Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/eRG91sI4OxgJ5Ftj11HHCdo0lp4.roa
File:                     eRG91sI4OxgJ5Ftj11HHCdo0lp4.roa (raw, json)
Hash identifier:          XcHiB6tZLyMWY77AGAaJ1ywYGGueBg3m4NiJeGQTKn0=
Subject key identifier:   79:11:BD:D6:C2:38:3B:18:09:E4:5B:63:D7:51:C7:09:DA:34:96:9E
Certificate issuer:       /CN=290818f4df4a6bd125d5f22124145a69f5b6a34c
Certificate serial:       01975DE59A44B0B70D628F0190BF8789DC83
Authority key identifier: 29:08:18:F4:DF:4A:6B:D1:25:D5:F2:21:24:14:5A:69:F5:B6:A3:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQgY9N9Ka9El1fIhJBRaafW2o0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/eRG91sI4OxgJ5Ftj11HHCdo0lp4.roa
Signing time:             Wed 11 Jun 2025 07:30:17 +0000
ROA not before:           Wed 11 Jun 2025 07:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56682
IP address blocks:        31.192.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/KQgY9N9Ka9El1fIhJBRaafW2o0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/KQgY9N9Ka9El1fIhJBRaafW2o0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQgY9N9Ka9El1fIhJBRaafW2o0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:e5:9a:44:b0:b7:0d:62:8f:01:90:bf:87:89:dc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=290818f4df4a6bd125d5f22124145a69f5b6a34c
        Validity
            Not Before: Jun 11 07:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7911bdd6c2383b1809e45b63d751c709da34969e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3b:42:c6:ef:37:38:0c:93:86:c2:54:a5:1e:
                    19:54:b0:ec:43:cf:2e:16:37:d4:2e:54:b3:c4:50:
                    f2:d5:fd:fa:e9:de:b8:21:ac:59:ea:0d:db:17:da:
                    3a:15:c6:4a:e6:30:a9:aa:4e:65:d8:0e:67:bf:f7:
                    ad:35:81:62:37:89:a8:18:ef:0c:51:67:3e:b6:41:
                    99:c2:43:d9:c4:3d:3a:92:f2:12:bf:58:6a:f0:04:
                    26:7e:07:74:b2:ae:7a:ef:c1:70:2d:be:e3:b0:34:
                    df:c5:9a:d3:95:b1:66:28:43:f1:3e:cc:1d:07:c9:
                    73:82:92:69:4e:f4:a5:11:58:f1:0b:a8:34:92:34:
                    97:14:ff:99:71:95:f5:5f:e5:fc:a1:2b:d5:24:3a:
                    1f:2c:23:a0:1f:ca:9d:2f:10:1b:25:4d:86:31:20:
                    21:60:2f:6f:06:8e:c0:f5:e6:02:6e:f7:60:0c:34:
                    94:07:9d:16:50:2c:75:c6:84:56:1f:cf:58:b8:3f:
                    6a:8e:b4:6f:7c:5b:10:a1:f9:a8:96:5f:3c:26:e1:
                    ee:73:f2:88:67:93:8e:4b:a7:c0:db:da:50:f3:5e:
                    23:75:50:54:f3:65:0a:0a:20:96:f3:07:a6:92:45:
                    a8:4a:9b:f0:7e:4d:8a:f0:7f:e1:11:ef:0a:87:01:
                    f9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:11:BD:D6:C2:38:3B:18:09:E4:5B:63:D7:51:C7:09:DA:34:96:9E
            X509v3 Authority Key Identifier:
