Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/SJtR9yDFalD5cZd0JaUHeuQjWF4.roa
File:                     SJtR9yDFalD5cZd0JaUHeuQjWF4.roa (raw, json)
Hash identifier:          o+pZOrweCiX/ZW2TkzQ2pD2uz9mIgJjpPK75RQvDCsY=
Subject key identifier:   48:9B:51:F7:20:C5:6A:50:F9:71:97:74:25:A5:07:7A:E4:23:58:5E
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       01968697161B36C95635FF5CD4D13C2ACD76
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/SJtR9yDFalD5cZd0JaUHeuQjWF4.roa
Signing time:             Wed 30 Apr 2025 12:06:10 +0000
ROA not before:           Wed 30 Apr 2025 12:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215672
IP address blocks:        31.42.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:97:16:1b:36:c9:56:35:ff:5c:d4:d1:3c:2a:cd:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr 30 12:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=489b51f720c56a50f971977425a5077ae423585e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6f:87:d1:e0:90:98:4c:7f:c5:9d:d1:a4:ab:
                    c9:92:0f:29:8f:00:63:48:0f:de:a5:18:27:89:0f:
                    d3:0e:b1:18:2b:4b:3c:b6:ab:3e:71:65:d2:1b:34:
                    c4:43:45:f1:2a:42:01:57:97:1a:2e:c8:ac:0a:79:
                    05:0a:88:cc:93:5f:c6:07:0b:07:8c:8a:45:2d:f9:
                    a6:61:22:af:f1:23:f8:f5:46:da:42:22:3a:c4:d8:
                    ce:80:7f:77:1e:41:49:9d:6d:ed:d6:fc:c9:d9:75:
                    92:0a:a0:59:56:cc:2f:f4:01:25:36:d5:71:36:05:
                    6e:5a:a6:f5:ea:53:49:e2:2c:63:8e:c1:1a:15:3a:
                    4f:4b:66:65:37:48:5e:39:8b:80:55:92:49:57:79:
                    f5:c3:86:27:70:df:5d:51:88:23:64:1d:51:95:c0:
                    87:ce:1b:fc:20:0d:36:46:80:2a:e0:2b:0c:5c:b0:
                    fd:13:1a:ab:00:c2:15:c3:31:98:b6:cc:0a:a1:74:
                    f3:26:3f:8a:49:4c:9a:e8:f6:05:45:2f:67:da:9b:
                    b9:55:60:bd:89:1a:a9:65:39:2b:12:42:7c:38:ee:
                    30:46:9e:69:51:a2:9a:f2:86:b3:c4:e3:57:b0:9a:
                    92:0f:88:24:db:77:82:eb:8b:61:f1:0c:0c:4a:6d:
                    d6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:9B:51:F7:20:C5:6A:50:F9:71:97:74:25:A5:07:7A:E4:23:58:5E
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/SJtR9yDFalD5cZd0JaUHeuQjWF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:b3:6f:1b:3d:05:a3:eb:60:81:eb:96:00:e6:4f:15:47:99:
         95:41:dd:b9:d4:42:0c:ae:d5:08:b6:e7:16:68:97:9c:9b:19:
         e6:5d:42:01:25:41:7e:3d:a0:5e:83:13:e7:22:a2:ed:fe:f6:
         1e:39:c0:b1:94:02:be:db:f3:88:d9:1a:76:9e:4e:96:b8:12:
         eb:df:ab:d1:1e:49:40:af:ec:4a:48:19:00:20:65:98:eb:e5:
         7c:00:9e:e3:c2:ad:ea:8f:2a:54:a8:e0:c9:84:70:68:9b:d3:
         6a:db:9f:c7:2b:ae:d9:e9:2f:3f:52:0f:38:24:22:bc:d2:9b:
         3a:6c:07:98:cf:32:a0:62:45:c0:75:8a:79:2d:9c:84:29:07:
         12:75:93:a6:a6:35:b0:9f:7e:34:e5:5b:69:9b:84:3d:08:21:
         f4:12:ab:69:12:7c:78:e1:f0:97:5b:02:4a:d8:0f:68:e4:62:
         4c:0d:c5:f5:49:e8:23:53:77:2e:f7:36:ca:cd:c8:b7:47:3e:
         d1:00:91:09:12:5a:15:9c:42:1c:20:09:a8:b4:13:f6:4c:f7:
         48:d3:7d:f9:6f:c3:e7:e2:e9:73:bc:5b:dd:42:13:d6:df:16:
         9f:6e:87:44:79:e2:59:60:ce:8b:4e:bd:b0:8e:05:a8:56:e2:
         12:14:a2:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGlxYbNslWNf9c1NE8Ks12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNDMwMTIwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODliNTFmNzIwYzU2YTUwZjk3MTk3NzQyNWE1MDc3YWU0MjM1ODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W+H0eCQmEx/xZ3RpKvJkg8pjwBj
SA/epRgniQ/TDrEYK0s8tqs+cWXSGzTEQ0XxKkIBV5caLsisCnkFCojMk1/GBwsH
jIpFLfmmYSKv8SP49UbaQiI6xNjOgH93HkFJnW3t1vzJ2XWSCqBZVswv9AElNtVx
NgVuWqb16lNJ4ixjjsEaFTpPS2ZlN0heOYuAVZJJV3n1w4YncN9dUYgjZB1RlcCH
zhv8IA02RoAq4CsMXLD9ExqrAMIVwzGYtswKoXTzJj+KSUya6PYFRS9n2pu5VWC9
iRqpZTkrEkJ8OO4wRp5pUaKa8oazxONXsJqSD4gk23eC64th8QwMSm3W6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEibUfcgxWpQ+XGXdCWlB3rkI1heMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvU0p0Ujl5REZhbEQ1Y1pkMEphVUhldVFqV0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp9MA0G
CSqGSIb3DQEBCwUAA4IBAQA4s28bPQWj62CB65YA5k8VR5mVQd251EIMrtUItucW
aJecmxnmXUIBJUF+PaBegxPnIqLt/vYeOcCxlAK+2/OI2Rp2nk6WuBLr36vRHklA
r+xKSBkAIGWY6+V8AJ7jwq3qjypUqODJhHBom9Nq25/HK67Z6S8/Ug84JCK80ps6
bAeYzzKgYkXAdYp5LZyEKQcSdZOmpjWwn3405Vtpm4Q9CCH0EqtpEnx44fCXWwJK
2A9o5GJMDcX1SegjU3cu9zbKzci3Rz7RAJEJEloVnEIcIAmotBP2TPdI0335b8Pn
4ulzvFvdQhPW3xafbodEeeJZYM6LTr2wjgWoVuISFKKP
-----END CERTIFICATE-----