Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/ve4kS1FSpKOZDfPOmvEJot6T9gc.roa
File:                     ve4kS1FSpKOZDfPOmvEJot6T9gc.roa (raw, json)
Hash identifier:          /8G7vYP5BGzfa/caGIr/zNwzv8N1oQfYQzWhKIYfL+g=
Subject key identifier:   BD:EE:24:4B:51:52:A4:A3:99:0D:F3:CE:9A:F1:09:A2:DE:93:F6:07
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       0197886DBFA27D7ECAF64C3B41E25AE53AE0
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/ve4kS1FSpKOZDfPOmvEJot6T9gc.roa
Signing time:             Thu 19 Jun 2025 13:43:03 +0000
ROA not before:           Thu 19 Jun 2025 13:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        31.43.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:6d:bf:a2:7d:7e:ca:f6:4c:3b:41:e2:5a:e5:3a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jun 19 13:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdee244b5152a4a3990df3ce9af109a2de93f607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:fe:0b:dc:1a:af:bb:9a:c5:48:a5:1c:9a:
                    3b:b3:e3:56:8c:ac:10:6e:8a:ee:62:de:87:df:8f:
                    ed:62:ee:ae:d2:55:e3:4c:80:cf:98:fa:a6:9d:a5:
                    58:09:d7:fd:c8:49:60:8f:7f:ab:a1:54:af:d8:c9:
                    1f:dc:af:8f:a4:0b:cd:45:d8:ec:0a:24:20:ff:4e:
                    fc:11:b9:57:12:2f:0c:9c:93:8f:d2:e2:71:95:7d:
                    a4:41:b0:19:6a:5f:7d:f9:bf:db:de:22:f6:58:9f:
                    9b:ac:c1:95:95:9e:cb:91:8c:ca:91:83:fc:4c:e6:
                    dd:25:e7:48:56:33:31:a5:2a:18:25:5e:57:55:2c:
                    50:29:12:a9:35:e3:73:be:eb:68:8e:03:da:01:05:
                    6a:cc:cd:67:73:76:b6:6d:90:bc:af:9e:0c:a4:b6:
                    1b:63:3b:dd:9d:34:02:8a:24:be:3e:6c:df:4a:2e:
                    b8:99:9f:75:67:fd:22:b6:e6:8e:ee:0d:5c:46:51:
                    a8:f7:b4:5d:03:59:4d:b4:ce:4f:dd:67:47:63:fd:
                    62:ce:a8:1f:35:e5:d8:ed:24:cb:35:57:01:5a:72:
                    0a:86:f2:18:a0:67:f7:6b:70:97:70:42:ac:fb:6b:
                    fe:29:3f:ca:99:9b:f7:ec:48:a2:b5:5f:2b:e6:81:
                    86:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EE:24:4B:51:52:A4:A3:99:0D:F3:CE:9A:F1:09:A2:DE:93:F6:07
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/ve4kS1FSpKOZDfPOmvEJot6T9gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e1:e8:f0:5c:61:9f:38:10:43:87:70:5b:61:4e:99:28:d1:
         3d:ac:9c:72:24:8e:f8:9d:77:85:88:7b:77:e3:11:3e:b1:75:
         05:96:fd:e5:c6:aa:86:44:d9:72:49:b9:19:85:3d:2b:9d:04:
         9b:4c:b6:37:c9:2d:f5:34:ac:2d:c9:7a:89:84:02:3d:f7:7d:
         b7:44:3c:ba:e4:78:7e:54:cc:2d:3b:c0:42:ab:59:bf:a7:bb:
         3f:9e:84:e4:db:e1:26:5f:81:b3:46:93:89:31:28:82:97:b1:
         36:b8:de:e9:02:6f:04:a4:75:46:61:d6:94:66:53:88:70:2c:
         35:4d:1b:5a:52:16:7e:f5:30:85:da:23:5a:b1:69:67:a3:0b:
         9d:25:90:c8:fd:9d:31:61:ca:f2:90:ce:9f:f8:db:bf:6e:c6:
         75:53:dc:95:04:54:7e:00:4c:b0:6f:02:aa:8b:f6:7d:3e:df:
         10:c0:01:b5:10:44:51:91:6c:74:44:e6:3c:d2:b8:6b:91:7b:
         0b:3a:82:1f:63:33:7f:99:47:a0:17:7a:6a:04:17:97:f1:f0:
         be:d7:3e:a2:87:35:d8:63:a3:44:a2:74:af:c0:ea:e5:66:e2:
         db:16:4d:23:e6:78:ee:b8:bb:4f:d4:fb:ba:90:3a:c0:fe:c5:
         23:6b:ba:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIbb+ifX7K9kw7QeJa5TrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjUwNjE5MTM0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGVlMjQ0YjUxNTJhNGEzOTkwZGYzY2U5YWYxMDlhMmRlOTNmNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR/+C9war7uaxUilHJo7s+NWjKwQ
boruYt6H34/tYu6u0lXjTIDPmPqmnaVYCdf9yElgj3+roVSv2Mkf3K+PpAvNRdjs
CiQg/078EblXEi8MnJOP0uJxlX2kQbAZal99+b/b3iL2WJ+brMGVlZ7LkYzKkYP8
TObdJedIVjMxpSoYJV5XVSxQKRKpNeNzvutojgPaAQVqzM1nc3a2bZC8r54MpLYb
YzvdnTQCiiS+PmzfSi64mZ91Z/0ituaO7g1cRlGo97RdA1lNtM5P3WdHY/1izqgf
NeXY7STLNVcBWnIKhvIYoGf3a3CXcEKs+2v+KT/KmZv37EiitV8r5oGG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3uJEtRUqSjmQ3zzprxCaLek/YHMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvdmU0a1MxRlNwS09aRGZQT212RUpvdDZUOWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyumMA0G
CSqGSIb3DQEBCwUAA4IBAQCR4ejwXGGfOBBDh3BbYU6ZKNE9rJxyJI74nXeFiHt3
4xE+sXUFlv3lxqqGRNlySbkZhT0rnQSbTLY3yS31NKwtyXqJhAI99323RDy65Hh+
VMwtO8BCq1m/p7s/noTk2+EmX4GzRpOJMSiCl7E2uN7pAm8EpHVGYdaUZlOIcCw1
TRtaUhZ+9TCF2iNasWlnowudJZDI/Z0xYcrykM6f+Nu/bsZ1U9yVBFR+AEywbwKq
i/Z9Pt8QwAG1EERRkWx0ROY80rhrkXsLOoIfYzN/mUegF3pqBBeX8fC+1z6ihzXY
Y6NEonSvwOrlZuLbFk0j5njuuLtP1Pu6kDrA/sUja7pr
-----END CERTIFICATE-----