Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/R8N31IenIt0xkEBBTQjeM4Z87uM.roa
File:                     R8N31IenIt0xkEBBTQjeM4Z87uM.roa (raw, json)
Hash identifier:          Ic4nMSUJKsiGM69kIZMaWnmOqFQT0bgB9YdN5w98kIY=
Subject key identifier:   47:C3:77:D4:87:A7:22:DD:31:90:40:41:4D:08:DE:33:86:7C:EE:E3
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0197AD94D82D4EB78134D70E85332A4B5EFE
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/R8N31IenIt0xkEBBTQjeM4Z87uM.roa
Signing time:             Thu 26 Jun 2025 18:51:42 +0000
ROA not before:           Thu 26 Jun 2025 18:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207641
IP address blocks:        31.42.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:94:d8:2d:4e:b7:81:34:d7:0e:85:33:2a:4b:5e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jun 26 18:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47c377d487a722dd319040414d08de33867ceee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:86:27:32:53:af:da:b9:0b:91:a2:1a:45:c5:
                    d0:f5:4d:79:31:8f:4f:f6:ee:ba:a2:83:0f:a9:99:
                    00:f5:ce:a6:6e:e6:15:ad:7b:11:64:a1:00:60:f0:
                    5b:63:24:3b:b6:dc:c7:ce:56:79:1b:7c:df:34:b6:
                    84:a5:4b:b8:35:96:9d:86:26:f7:87:c1:e1:a6:06:
                    c4:70:b6:35:bb:af:ea:a2:3b:ad:76:70:d0:ed:b3:
                    b8:b5:95:32:d0:41:0d:6c:f7:84:d5:f0:ea:31:41:
                    c3:16:be:7c:bd:92:f1:6e:c9:b0:76:bf:bd:35:d5:
                    b1:9d:66:65:22:98:06:f1:3d:e4:01:26:57:9a:17:
                    fd:18:f6:6b:83:c6:fe:ec:97:b6:ad:f3:47:46:8e:
                    8a:f6:45:7e:55:be:c9:e7:cc:86:b7:12:ef:06:12:
                    36:6e:03:ee:d8:c3:8c:59:43:80:56:98:bd:51:c2:
                    42:0f:b2:4c:03:ad:d2:98:3e:cd:78:c4:e8:4e:f3:
                    89:06:d3:73:f0:21:b1:01:21:bd:91:89:56:65:70:
                    bc:b6:86:0c:97:67:49:0e:e6:2b:aa:f8:2f:15:d1:
                    2c:66:36:57:cf:32:ad:06:f9:f7:1d:5f:2c:50:fa:
                    88:b5:da:26:d9:92:78:a9:49:91:b3:49:9c:5b:48:
                    1d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C3:77:D4:87:A7:22:DD:31:90:40:41:4D:08:DE:33:86:7C:EE:E3
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/R8N31IenIt0xkEBBTQjeM4Z87uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a8:8e:b0:b3:21:0a:2b:88:28:65:c8:52:17:f1:bb:5d:90:
         fc:bc:af:cb:a2:c7:cc:8a:c9:0d:6c:41:ba:84:d8:c5:ed:3d:
         ec:f9:f9:e9:45:b4:5b:97:99:3a:82:a6:75:f9:ce:a5:2c:27:
         f9:c1:67:65:ac:90:78:b6:ce:16:ff:ad:50:fa:7f:cd:71:4f:
         5f:78:d4:8e:89:b0:07:97:5c:e2:ea:f9:80:dc:da:99:63:7d:
         62:21:59:c1:e4:ed:74:8b:4d:bf:e5:8d:b4:e9:78:be:6d:2c:
         c4:d2:82:e2:19:aa:6f:aa:9b:2b:d3:33:98:1a:37:6a:28:ab:
         2f:de:e0:2b:1c:70:23:e1:d6:46:dd:96:50:e5:af:e6:52:f8:
         e4:fe:fe:fe:7c:c9:1f:f1:62:1a:ce:1e:d9:d8:6a:3f:36:e7:
         63:62:73:68:72:7f:80:a6:9c:03:73:20:2f:80:a4:53:bc:82:
         be:b6:bb:70:1c:eb:93:d7:b6:2c:2e:0e:e7:8b:8b:14:0d:48:
         e4:3b:89:50:bc:3b:be:84:08:aa:4d:83:dd:da:0a:2c:f4:70:
         b8:4f:2d:cb:d9:b3:02:56:2c:41:50:71:da:7e:36:24:2f:7e:
         a9:7f:5a:e2:65:0d:79:1d:f3:ea:12:cb:2c:63:f8:e6:9f:d0:
         f7:7c:cb:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZetlNgtTreBNNcOhTMqS17+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNjI2MTg1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MzNzdkNDg3YTcyMmRkMzE5MDQwNDE0ZDA4ZGUzMzg2N2NlZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYYnMlOv2rkLkaIaRcXQ9U15MY9P
9u66ooMPqZkA9c6mbuYVrXsRZKEAYPBbYyQ7ttzHzlZ5G3zfNLaEpUu4NZadhib3
h8HhpgbEcLY1u6/qojutdnDQ7bO4tZUy0EENbPeE1fDqMUHDFr58vZLxbsmwdr+9
NdWxnWZlIpgG8T3kASZXmhf9GPZrg8b+7Je2rfNHRo6K9kV+Vb7J58yGtxLvBhI2
bgPu2MOMWUOAVpi9UcJCD7JMA63SmD7NeMToTvOJBtNz8CGxASG9kYlWZXC8toYM
l2dJDuYrqvgvFdEsZjZXzzKtBvn3HV8sUPqItdom2ZJ4qUmRs0mcW0gdlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfDd9SHpyLdMZBAQU0I3jOGfO7jMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvUjhOMzFJZW5JdDB4a0VCQlRRamVNNFo4N3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp4MA0G
CSqGSIb3DQEBCwUAA4IBAQC0qI6wsyEKK4goZchSF/G7XZD8vK/LosfMiskNbEG6
hNjF7T3s+fnpRbRbl5k6gqZ1+c6lLCf5wWdlrJB4ts4W/61Q+n/NcU9feNSOibAH
l1zi6vmA3NqZY31iIVnB5O10i02/5Y206Xi+bSzE0oLiGapvqpsr0zOYGjdqKKsv
3uArHHAj4dZG3ZZQ5a/mUvjk/v7+fMkf8WIazh7Z2Go/NudjYnNocn+AppwDcyAv
gKRTvIK+trtwHOuT17YsLg7ni4sUDUjkO4lQvDu+hAiqTYPd2gos9HC4Ty3L2bMC
VixBUHHafjYkL36pf1riZQ15HfPqEsssY/jmn9D3fMvn
-----END CERTIFICATE-----