Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/ZhWVS_BxzDC-crYvHmP5Jp_0l9w.roa
File:                     ZhWVS_BxzDC-crYvHmP5Jp_0l9w.roa (raw, json)
Hash identifier:          2arBDBURi5cw54gyN2A95A3jd2xSCZuw/tiSOf4SzU4=
Subject key identifier:   66:15:95:4B:F0:71:CC:30:BE:72:B6:2F:1E:63:F9:26:9F:F4:97:DC
Certificate issuer:       /CN=402ca9971d6a5f7e5964bd5a34cb058573c12637
Certificate serial:       01985179FC06BFDFB610ACDF3163672B9DA9
Authority key identifier: 40:2C:A9:97:1D:6A:5F:7E:59:64:BD:5A:34:CB:05:85:73:C1:26:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QCyplx1qX35ZZL1aNMsFhXPBJjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/ZhWVS_BxzDC-crYvHmP5Jp_0l9w.roa
Signing time:             Mon 28 Jul 2025 14:40:05 +0000
ROA not before:           Mon 28 Jul 2025 14:40:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51333
IP address blocks:        31.15.96.0/21 maxlen: 21
                          217.174.128.0/20 maxlen: 20
                          2a0a:bfc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/QCyplx1qX35ZZL1aNMsFhXPBJjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/QCyplx1qX35ZZL1aNMsFhXPBJjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QCyplx1qX35ZZL1aNMsFhXPBJjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:79:fc:06:bf:df:b6:10:ac:df:31:63:67:2b:9d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=402ca9971d6a5f7e5964bd5a34cb058573c12637
        Validity
            Not Before: Jul 28 14:40:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6615954bf071cc30be72b62f1e63f9269ff497dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:16:9d:c9:bb:eb:93:6e:68:58:41:fe:5f:cd:
                    8d:e1:b1:b3:30:03:87:34:e4:55:37:e4:d5:5e:26:
                    a0:63:69:cd:20:5d:2c:d3:08:77:68:57:a3:2b:87:
                    70:55:5d:13:c1:1d:4f:f9:11:92:66:62:87:25:1f:
                    40:94:3c:e0:69:43:14:c4:0d:16:e2:fa:41:cd:37:
                    a7:dd:39:11:e9:41:9f:ed:f5:97:38:10:ca:57:01:
                    30:21:36:76:24:c0:37:59:30:1d:41:a8:08:34:a8:
                    a6:ae:e9:90:de:69:cd:f4:b1:81:48:91:3d:9c:3e:
                    bb:fc:8b:f2:66:f1:6d:1a:71:89:f4:e3:a3:f8:68:
                    34:71:f1:30:f8:59:56:a5:fa:11:74:29:1c:68:55:
                    23:51:c6:69:05:87:e6:14:7b:4d:cc:af:02:2b:3f:
                    0e:8e:e6:4d:52:8f:8f:49:4d:7b:2e:02:38:e4:f2:
                    b9:b8:7c:b0:c4:e8:94:6e:22:06:ee:f2:05:1c:80:
                    e0:c4:90:59:2e:e5:4a:21:ac:72:77:3f:36:8f:9d:
                    33:75:be:ec:bc:55:2d:ca:e8:69:08:11:9b:8d:7e:
                    62:b1:cc:2c:74:8d:fe:31:ee:da:e5:45:9b:6d:d3:
                    02:b4:4a:b2:a0:ba:b5:c4:1a:e4:4f:be:bf:79:7b:
                    8c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:15:95:4B:F0:71:CC:30:BE:72:B6:2F:1E:63:F9:26:9F:F4:97:DC
            X509v3 Authority Key Identifier:
