Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/9Lg8t2QKFse3G-CZ2Zp542OLMtA.roa
File:                     9Lg8t2QKFse3G-CZ2Zp542OLMtA.roa (raw, json)
Hash identifier:          pzR3goZKI4C4CrcrTsbbX5Pt3NbXSkxC+j/aqvMv1vw=
Subject key identifier:   F4:B8:3C:B7:64:0A:16:C7:B7:1B:E0:99:D9:9A:79:E3:63:8B:32:D0
Certificate issuer:       /CN=72b88675247ce1865a353f4cef5b2ac288a39698
Certificate serial:       019648224FC094819DC4A204963ADE953702
Authority key identifier: 72:B8:86:75:24:7C:E1:86:5A:35:3F:4C:EF:5B:2A:C2:88:A3:96:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/9Lg8t2QKFse3G-CZ2Zp542OLMtA.roa
Signing time:             Fri 18 Apr 2025 09:02:10 +0000
ROA not before:           Fri 18 Apr 2025 09:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        31.42.191.0/24 maxlen: 24
                          194.61.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:22:4f:c0:94:81:9d:c4:a2:04:96:3a:de:95:37:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b88675247ce1865a353f4cef5b2ac288a39698
        Validity
            Not Before: Apr 18 09:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4b83cb7640a16c7b71be099d99a79e3638b32d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f4:95:30:b2:bc:7c:9a:f1:e9:cb:1d:e4:6d:
                    4b:11:fb:4b:a9:0a:37:8c:55:2c:3d:44:aa:0e:49:
                    60:48:be:ae:ed:b5:e4:a5:2f:ef:5c:c1:73:53:1b:
                    ce:24:bd:c0:e6:a3:4a:9d:83:9c:08:ce:72:ef:ef:
                    e1:fb:55:c9:5d:97:20:5e:45:f9:b8:32:1c:53:72:
                    d4:c2:bd:9c:e0:07:8b:5c:61:18:18:b5:fa:25:0b:
                    0c:00:cc:4f:c6:97:2e:a8:bb:dd:35:0f:12:83:01:
                    f3:78:f6:e6:9f:f5:13:5d:de:31:db:53:70:35:d3:
                    30:a7:8a:69:52:a8:d8:3c:81:ee:a8:e8:b5:07:c3:
                    5a:95:e8:bb:3c:b2:b0:e5:99:ef:fb:75:ab:c1:6b:
                    ce:14:a1:1e:ec:55:86:d4:99:7e:b4:61:ab:61:3d:
                    f6:e1:93:68:7b:4d:a8:07:a1:5c:6c:d6:19:8d:f4:
                    3c:88:23:ec:19:ee:a2:e4:d5:2c:86:88:fd:ae:5a:
                    9d:d8:0e:b0:b5:fb:b2:fd:46:b1:b0:21:f2:63:de:
                    2d:85:8b:69:37:c4:40:4f:4b:d1:a9:66:0a:70:45:
                    97:ee:87:ff:1a:bc:83:26:b3:fd:5d:a6:67:f9:2b:
                    93:99:af:22:7f:d2:72:a0:6c:77:35:78:df:ff:03:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B8:3C:B7:64:0A:16:C7:B7:1B:E0:99:D9:9A:79:E3:63:8B:32:D0
            X509v3 Authority Key Identifier:
                keyid:72:B8:86:75:24:7C:E1:86:5A:35:3F:4C:EF:5B:2A:C2:88:A3:96:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/criGdSR84YZaNT9M71sqwoijlpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/9Lg8t2QKFse3G-CZ2Zp542OLMtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/14dd6e-6773-47ff-8e3b-1137073fa8f6/1/criGdSR84YZaNT9M71sqwoijlpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.191.0/24
