Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/pbmRtHICi7p2VHFdA2oYQjokv5M.roa
File:                     pbmRtHICi7p2VHFdA2oYQjokv5M.roa (raw, json)
Hash identifier:          kalL4uLW9FTwrYiqj8m7chgAvByfERAdMZVNGRZeE9w=
Subject key identifier:   A5:B9:91:B4:72:02:8B:BA:76:54:71:5D:03:6A:18:42:3A:24:BF:93
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019753F0C7363389BC5B6525BCC459837663
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/pbmRtHICi7p2VHFdA2oYQjokv5M.roa
Signing time:             Mon 09 Jun 2025 09:06:17 +0000
ROA not before:           Mon 09 Jun 2025 09:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211747
IP address blocks:        194.31.143.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:53:f0:c7:36:33:89:bc:5b:65:25:bc:c4:59:83:76:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jun  9 09:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5b991b472028bba7654715d036a18423a24bf93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3d:7f:e1:c6:49:0f:e9:5e:af:4b:9b:21:da:
                    2a:4f:f8:a4:9a:bf:cc:15:da:7a:ad:dc:35:9d:30:
                    c8:5e:85:39:29:e8:4a:63:40:5c:aa:23:a2:17:da:
                    8c:82:23:f7:86:f0:01:91:3b:27:62:e0:9f:2f:37:
                    39:d4:71:fb:af:c5:0a:be:99:03:e1:49:ce:08:1b:
                    1f:b1:8d:50:7b:8b:b8:5d:4a:de:f6:8c:c1:4e:a4:
                    d7:ec:d0:e4:92:b6:6a:46:96:51:1b:d4:3d:2f:c3:
                    db:e6:e5:83:ab:ed:28:e2:9b:4b:c0:84:c5:da:05:
                    bd:69:87:35:b8:0b:e9:71:fc:03:86:42:01:ad:4a:
                    fe:dd:65:62:2f:d4:6b:96:d4:19:64:b3:b9:09:ec:
                    eb:6e:98:7f:1a:03:89:84:6c:59:64:7f:96:0c:5b:
                    1a:16:c3:2b:19:49:de:13:c8:9d:44:0e:29:14:b1:
                    e6:a4:51:aa:37:58:29:d4:07:69:e9:c8:38:bc:36:
                    51:e8:d4:a4:9b:0d:51:25:ba:eb:a6:3f:8c:b4:a3:
                    1c:41:9b:dc:50:c8:56:69:8d:3b:cf:c7:1e:7b:54:
                    06:cf:09:0e:3e:75:1b:1c:5c:00:cb:24:a3:09:4b:
                    96:16:20:65:6b:a7:0f:36:30:ba:d3:61:f3:99:9e:
                    16:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B9:91:B4:72:02:8B:BA:76:54:71:5D:03:6A:18:42:3A:24:BF:93
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/pbmRtHICi7p2VHFdA2oYQjokv5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:0e:70:5c:c8:65:cf:e4:5e:7d:6b:b5:be:f3:d3:9b:ae:99:
         a8:27:fc:d4:c6:30:c9:99:ef:84:5c:49:f0:8b:34:a5:46:07:
         af:8b:9c:73:47:73:41:59:e6:0e:1c:45:ee:67:69:c6:38:ce:
         8f:fb:0c:49:95:88:6f:9a:a0:e2:39:e4:31:e6:c6:39:e5:52:
         f0:2d:03:16:81:fb:26:87:20:63:60:98:2f:2f:9a:03:b9:66:
         37:49:13:83:ad:49:06:fa:4d:49:0e:44:fc:eb:4c:0e:4d:b4:
         a9:50:ba:52:5a:6f:4b:55:21:05:ba:fe:9a:f7:0e:22:e4:3e:
         95:ac:79:16:b5:03:75:7e:b0:9b:e5:cb:3b:4e:57:e1:5b:c7:
         6d:03:bf:49:f0:f9:d9:b8:b6:51:96:61:02:ee:df:17:19:eb:
         56:c8:6b:79:73:aa:53:92:11:0a:8b:d9:81:0f:7b:29:fd:43:
         98:79:2a:70:86:17:12:55:1a:fc:36:4b:a4:6e:f2:6e:bd:9d:
         ea:76:f7:c4:46:78:fa:9d:89:26:7d:e8:33:3c:d5:36:64:32:
         c4:5a:9d:2b:3a:f0:99:bc:d7:41:0c:13:db:b2:b2:3c:68:e2:
         b7:92:bc:0c:76:51:fd:33:d6:1d:f4:bd:9c:c0:21:65:3f:70:
         3c:b4:63:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdT8Mc2M4m8W2UlvMRZg3ZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNjA5MDkwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI5OTFiNDcyMDI4YmJhNzY1NDcxNWQwMzZhMTg0MjNhMjRiZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT1/4cZJD+ler0ubIdoqT/ikmr/M
Fdp6rdw1nTDIXoU5KehKY0BcqiOiF9qMgiP3hvABkTsnYuCfLzc51HH7r8UKvpkD
4UnOCBsfsY1Qe4u4XUre9ozBTqTX7NDkkrZqRpZRG9Q9L8Pb5uWDq+0o4ptLwITF
2gW9aYc1uAvpcfwDhkIBrUr+3WViL9RrltQZZLO5Cezrbph/GgOJhGxZZH+WDFsa
FsMrGUneE8idRA4pFLHmpFGqN1gp1Adp6cg4vDZR6NSkmw1RJbrrpj+MtKMcQZvc
UMhWaY07z8cee1QGzwkOPnUbHFwAyySjCUuWFiBla6cPNjC602HzmZ4WWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW5kbRyAou6dlRxXQNqGEI6JL+TMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvcGJtUnRISUNpN3AyVkhGZEEyb1lRam9rdjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCdDnBcyGXP5F59a7W+89ObrpmoJ/zUxjDJme+EXEnw
izSlRgevi5xzR3NBWeYOHEXuZ2nGOM6P+wxJlYhvmqDiOeQx5sY55VLwLQMWgfsm
hyBjYJgvL5oDuWY3SRODrUkG+k1JDkT860wOTbSpULpSWm9LVSEFuv6a9w4i5D6V
rHkWtQN1frCb5cs7TlfhW8dtA79J8PnZuLZRlmEC7t8XGetWyGt5c6pTkhEKi9mB
D3sp/UOYeSpwhhcSVRr8NkukbvJuvZ3qdvfERnj6nYkmfegzPNU2ZDLEWp0rOvCZ
vNdBDBPbsrI8aOK3krwMdlH9M9Yd9L2cwCFlP3A8tGPf
-----END CERTIFICATE-----