                keyid:40:2C:A9:97:1D:6A:5F:7E:59:64:BD:5A:34:CB:05:85:73:C1:26:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QCyplx1qX35ZZL1aNMsFhXPBJjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/ZhWVS_BxzDC-crYvHmP5Jp_0l9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/78c5f6-0e43-4245-9c70-42385820f8b3/1/QCyplx1qX35ZZL1aNMsFhXPBJjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.96.0/21
                  217.174.128.0/20
                IPv6:
                  2a0a:bfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:aa:bb:b9:53:3d:32:ed:52:e4:ab:a3:56:4b:7a:a3:18:67:
         30:21:80:67:a1:27:88:d3:a3:14:67:15:28:9f:28:8b:7f:3a:
         d3:8a:1c:7b:09:3b:b0:ee:ca:e1:04:ff:48:71:d7:f7:ee:95:
         fb:23:d1:d7:2a:4a:86:03:7b:7a:e4:5b:06:0d:a8:05:dc:7b:
         c7:55:99:39:5a:af:8c:af:0b:48:19:6d:9b:4e:85:5f:4f:3a:
         5e:b6:43:8e:3f:20:3f:31:2a:0b:11:94:bc:ab:e4:64:1b:c3:
         4c:fc:ca:ad:8d:e0:73:f1:a6:3c:73:77:73:25:3f:01:20:42:
         3e:e5:d5:52:32:9c:8b:7c:a8:e8:79:ca:77:09:44:b4:d2:37:
         c8:59:06:3f:c4:30:e0:0f:08:cc:ee:96:a3:d6:e9:47:fa:38:
         94:1b:87:f2:97:1c:d6:c5:af:5b:77:37:05:75:d8:64:c0:b7:
         d8:3a:e6:f6:24:18:6e:d4:80:07:0c:ec:49:87:96:db:3e:ac:
         f1:80:5f:48:da:12:48:26:52:eb:6d:63:5f:4f:b0:ec:3a:3b:
         0c:b4:fb:bb:8c:49:e8:64:cf:9d:1a:b0:38:ac:7b:55:82:3b:
         ec:05:b2:c1:f8:f1:90:bc:ef:89:06:a4:2e:cb:5d:b9:77:ed:
         bc:0a:2b:92
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZhRefwGv9+2EKzfMWNnK52pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMmNhOTk3MWQ2YTVmN2U1OTY0YmQ1YTM0Y2IwNTg1NzNj
MTI2MzcwHhcNMjUwNzI4MTQ0MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjE1OTU0YmYwNzFjYzMwYmU3MmI2MmYxZTYzZjkyNjlmZjQ5N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxadybvrk25oWEH+X82N4bGzMAOH
NORVN+TVXiagY2nNIF0s0wh3aFejK4dwVV0TwR1P+RGSZmKHJR9AlDzgaUMUxA0W
4vpBzTen3TkR6UGf7fWXOBDKVwEwITZ2JMA3WTAdQagINKimrumQ3mnN9LGBSJE9
nD67/IvyZvFtGnGJ9OOj+Gg0cfEw+FlWpfoRdCkcaFUjUcZpBYfmFHtNzK8CKz8O
juZNUo+PSU17LgI45PK5uHywxOiUbiIG7vIFHIDgxJBZLuVKIaxydz82j50zdb7s
vFUtyuhpCBGbjX5iscwsdI3+Me7a5UWbbdMCtEqyoLq1xBrkT76/eXuMVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGYVlUvwccwwvnK2Lx5j+Saf9JfcMB8GA1UdIwQY
MBaAFEAsqZcdal9+WWS9WjTLBYVzwSY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUN5cGx4MXFYMzVaWkwxYU5Nc0ZoWFBCSmpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi83OGM1ZjYtMGU0My00MjQ1LTljNzAt
NDIzODU4MjBmOGIzLzEvWmhXVlNfQnh6REMtY3JZdkhtUDVKcF8wbDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi83OGM1ZjYtMGU0My00MjQ1LTljNzAtNDIzODU4MjBmOGIz
LzEvUUN5cGx4MXFYMzVaWkwxYU5Nc0ZoWFBCSmpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHw9gAwQE
2a6AMA0EAgACMAcDBQMqCr/AMA0GCSqGSIb3DQEBCwUAA4IBAQCpqru5Uz0y7VLk
q6NWS3qjGGcwIYBnoSeI06MUZxUonyiLfzrTihx7CTuw7srhBP9Icdf37pX7I9HX
KkqGA3t65FsGDagF3HvHVZk5Wq+MrwtIGW2bToVfTzpetkOOPyA/MSoLEZS8q+Rk
G8NM/MqtjeBz8aY8c3dzJT8BIEI+5dVSMpyLfKjoecp3CUS00jfIWQY/xDDgDwjM
7paj1ulH+jiUG4fylxzWxa9bdzcFddhkwLfYOub2JBhu1IAHDOxJh5bbPqzxgF9I
2hJIJlLrbWNfT7DsOjsMtPu7jEnoZM+dGrA4rHtVgjvsBbLB+PGQvO+JBqQuy125
d+28CiuS
-----END CERTIFICATE-----