Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/D8-tg2HFfaxtzWtLFVQ2_Tw33X4.roa
File:                     D8-tg2HFfaxtzWtLFVQ2_Tw33X4.roa (raw, json)
Hash identifier:          W0yzlxsbtTJh4rdHCOnewjEeTldRIygMs+3n84CIFt0=
Subject key identifier:   0F:CF:AD:83:61:C5:7D:AC:6D:CD:6B:4B:15:54:36:FD:3C:37:DD:7E
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01985FA95376E2D794AFD5A9305C94410FCE
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/D8-tg2HFfaxtzWtLFVQ2_Tw33X4.roa
Signing time:             Thu 31 Jul 2025 08:46:29 +0000
ROA not before:           Thu 31 Jul 2025 08:46:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.0.0/20 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.17.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          46.19.64.0/22 maxlen: 24
                          81.200.144.0/21 maxlen: 24
                          94.198.216.0/22 maxlen: 24
                          141.98.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:a9:53:76:e2:d7:94:af:d5:a9:30:5c:94:41:0f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jul 31 08:46:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fcfad8361c57dac6dcd6b4b155436fd3c37dd7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f7:03:79:46:2f:af:64:79:52:83:f1:7c:1f:
                    24:71:2e:45:ff:6f:81:d8:f9:22:b4:9b:93:c6:d0:
                    88:b9:e2:50:d1:63:d6:87:e3:f1:99:1b:0e:31:fd:
                    76:df:2d:5e:cf:68:6a:83:ff:e5:ca:85:6e:6f:df:
                    e1:9f:2a:1e:cf:23:1c:bb:9f:51:20:79:b4:2f:0e:
                    ca:87:a3:c9:7b:30:83:f4:a3:84:17:e5:59:2e:1b:
                    07:95:0e:e9:d4:f6:ae:4c:b1:13:0e:ef:76:72:18:
                    4c:98:33:45:92:d0:c8:cb:4f:42:a2:ce:17:9f:75:
                    e1:53:19:13:f9:37:bf:97:36:13:ad:22:a3:b4:e8:
                    4b:85:83:e2:a9:a4:d9:1b:7c:2d:83:ae:18:80:05:
                    cd:29:ec:58:3a:48:4b:88:c7:cf:4f:c7:12:d2:ea:
                    b2:31:30:3f:80:94:d5:13:04:12:cf:77:f0:02:7c:
                    6a:56:de:96:a4:dd:cc:1d:dd:7d:c1:99:5c:7c:29:
                    30:89:0c:ac:bb:1d:71:0e:1a:57:5c:05:3b:79:9f:
                    01:4a:c0:49:3c:a0:fa:fb:9e:b0:24:c1:cd:3b:11:
                    ba:d2:fa:02:d4:9f:94:e9:50:3f:f4:0a:d5:42:91:
                    9d:57:16:94:31:65:b4:4e:45:e8:ea:30:2b:82:8d:
                    ca:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CF:AD:83:61:C5:7D:AC:6D:CD:6B:4B:15:54:36:FD:3C:37:DD:7E
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/D8-tg2HFfaxtzWtLFVQ2_Tw33X4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.20.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  46.19.64.0/22
                  81.200.144.0/21
                  94.198.216.0/22
                  141.98.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:27:ea:c5:69:17:ee:bf:92:57:8c:cd:24:d7:a2:1b:6b:c7:
         e6:03:1d:fc:3e:92:5a:06:71:1b:2e:ba:88:2e:72:53:10:d1:
         17:5f:e2:40:3f:73:dc:51:20:65:5f:82:1b:a5:8c:35:61:c0:
         f7:8b:08:f9:6f:da:81:48:0d:f1:e8:24:cb:e2:eb:4c:7c:7d:
         c0:b5:6f:0b:35:33:8a:b8:97:0d:56:e9:1e:eb:b9:8d:f6:e6:
         4c:c8:cd:ea:b9:08:1e:fe:b1:42:ef:40:a4:8d:17:a9:eb:ae:
         39:d8:0b:29:fe:bc:c6:62:94:b1:7e:59:f5:2e:0d:e1:76:d1:
         d2:69:74:13:a7:47:06:25:ba:4b:7f:0e:99:56:55:6d:b1:f3:
         2a:b4:28:10:f7:25:d4:78:e0:02:dd:d8:24:11:61:3b:d0:f3:
         2b:da:46:15:a6:9a:12:66:7e:32:49:af:68:e3:2d:57:e3:8b:
         18:91:b3:ed:8f:f3:5e:ff:97:53:bd:e3:9d:b4:f5:10:55:b2:
         92:55:b3:11:8a:9a:4f:99:a1:d5:22:21:68:8e:57:44:4b:8b:
         81:8a:72:81:4a:71:11:b3:29:f4:8e:9a:56:a6:01:3a:ee:59:
         a6:81:b3:d6:a0:33:5d:66:6e:6e:d0:6f:fc:4a:97:e5:a1:71:
         b3:69:a5:e8
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZhfqVN24teUr9WpMFyUQQ/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjUwNzMxMDg0NjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNmYWQ4MzYxYzU3ZGFjNmRjZDZiNGIxNTU0MzZmZDNjMzdkZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/cDeUYvr2R5UoPxfB8kcS5F/2+B
2PkitJuTxtCIueJQ0WPWh+PxmRsOMf123y1ez2hqg//lyoVub9/hnyoezyMcu59R
IHm0Lw7Kh6PJezCD9KOEF+VZLhsHlQ7p1PauTLETDu92chhMmDNFktDIy09Cos4X
n3XhUxkT+Te/lzYTrSKjtOhLhYPiqaTZG3wtg64YgAXNKexYOkhLiMfPT8cS0uqy
MTA/gJTVEwQSz3fwAnxqVt6WpN3MHd19wZlcfCkwiQysux1xDhpXXAU7eZ8BSsBJ
PKD6+56wJMHNOxG60voC1J+U6VA/9ArVQpGdVxaUMWW0TkXo6jArgo3KyQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFA/PrYNhxX2sbc1rSxVUNv08N91+MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvRDgtdGcySEZmYXh0eld0TEZWUTJfVHczM1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAATA5MAsDAwAfgQME
AB+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQCLhNAAwQDUciQAwQCXsbYAwQAjWLq
MA0GCSqGSIb3DQEBCwUAA4IBAQA3J+rFaRfuv5JXjM0k16Iba8fmAx38PpJaBnEb
LrqILnJTENEXX+JAP3PcUSBlX4IbpYw1YcD3iwj5b9qBSA3x6CTL4utMfH3AtW8L
NTOKuJcNVuke67mN9uZMyM3quQge/rFC70CkjRep66452Asp/rzGYpSxfln1Lg3h
dtHSaXQTp0cGJbpLfw6ZVlVtsfMqtCgQ9yXUeOAC3dgkEWE70PMr2kYVppoSZn4y
Sa9o4y1X44sYkbPtj/Ne/5dTveOdtPUQVbKSVbMRippPmaHVIiFojldES4uBinKB
SnERsyn0jppWpgE67lmmgbPWoDNdZm5u0G/8SpfloXGzaaXo
-----END CERTIFICATE-----
Generated at Wed Aug 6 10:11:56 2025 by rpki-client