Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/HKJIsIJ7TQKVpo395xcD-UrLDIc.roa
File:                     HKJIsIJ7TQKVpo395xcD-UrLDIc.roa (raw, json)
Hash identifier:          5l8r3D44ewEJc+IhuEtnOq2QaEWlAtDCOHCZ14bO5AY=
Subject key identifier:   1C:A2:48:B0:82:7B:4D:02:95:A6:8D:FD:E7:17:03:F9:4A:CB:0C:87
Certificate issuer:       /CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
Certificate serial:       0196AFD6C614D2EEC4151A1DF52EA5E94B13
Authority key identifier: EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/HKJIsIJ7TQKVpo395xcD-UrLDIc.roa
Signing time:             Thu 08 May 2025 12:20:10 +0000
ROA not before:           Thu 08 May 2025 12:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        31.13.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:d6:c6:14:d2:ee:c4:15:1a:1d:f5:2e:a5:e9:4b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
        Validity
            Not Before: May  8 12:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ca248b0827b4d0295a68dfde71703f94acb0c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0a:3f:3e:95:b1:65:1b:13:df:3b:8e:e4:b0:
                    6f:ee:d8:f5:a0:25:4f:f0:46:a8:c6:88:f9:69:d6:
                    c0:a1:00:94:70:3c:34:87:cf:47:52:e6:33:1e:75:
                    2b:cf:9a:c3:ec:d3:b7:12:f0:6b:02:09:dc:28:59:
                    80:8c:71:0f:a2:72:7b:30:b1:84:58:78:0d:ed:84:
                    b6:78:87:8a:ca:55:06:a7:35:cb:1a:a1:5b:44:73:
                    cc:6a:0c:56:74:87:79:0f:e8:69:d5:99:28:ee:20:
                    1c:61:f7:7d:82:ce:29:f7:bc:a5:17:b5:21:33:24:
                    bd:bc:cf:25:ef:75:64:12:f5:ee:30:11:49:8b:fe:
                    71:48:6c:7b:90:af:d9:6d:91:a5:50:36:b7:d1:bc:
                    1f:98:bf:90:7f:7a:14:d6:ba:28:6b:5f:32:4c:22:
                    f4:0b:ac:d6:9c:12:70:7b:2d:fd:3e:d7:58:51:57:
                    8c:6c:9b:b7:1d:cc:d0:80:e0:4a:52:80:18:ca:7c:
                    64:cf:a9:3d:5f:9d:1e:6e:41:f9:ed:c3:64:72:c2:
                    58:d7:03:84:a7:88:17:46:97:43:26:34:78:1c:25:
                    6e:92:30:72:43:e7:7c:ba:ae:d9:35:63:b0:38:19:
                    3b:91:6e:b3:fc:13:e6:4c:ea:c1:7c:55:fe:62:27:
                    46:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A2:48:B0:82:7B:4D:02:95:A6:8D:FD:E7:17:03:F9:4A:CB:0C:87
            X509v3 Authority Key Identifier:
                keyid:EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/HKJIsIJ7TQKVpo395xcD-UrLDIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:16:ef:4f:fa:30:d6:2d:c7:b9:2e:f1:e1:aa:aa:d9:a7:ad:
         94:72:ef:fd:fd:0d:40:f1:cd:62:28:18:36:d4:5a:e7:d2:fc:
         98:1b:ad:f9:64:93:51:6b:f5:50:1c:17:93:7b:bf:1b:88:ea:
         7e:89:8f:ca:91:32:42:97:73:07:b6:e9:ca:40:c7:69:f8:9c:
         0a:c5:c7:3f:b2:32:37:fe:ed:29:37:c1:17:84:7b:04:79:5f:
         3d:43:2f:e4:b6:6d:f7:bc:71:e4:32:c8:36:94:1c:6c:c9:a6:
         43:2c:2d:9d:b0:e5:54:0d:6a:ee:61:ca:7d:59:44:44:25:31:
         06:ca:d5:23:58:24:23:29:8b:a4:e2:06:f6:3b:87:51:a5:9e:
         7a:13:39:8a:ad:a3:a4:21:a9:b6:15:17:b5:a8:ee:e5:73:db:
         06:2a:8a:d1:dc:78:7b:16:ba:c4:cc:f1:64:e6:f9:e9:c8:27:
         65:56:52:ba:fe:0f:49:c8:7d:7e:be:fe:bf:83:fa:09:71:99:
         1b:8f:4a:19:31:bd:e4:91:c4:9b:1f:23:71:04:23:0c:ce:51:
         e9:25:6c:e0:23:27:4e:52:0c:f5:67:d8:34:99:cf:46:80:4a:
         50:0d:db:a1:3e:92:24:26:78:d0:b1:31:84:21:64:0a:da:6b:
         af:76:b4:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZav1sYU0u7EFRod9S6l6UsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDk1NzhlNDk4MjVjNDJmM2MxMzFiOTRjYjBmZGRlNWM3
OWFkNzcwHhcNMjUwNTA4MTIyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2EyNDhiMDgyN2I0ZDAyOTVhNjhkZmRlNzE3MDNmOTRhY2IwYzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwo/PpWxZRsT3zuO5LBv7tj1oCVP
8Eaoxoj5adbAoQCUcDw0h89HUuYzHnUrz5rD7NO3EvBrAgncKFmAjHEPonJ7MLGE
WHgN7YS2eIeKylUGpzXLGqFbRHPMagxWdId5D+hp1Zko7iAcYfd9gs4p97ylF7Uh
MyS9vM8l73VkEvXuMBFJi/5xSGx7kK/ZbZGlUDa30bwfmL+Qf3oU1rooa18yTCL0
C6zWnBJwey39PtdYUVeMbJu3HczQgOBKUoAYynxkz6k9X50ebkH57cNkcsJY1wOE
p4gXRpdDJjR4HCVukjByQ+d8uq7ZNWOwOBk7kW6z/BPmTOrBfFX+YidGmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByiSLCCe00ClaaN/ecXA/lKywyHMB8GA1UdIwQY
MBaAFO7ZV45JglxC88ExuUyw/d5cea13MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYt
M2UxMGQxYWI3NDA4LzEvSEtKSXNJSjdUUUtWcG8zOTV4Y0QtVXJMREljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYtM2UxMGQxYWI3NDA4
LzEvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHw24MA0G
CSqGSIb3DQEBCwUAA4IBAQBpFu9P+jDWLce5LvHhqqrZp62Ucu/9/Q1A8c1iKBg2
1Frn0vyYG635ZJNRa/VQHBeTe78biOp+iY/KkTJCl3MHtunKQMdp+JwKxcc/sjI3
/u0pN8EXhHsEeV89Qy/ktm33vHHkMsg2lBxsyaZDLC2dsOVUDWruYcp9WUREJTEG
ytUjWCQjKYuk4gb2O4dRpZ56EzmKraOkIam2FRe1qO7lc9sGKorR3Hh7FrrEzPFk
5vnpyCdlVlK6/g9JyH1+vv6/g/oJcZkbj0oZMb3kkcSbHyNxBCMMzlHpJWzgIydO
Ugz1Z9g0mc9GgEpQDduhPpIkJnjQsTGEIWQK2muvdrQN
-----END CERTIFICATE-----