29:36:60:29:
                    1e:36:7f:06:3f:44:ef:44:aa:13:d3:76:05:93:3a:
                    a7:8e:0e:a4:cd:1f:74:29:f2:54:40:a1:04:29:23:
                    b8:65:2a:4e:c9:9e:e2:ee:b7:a0:dd:56:96:c7:4a:
                    06:f3:e4:a8:80:5c:ab:05:e1:84:d2:6b:e3:b0:24:
                    e5:08:a5:5d:47:f0:90:c1:23:71:a4:f8:e5:2a:22:
                    f8:d9:c3:b8:f6:8d:80:27:b3:5b:22:d3:9a:ea:2c:
                    45:0c:49:fb:d4:7c:15:b6:98:49:a2:10:9f:30:8a:
                    05:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:21:07:CA:87:0D:CD:F6:80:4A:F4:97:F6:08:48:85:9A:0A:ED:58
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/OyEHyocNzfaASvSX9ghIhZoK7Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:d9:34:f4:6c:02:39:9f:09:43:3b:2e:37:79:6b:45:72:af:
         f5:29:09:3f:e6:d0:23:43:4b:be:6e:f7:43:cd:df:96:15:cf:
         9d:10:ea:28:e3:2b:df:31:ee:06:5a:7b:e7:dd:59:0a:2c:8b:
         ff:0e:88:93:b7:8c:60:84:76:71:be:bb:6c:86:24:65:5f:1b:
         08:b7:51:11:60:a2:a9:fa:70:7e:bd:e2:94:e0:b5:77:96:85:
         eb:a6:14:ee:f9:69:76:35:22:c3:63:5b:bf:57:cf:a3:39:cf:
         78:68:70:f2:e8:a7:df:3e:21:26:1d:d3:f9:0a:95:dd:98:90:
         8a:cf:50:dd:98:33:ed:02:d2:51:b2:15:73:38:83:56:c8:f5:
         71:45:d4:3a:88:52:1f:d7:1f:b1:e6:9f:98:99:0e:87:9a:91:
         be:7b:c9:8e:da:e7:dd:06:42:55:6d:cd:b9:0d:f6:76:cf:73:
         c9:bb:49:21:bb:71:05:7a:e1:ad:b7:de:c3:48:63:8a:e4:d4:
         f9:23:b0:69:89:3a:94:06:d0:41:24:97:e4:67:69:a8:dd:3f:
         b3:7e:4b:bc:4c:cc:e1:32:30:36:b7:88:ff:c1:62:1c:8b:11:
         f4:2e:80:fa:84:5d:c2:b3:f0:91:8f:af:01:56:39:a0:13:26:
         f6:7f:7b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBy1w0x6z7Xgxjtua//bfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNDI5MTM0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjIxMDdjYTg3MGRjZGY2ODA0YWY0OTdmNjA4NDg4NTlhMGFlZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SbO45pbhktSctkBnRYKAoJVyCqT
XIH0xnqSEEOa1NWsQ7gpZSrLN+YDYpidOyKoTdrSCDQY2y+h7YIynQpo5vy1x4UZ
cN1BpaWzZxftm7EmhdwiuhctnJGDvw7Xil//ZZ9ezmtzNUmnNCJZ7V67hacXyFmu
iQaEe4UXC+vyq7Jw7Z8s0dtcb9EMdU7ML2R3yyk2YCkeNn8GP0TvRKoT03YFkzqn
jg6kzR90KfJUQKEEKSO4ZSpOyZ7i7reg3VaWx0oG8+SogFyrBeGE0mvjsCTlCKVd
R/CQwSNxpPjlKiL42cO49o2AJ7NbItOa6ixFDEn71HwVtphJohCfMIoF6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDshB8qHDc32gEr0l/YISIWaCu1YMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvT3lFSHlvY056ZmFBU3ZTWDlnaEloWm9LN1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp8MA0G
CSqGSIb3DQEBCwUAA4IBAQDT2TT0bAI5nwlDOy43eWtFcq/1KQk/5tAjQ0u+bvdD
zd+WFc+dEOoo4yvfMe4GWnvn3VkKLIv/DoiTt4xghHZxvrtshiRlXxsIt1ERYKKp
+nB+veKU4LV3loXrphTu+Wl2NSLDY1u/V8+jOc94aHDy6KffPiEmHdP5CpXdmJCK
z1DdmDPtAtJRshVzOINWyPVxRdQ6iFIf1x+x5p+YmQ6HmpG+e8mO2ufdBkJVbc25
DfZ2z3PJu0khu3EFeuGtt97DSGOK5NT5I7BpiTqUBtBBJJfkZ2mo3T+zfku8TMzh
MjA2t4j/wWIcixH0LoD6hF3Cs/CRj68BVjmgEyb2f3sG
-----END CERTIFICATE-----