Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/1zFu0RzpnnoDGJMwnKjinpXmRCA.roa
File:                     1zFu0RzpnnoDGJMwnKjinpXmRCA.roa (raw, json)
Hash identifier:          ZQd8IBEmMebks+ONJAcNs9poavTsD9w6+Xw3hhWxaQ0=
Subject key identifier:   D7:31:6E:D1:1C:E9:9E:7A:03:18:93:30:9C:A8:E2:9E:95:E6:44:20
Certificate issuer:       /CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
Certificate serial:       0196AFD6C697042DB9A558A158479FCD1D63
Authority key identifier: EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/1zFu0RzpnnoDGJMwnKjinpXmRCA.roa
Signing time:             Thu 08 May 2025 12:20:10 +0000
ROA not before:           Thu 08 May 2025 12:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12337
IP address blocks:        31.13.185.0/24 maxlen: 24
                          31.13.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:d6:c6:97:04:2d:b9:a5:58:a1:58:47:9f:cd:1d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
        Validity
            Not Before: May  8 12:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7316ed11ce99e7a031893309ca8e29e95e64420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:00:45:3c:77:bc:83:1e:f4:5d:63:1a:c2:
                    92:8d:ea:99:35:31:44:c3:01:60:a5:d5:4b:dc:d7:
                    b2:9d:b9:75:2e:6e:8a:e3:61:1a:b8:78:3f:f3:d3:
                    0c:f6:a5:58:a8:8f:f3:f9:70:63:b7:a1:cb:20:69:
                    32:46:f8:1a:5b:de:95:24:11:37:c7:68:29:2c:cd:
                    59:8c:25:92:61:e9:17:76:36:11:09:20:04:bb:fb:
                    db:13:94:bd:ac:93:ae:ba:63:1e:50:c1:21:1e:69:
                    81:3c:c2:e7:1f:51:86:36:e0:27:de:91:ce:70:43:
                    93:85:1b:39:c6:ae:b8:3a:d5:88:58:97:d3:ba:c8:
                    47:5c:d4:6b:7d:e2:49:2c:18:87:6a:1c:e1:20:ef:
                    62:85:30:6f:b5:b2:08:a2:26:05:fb:33:f6:62:7f:
                    cd:60:a2:48:32:45:0c:fd:22:1e:85:03:6f:53:a5:
                    71:a6:45:a2:a7:20:c9:67:73:28:76:cb:6d:c3:a9:
                    84:a8:d8:f6:87:b0:48:77:f3:bb:30:4e:7a:05:3a:
                    bd:c9:9f:bb:96:2b:28:43:ec:2c:44:95:dd:04:55:
                    98:5e:5a:73:1a:7c:c5:68:55:f5:2c:6c:f5:cd:fd:
                    c8:4d:d8:7e:c7:3a:cb:33:6c:ca:d9:22:31:9d:ea:
                    4a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:31:6E:D1:1C:E9:9E:7A:03:18:93:30:9C:A8:E2:9E:95:E6:44:20
            X509v3 Authority Key Identifier:
                keyid:EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/1zFu0RzpnnoDGJMwnKjinpXmRCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.185.0/24
                  31.13.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2e:a0:ef:72:fc:92:9b:f0:c8:1d:43:97:4b:e4:22:7c:56:
         84:02:d4:79:02:1a:74:17:e0:e9:08:4a:b9:05:6a:97:9c:8b:
         fe:ca:bc:a0:18:5c:b1:b0:9b:6d:71:57:1b:0f:cd:b7:e6:e7:
         57:0d:df:2a:21:d2:46:e9:88:47:d4:89:43:31:84:68:9a:07:
         8f:53:33:dc:cf:31:94:20:3e:04:64:17:fc:12:81:0d:c0:15:
         03:e2:f2:eb:60:1e:65:28:c0:dd:ac:e8:f1:f8:93:81:7d:24:
         1a:8b:7f:54:11:db:e0:ec:00:c1:67:ab:69:f6:ea:75:48:bc:
         55:1d:58:18:67:22:e5:97:94:2c:6d:ba:e0:10:52:d6:16:52:
         71:c0:01:61:54:d8:8f:89:ad:81:7f:17:d3:50:23:32:55:37:
         ff:07:65:f7:85:5b:2f:5c:76:99:12:fa:00:24:dd:00:ab:e0:
         1a:7d:03:fb:f9:ac:b8:5e:d8:51:d6:3a:d5:b0:34:86:4a:b9:
         ad:11:17:cd:ba:2c:ec:21:c9:b0:98:a7:d3:7c:4a:55:85:92:
         1b:66:fc:bf:2e:60:ee:9a:62:51:23:52:69:f3:bf:56:1a:11:
         64:d6:d0:fd:9d:21:1a:7d:c1:ef:18:8f:63:a4:e5:37:a5:50:
         f9:2e:bf:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZav1saXBC25pVihWEefzR1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDk1NzhlNDk4MjVjNDJmM2MxMzFiOTRjYjBmZGRlNWM3
OWFkNzcwHhcNMjUwNTA4MTIyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMxNmVkMTFjZTk5ZTdhMDMxODkzMzA5Y2E4ZTI5ZTk1ZTY0NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/sARTx3vIMe9F1jGsKSjeqZNTFE
wwFgpdVL3Neynbl1Lm6K42EauHg/89MM9qVYqI/z+XBjt6HLIGkyRvgaW96VJBE3
x2gpLM1ZjCWSYekXdjYRCSAEu/vbE5S9rJOuumMeUMEhHmmBPMLnH1GGNuAn3pHO
cEOThRs5xq64OtWIWJfTushHXNRrfeJJLBiHahzhIO9ihTBvtbIIoiYF+zP2Yn/N
YKJIMkUM/SIehQNvU6VxpkWipyDJZ3Modsttw6mEqNj2h7BId/O7ME56BTq9yZ+7
lisoQ+wsRJXdBFWYXlpzGnzFaFX1LGz1zf3ITdh+xzrLM2zK2SIxnepKvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNcxbtEc6Z56AxiTMJyo4p6V5kQgMB8GA1UdIwQY
MBaAFO7ZV45JglxC88ExuUyw/d5cea13MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYt
M2UxMGQxYWI3NDA4LzEvMXpGdTBSenBubm9ER0pNd25LamlucFhtUkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYtM2UxMGQxYWI3NDA4
LzEvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw25AwQA
Hw27MA0GCSqGSIb3DQEBCwUAA4IBAQAFLqDvcvySm/DIHUOXS+QifFaEAtR5Ahp0
F+DpCEq5BWqXnIv+yrygGFyxsJttcVcbD8235udXDd8qIdJG6YhH1IlDMYRomgeP
UzPczzGUID4EZBf8EoENwBUD4vLrYB5lKMDdrOjx+JOBfSQai39UEdvg7ADBZ6tp
9up1SLxVHVgYZyLll5QsbbrgEFLWFlJxwAFhVNiPia2BfxfTUCMyVTf/B2X3hVsv
XHaZEvoAJN0Aq+AafQP7+ay4XthR1jrVsDSGSrmtERfNuizsIcmwmKfTfEpVhZIb
Zvy/LmDummJRI1Jp879WGhFk1tD9nSEafcHvGI9jpOU3pVD5Lr8C
-----END CERTIFICATE-----