Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0k0krNDyOpflPPZPGvkLyVz4rAo.roa
File:                     0k0krNDyOpflPPZPGvkLyVz4rAo.roa (raw, json)
Hash identifier:          GwMNbY1rex9mQlKWhlmm/Zjf/TWbxH780LOZEKJ+xb4=
Subject key identifier:   D2:4D:24:AC:D0:F2:3A:97:E5:3C:F6:4F:1A:F9:0B:C9:5C:F8:AC:0A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01969A9D1FB93A109326F881BF637402A4ED
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0k0krNDyOpflPPZPGvkLyVz4rAo.roa
Signing time:             Sun 04 May 2025 09:25:10 +0000
ROA not before:           Sun 04 May 2025 09:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211114
IP address blocks:        31.57.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:9d:1f:b9:3a:10:93:26:f8:81:bf:63:74:02:a4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  4 09:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d24d24acd0f23a97e53cf64f1af90bc95cf8ac0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:74:df:7a:b4:e6:3f:2c:13:cd:03:b1:22:85:
                    ac:81:76:46:54:40:c3:63:ee:bb:ad:f9:fc:70:32:
                    90:b6:ed:50:0f:78:fe:60:db:dd:6e:fe:aa:a6:7d:
                    ca:2b:dc:ae:a2:4e:7c:86:7b:af:ba:94:8e:d1:13:
                    fd:15:85:ef:14:e8:df:f4:10:5a:bb:28:f1:4e:4f:
                    8b:e4:f9:f1:be:dd:04:99:26:9c:1c:31:cd:e9:fe:
                    33:4a:7e:66:de:57:17:ad:36:ad:9a:65:60:2e:5f:
                    8d:d3:63:2f:14:37:34:50:8c:61:f6:5c:2f:5e:bc:
                    68:b7:8f:47:50:2a:77:6f:41:63:c4:6b:9d:33:4d:
                    23:9e:d0:72:d7:82:d1:c2:0a:45:b7:c9:63:9e:99:
                    e9:5d:14:60:05:cb:55:a8:d4:1c:7b:4f:37:27:b6:
                    ca:fb:6a:97:b0:b3:55:33:48:a3:b4:4a:0c:d0:71:
                    aa:86:fa:65:96:f0:ef:2a:fb:5e:ab:a2:33:bf:e5:
                    ec:75:35:13:96:9c:bf:19:d8:15:f9:c1:fd:51:53:
                    a7:f7:0a:c6:cb:61:e5:9e:ee:4a:fd:bc:d3:1f:71:
                    01:6e:43:29:d3:38:25:6e:fb:91:95:e2:2c:1c:f2:
                    ee:1d:3d:10:49:e5:d6:6b:bd:60:c8:52:37:14:fd:
                    ea:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4D:24:AC:D0:F2:3A:97:E5:3C:F6:4F:1A:F9:0B:C9:5C:F8:AC:0A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0k0krNDyOpflPPZPGvkLyVz4rAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7d:2b:a5:63:b2:9a:18:58:ed:22:7b:34:db:27:51:b1:93:
         59:c9:d7:85:14:09:51:54:3e:b3:2f:ca:23:dd:02:9e:1f:8c:
         d3:68:aa:c7:1c:3a:c4:60:17:72:c5:fc:d9:a6:8d:4b:34:9a:
         a4:ac:f7:4c:97:cd:9f:a4:bf:00:6c:d9:38:da:b4:df:b7:7f:
         7d:54:9e:56:b1:77:cf:3e:86:d6:bc:0d:52:78:ef:a8:cc:79:
         ab:8e:31:fd:c3:ca:5a:e7:0f:a2:10:41:98:45:0f:8a:3d:a0:
         c1:4c:34:bb:4a:e6:6e:ec:de:64:51:82:11:e5:a6:73:00:3a:
         a4:24:8b:e7:71:1a:7f:39:f6:b8:39:7c:fd:fd:9c:4f:d6:dc:
         fa:26:f3:d0:12:51:69:2e:70:59:ff:11:7f:84:5e:fd:7e:ce:
         50:c7:09:2c:d7:cd:d7:f0:95:fe:b9:00:4a:dc:2f:38:c3:bf:
         40:44:5b:b3:66:3e:ca:d9:8d:35:bc:2f:57:a0:e3:28:51:26:
         c0:1b:d3:4b:11:b9:a4:e6:e7:6a:ea:f1:9e:33:67:44:de:bb:
         94:15:a4:c6:1d:b3:db:fd:cb:d3:00:94:50:6c:9b:d8:d0:0b:
         fb:f7:b9:18:d0:bd:36:00:f3:25:af:b6:c5:72:19:bf:e8:44:
         c6:17:70:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaanR+5OhCTJviBv2N0AqTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA0MDkyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjRkMjRhY2QwZjIzYTk3ZTUzY2Y2NGYxYWY5MGJjOTVjZjhhYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHTferTmPywTzQOxIoWsgXZGVEDD
Y+67rfn8cDKQtu1QD3j+YNvdbv6qpn3KK9yuok58hnuvupSO0RP9FYXvFOjf9BBa
uyjxTk+L5Pnxvt0EmSacHDHN6f4zSn5m3lcXrTatmmVgLl+N02MvFDc0UIxh9lwv
Xrxot49HUCp3b0FjxGudM00jntBy14LRwgpFt8ljnpnpXRRgBctVqNQce083J7bK
+2qXsLNVM0ijtEoM0HGqhvpllvDvKvteq6Izv+XsdTUTlpy/GdgV+cH9UVOn9wrG
y2Hlnu5K/bzTH3EBbkMp0zglbvuRleIsHPLuHT0QSeXWa71gyFI3FP3qBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJNJKzQ8jqX5Tz2Txr5C8lc+KwKMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMGswa3JORHlPcGZsUFBaUEd2a0x5Vno0ckFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznhMA0G
CSqGSIb3DQEBCwUAA4IBAQAefSulY7KaGFjtIns02ydRsZNZydeFFAlRVD6zL8oj
3QKeH4zTaKrHHDrEYBdyxfzZpo1LNJqkrPdMl82fpL8AbNk42rTft399VJ5WsXfP
PobWvA1SeO+ozHmrjjH9w8pa5w+iEEGYRQ+KPaDBTDS7SuZu7N5kUYIR5aZzADqk
JIvncRp/Ofa4OXz9/ZxP1tz6JvPQElFpLnBZ/xF/hF79fs5Qxwks183X8JX+uQBK
3C84w79ARFuzZj7K2Y01vC9XoOMoUSbAG9NLEbmk5udq6vGeM2dE3ruUFaTGHbPb
/cvTAJRQbJvY0Av797kY0L02APMlr7bFchm/6ETGF3Bg
-----END CERTIFICATE-----