Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/v4-Es1Kwp5EvyY2ian59bv_yZR4.roa
File:                     v4-Es1Kwp5EvyY2ian59bv_yZR4.roa (raw, json)
Hash identifier:          dInoXwT69P80+5Zt0K7jQxUhAfqmo2mQHLpFYWRuEQg=
Subject key identifier:   BF:8F:84:B3:52:B0:A7:91:2F:C9:8D:A2:6A:7E:7D:6E:FF:F2:65:1E
Certificate issuer:       /CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
Certificate serial:       0198016EB3722F7EB324F3F8088BFA6C5B34
Authority key identifier: 34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/v4-Es1Kwp5EvyY2ian59bv_yZR4.roa
Signing time:             Sun 13 Jul 2025 01:38:08 +0000
ROA not before:           Sun 13 Jul 2025 01:38:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54014
IP address blocks:        31.132.36.0/22 maxlen: 24
                          2a0c:8541::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:01:6e:b3:72:2f:7e:b3:24:f3:f8:08:8b:fa:6c:5b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
        Validity
            Not Before: Jul 13 01:38:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8f84b352b0a7912fc98da26a7e7d6efff2651e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:13:17:9a:0d:ee:01:dd:08:2d:94:a5:3e:8a:
                    ba:4c:a2:24:e4:d0:f0:1e:16:a2:71:b6:b0:04:17:
                    2e:54:fc:32:24:18:18:2c:b1:06:56:51:e0:a6:94:
                    53:f3:1c:39:ae:16:25:7c:b4:4a:1b:8b:8b:ad:3c:
                    66:6b:cd:f1:b2:3f:bd:06:b3:ab:0e:f8:49:f3:4c:
                    78:1b:9f:7c:73:a6:22:f0:25:df:54:47:8a:68:0b:
                    5b:5b:6b:2a:eb:a8:1a:d2:19:b9:4a:58:67:ae:e3:
                    0e:70:29:f6:9c:57:f4:de:8f:c4:16:bb:0e:d5:1c:
                    a7:4e:56:a2:1f:e1:f4:78:e0:5f:97:12:df:26:b6:
                    b2:21:5f:9e:66:59:fe:bb:99:b5:89:ec:b8:67:9b:
                    ac:15:26:b0:0b:8e:95:68:7d:69:65:dc:2f:69:c5:
                    0d:1e:a7:83:19:2b:0c:dd:ee:e2:2f:d6:2d:42:d5:
                    6f:da:62:14:cb:ff:94:40:89:bc:63:c7:15:d8:a6:
                    6a:2e:9c:cb:52:20:70:9a:0b:a7:8c:46:69:9f:17:
                    a3:d2:ac:75:ae:fb:1b:fa:c1:92:c6:32:22:7c:28:
                    e2:c0:d8:4d:be:7c:04:0a:7f:61:d0:cb:77:24:fc:
                    90:ae:c6:1a:12:c5:22:05:86:3b:5f:59:86:ac:21:
                    53:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8F:84:B3:52:B0:A7:91:2F:C9:8D:A2:6A:7E:7D:6E:FF:F2:65:1E
            X509v3 Authority Key Identifier:
                keyid:34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/v4-Es1Kwp5EvyY2ian59bv_yZR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.36.0/22
                IPv6:
                  2a0c:8541::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:dc:e2:e2:60:e3:02:5c:d7:04:00:26:9a:70:16:07:46:bf:
         9c:4c:61:76:bd:f2:c0:5a:39:49:45:80:2d:d9:c6:08:10:03:
         73:3c:03:cb:52:af:d3:0e:4f:ef:42:ee:23:a4:36:25:7e:fa:
         da:0a:99:31:88:6e:c3:c9:11:0d:64:5d:4b:10:e9:0d:ea:5b:
         48:16:84:f2:72:fb:42:00:05:2e:a3:67:32:55:67:45:f3:b1:
         64:8b:63:23:d0:4f:5d:54:cb:07:f3:4c:60:5b:fc:9e:9e:41:
         87:a7:52:9e:7e:45:04:75:40:80:93:c8:69:d3:41:9a:09:92:
         10:46:76:b1:12:9a:d8:a3:11:cb:0d:4a:9c:77:f6:f5:71:b3:
         07:af:47:92:e2:7b:9f:24:e6:27:4e:e8:ac:9d:50:5b:d6:67:
         ab:13:77:c8:9b:eb:12:70:d6:fe:bd:36:78:b5:89:ad:10:fa:
         76:73:07:c3:78:f4:62:36:f8:ef:8d:1a:e6:94:4c:23:35:bd:
         51:62:10:0e:86:ea:96:a7:e5:c8:d5:70:b0:21:11:28:02:bb:
         d3:96:c1:2e:37:7b:6d:e5:37:47:6a:e4:e4:de:8e:9e:f6:84:
         92:1c:55:18:87:a0:83:2f:f8:8a:ef:59:db:04:0a:52:da:b5:
         eb:fa:61:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgBbrNyL36zJPP4CIv6bFs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDdhMzA0MjgyNTRjOTk3MGZjZmJkZmZlZjA2YjBkNmI0
OTBmMGUwHhcNMjUwNzEzMDEzODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhmODRiMzUyYjBhNzkxMmZjOThkYTI2YTdlN2Q2ZWZmZjI2NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xMXmg3uAd0ILZSlPoq6TKIk5NDw
HhaicbawBBcuVPwyJBgYLLEGVlHgppRT8xw5rhYlfLRKG4uLrTxma83xsj+9BrOr
DvhJ80x4G598c6Yi8CXfVEeKaAtbW2sq66ga0hm5SlhnruMOcCn2nFf03o/EFrsO
1RynTlaiH+H0eOBflxLfJrayIV+eZln+u5m1iey4Z5usFSawC46VaH1pZdwvacUN
HqeDGSsM3e7iL9YtQtVv2mIUy/+UQIm8Y8cV2KZqLpzLUiBwmgunjEZpnxej0qx1
rvsb+sGSxjIifCjiwNhNvnwECn9h0Mt3JPyQrsYaEsUiBYY7X1mGrCFTgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL+PhLNSsKeRL8mNomp+fW7/8mUeMB8GA1UdIwQY
MBaAFDRHowQoJUyZcPz73/7waw1rSQ8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAt
YmRlMDI4YWQ1OTMwLzEvdjQtRXMxS3dwNUV2eVkyaWFuNTlidl95WlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAtYmRlMDI4YWQ1OTMw
LzEvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCH4QkMA0E
AgACMAcDBQAqDIVBMA0GCSqGSIb3DQEBCwUAA4IBAQBH3OLiYOMCXNcEACaacBYH
Rr+cTGF2vfLAWjlJRYAt2cYIEANzPAPLUq/TDk/vQu4jpDYlfvraCpkxiG7DyREN
ZF1LEOkN6ltIFoTycvtCAAUuo2cyVWdF87Fki2Mj0E9dVMsH80xgW/yenkGHp1Ke
fkUEdUCAk8hp00GaCZIQRnaxEprYoxHLDUqcd/b1cbMHr0eS4nufJOYnTuisnVBb
1merE3fIm+sScNb+vTZ4tYmtEPp2cwfDePRiNvjvjRrmlEwjNb1RYhAOhuqWp+XI
1XCwIREoArvTlsEuN3tt5TdHauTk3o6e9oSSHFUYh6CDL/iK71nbBApS2rXr+mGp
-----END CERTIFICATE-----