                keyid:29:08:18:F4:DF:4A:6B:D1:25:D5:F2:21:24:14:5A:69:F5:B6:A3:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQgY9N9Ka9El1fIhJBRaafW2o0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/eRG91sI4OxgJ5Ftj11HHCdo0lp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e57efb-861b-4931-88d3-dd973da42721/1/KQgY9N9Ka9El1fIhJBRaafW2o0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:32:0c:34:83:dc:9d:5c:cc:c1:30:a3:45:d9:10:b3:12:96:
         69:82:22:74:1e:a2:ee:03:41:03:91:e2:97:3d:54:5c:74:7a:
         16:92:3d:f1:db:54:ec:6c:ab:aa:c3:03:95:71:72:c4:b2:85:
         44:e6:7a:1e:7c:e5:c5:42:ec:ec:1a:8f:c6:9e:2b:ee:21:9a:
         8b:ed:0d:46:44:bb:70:16:b7:56:82:e3:77:ac:74:7e:92:63:
         f6:1a:c5:d4:f9:7a:68:ef:09:41:f7:20:2a:b7:4f:a7:b4:e3:
         61:70:31:b1:cc:b1:19:9e:67:9a:77:ef:34:68:66:f5:41:58:
         56:ba:ba:fc:b1:b4:7d:9c:fa:84:a8:bf:27:e1:34:93:9f:98:
         e5:db:31:90:68:3f:5c:dc:d0:65:4a:cf:4f:f1:49:de:6b:6a:
         06:8b:0e:fb:c0:e2:30:d7:c3:7b:3c:39:a9:63:ab:65:08:cf:
         0d:57:c3:a0:c1:09:87:d9:f2:db:96:1c:1b:bd:c1:b4:00:08:
         12:b0:3d:85:f5:ed:6c:bc:b6:7d:b8:fe:f9:38:67:b4:89:61:
         72:bf:2e:d5:54:22:b9:8b:3d:1a:ca:87:70:ad:24:37:e5:56:
         bf:ef:62:cd:39:6d:21:b7:48:9f:26:91:b8:bc:21:8f:d8:fc:
         0f:44:ad:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdd5ZpEsLcNYo8BkL+HidyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDgxOGY0ZGY0YTZiZDEyNWQ1ZjIyMTI0MTQ1YTY5ZjVi
NmEzNGMwHhcNMjUwNjExMDczMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTExYmRkNmMyMzgzYjE4MDllNDViNjNkNzUxYzcwOWRhMzQ5NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDtCxu83OAyThsJUpR4ZVLDsQ88u
FjfULlSzxFDy1f366d64IaxZ6g3bF9o6FcZK5jCpqk5l2A5nv/etNYFiN4moGO8M
UWc+tkGZwkPZxD06kvISv1hq8AQmfgd0sq5678FwLb7jsDTfxZrTlbFmKEPxPswd
B8lzgpJpTvSlEVjxC6g0kjSXFP+ZcZX1X+X8oSvVJDofLCOgH8qdLxAbJU2GMSAh
YC9vBo7A9eYCbvdgDDSUB50WUCx1xoRWH89YuD9qjrRvfFsQofmoll88JuHuc/KI
Z5OOS6fA29pQ814jdVBU82UKCiCW8wemkkWoSpvwfk2K8H/hEe8KhwH5+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkRvdbCODsYCeRbY9dRxwnaNJaeMB8GA1UdIwQY
MBaAFCkIGPTfSmvRJdXyISQUWmn1tqNMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FnWTlOOUthOUVsMWZJaEpCUmFhZlcybzB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9lNTdlZmItODYxYi00OTMxLTg4ZDMt
ZGQ5NzNkYTQyNzIxLzEvZVJHOTFzSTRPeGdKNUZ0ajExSEhDZG8wbHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9lNTdlZmItODYxYi00OTMxLTg4ZDMtZGQ5NzNkYTQyNzIx
LzEvS1FnWTlOOUthOUVsMWZJaEpCUmFhZlcybzB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH8DYMA0G
CSqGSIb3DQEBCwUAA4IBAQCIMgw0g9ydXMzBMKNF2RCzEpZpgiJ0HqLuA0EDkeKX
PVRcdHoWkj3x21TsbKuqwwOVcXLEsoVE5noefOXFQuzsGo/GnivuIZqL7Q1GRLtw
FrdWguN3rHR+kmP2GsXU+Xpo7wlB9yAqt0+ntONhcDGxzLEZnmead+80aGb1QVhW
urr8sbR9nPqEqL8n4TSTn5jl2zGQaD9c3NBlSs9P8Unea2oGiw77wOIw18N7PDmp
Y6tlCM8NV8OgwQmH2fLblhwbvcG0AAgSsD2F9e1svLZ9uP75OGe0iWFyvy7VVCK5
iz0ayodwrSQ35Va/72LNOW0ht0ifJpG4vCGP2PwPRK0v
-----END CERTIFICATE-----