                  194.61.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:08:9f:28:6d:ee:15:46:8b:28:8d:bb:f5:47:32:6e:5f:30:
         45:e1:f4:85:3b:6e:45:69:43:d5:9b:0d:25:d5:a1:5a:a0:e2:
         6f:6d:a6:bc:c1:22:ee:a7:b2:59:38:40:84:13:16:b6:6c:4a:
         20:77:a3:b7:59:f5:5d:5b:bb:97:e1:ab:d7:6e:6e:80:2b:3d:
         cb:4a:27:c5:34:36:1c:37:2f:58:03:3c:51:63:21:c2:fb:2f:
         f8:f7:a3:5c:48:ac:6c:0f:1f:8f:c8:76:4e:68:cb:5e:5c:f0:
         a1:34:d4:a7:40:19:47:b5:92:e9:bb:a9:90:06:e4:06:a5:f1:
         3f:20:b2:0f:a5:8d:10:e6:dc:44:00:9f:d4:5b:5f:4e:9f:5c:
         7f:4b:d7:ed:b2:4f:31:a5:99:c5:37:65:a6:e8:e0:a7:e0:65:
         3d:c6:82:fb:bf:0b:e6:bc:e0:64:9a:67:95:b6:8d:4f:3c:d7:
         88:a2:ad:50:30:af:19:74:ce:1d:c8:96:a7:fd:17:ba:95:1e:
         65:13:04:43:15:4a:ed:ba:a8:ab:42:82:33:28:b2:bb:ee:d9:
         9d:71:04:78:65:8b:4a:42:d2:31:be:9a:8e:b6:d1:7d:74:56:
         98:dd:2d:e9:05:8d:91:9e:cb:b7:39:62:39:78:6f:4b:60:b6:
         ea:77:a4:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZIIk/AlIGdxKIEljrelTcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjg4Njc1MjQ3Y2UxODY1YTM1M2Y0Y2VmNWIyYWMyODhh
Mzk2OTgwHhcNMjUwNDE4MDkwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGI4M2NiNzY0MGExNmM3YjcxYmUwOTlkOTlhNzllMzYzOGIzMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfSVMLK8fJrx6csd5G1LEftLqQo3
jFUsPUSqDklgSL6u7bXkpS/vXMFzUxvOJL3A5qNKnYOcCM5y7+/h+1XJXZcgXkX5
uDIcU3LUwr2c4AeLXGEYGLX6JQsMAMxPxpcuqLvdNQ8SgwHzePbmn/UTXd4x21Nw
NdMwp4ppUqjYPIHuqOi1B8Nalei7PLKw5Znv+3WrwWvOFKEe7FWG1Jl+tGGrYT32
4ZNoe02oB6FcbNYZjfQ8iCPsGe6i5NUshoj9rlqd2A6wtfuy/UaxsCHyY94thYtp
N8RAT0vRqWYKcEWX7of/GryDJrP9XaZn+SuTma8if9JyoGx3NXjf/wO+qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPS4PLdkChbHtxvgmdmaeeNjizLQMB8GA1UdIwQY
MBaAFHK4hnUkfOGGWjU/TO9bKsKIo5aYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JpR2RTUjg0WVphTlQ5TTcxc3F3b2lqbHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xNGRkNmUtNjc3My00N2ZmLThlM2It
MTEzNzA3M2ZhOGY2LzEvOUxnOHQyUUtGc2UzRy1DWjJacDU0Mk9MTXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xNGRkNmUtNjc3My00N2ZmLThlM2ItMTEzNzA3M2ZhOGY2
LzEvY3JpR2RTUjg0WVphTlQ5TTcxc3F3b2lqbHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyq/AwQA
wj03MA0GCSqGSIb3DQEBCwUAA4IBAQAdCJ8obe4VRosojbv1RzJuXzBF4fSFO25F
aUPVmw0l1aFaoOJvbaa8wSLup7JZOECEExa2bEogd6O3WfVdW7uX4avXbm6AKz3L
SifFNDYcNy9YAzxRYyHC+y/496NcSKxsDx+PyHZOaMteXPChNNSnQBlHtZLpu6mQ
BuQGpfE/ILIPpY0Q5txEAJ/UW19On1x/S9ftsk8xpZnFN2Wm6OCn4GU9xoL7vwvm
vOBkmmeVto1PPNeIoq1QMK8ZdM4dyJan/Re6lR5lEwRDFUrtuqirQoIzKLK77tmd
cQR4ZYtKQtIxvpqOttF9dFaY3S3pBY2Rnsu3OWI5eG9LYLbqd6Sh
-----END CERTIFICATE-----