Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3f2wtu-IQpgt4oV8rCPRAG7VJXE.roa
File:                     3f2wtu-IQpgt4oV8rCPRAG7VJXE.roa (raw, json)
Hash identifier:          ZmGT9aljVplfpIxepQkBV5QMMFocZ2/PU2aRIXpTRog=
Subject key identifier:   DD:FD:B0:B6:EF:88:42:98:2D:E2:85:7C:AC:23:D1:00:6E:D5:25:71
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01969A043C5ECF079C0B94631DC3D3B2E655
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3f2wtu-IQpgt4oV8rCPRAG7VJXE.roa
Signing time:             Sun 04 May 2025 06:38:10 +0000
ROA not before:           Sun 04 May 2025 06:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216155
IP address blocks:        31.56.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:04:3c:5e:cf:07:9c:0b:94:63:1d:c3:d3:b2:e6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  4 06:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddfdb0b6ef8842982de2857cac23d1006ed52571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4e:15:e5:5d:9c:ff:69:9e:83:4e:d3:31:92:
                    f8:0d:ac:f0:7d:b2:d7:06:03:ce:77:05:14:26:71:
                    11:5e:04:35:76:38:19:50:70:4f:ec:ac:a7:fd:b3:
                    77:c1:ee:86:ab:7e:b9:25:e0:90:68:af:41:e9:93:
                    98:e9:43:15:8e:ce:f8:3e:13:db:fa:66:0a:9e:33:
                    41:d1:70:bd:a2:74:0d:40:e5:da:92:e6:79:25:ad:
                    c7:a3:b9:e7:59:7d:fd:bc:e7:09:1b:02:1c:3d:e7:
                    08:29:1e:6f:dc:dc:61:71:c8:8a:a3:75:04:ae:81:
                    c0:dd:3e:1e:b3:6a:13:5f:03:79:0b:46:e8:d0:1e:
                    8e:72:fa:93:f4:48:ce:ec:18:ba:28:cf:1f:5f:01:
                    b2:a1:d1:00:e6:31:8e:32:b2:7b:aa:b8:50:2b:10:
                    e4:b1:7b:1d:50:77:8a:93:e6:1b:2a:ba:90:99:99:
                    05:4f:f4:5d:04:93:1c:88:9d:fd:45:37:47:37:c2:
                    aa:fe:14:d8:d1:34:e5:a3:af:c3:9d:7a:e1:54:05:
                    89:cb:ce:76:5d:26:87:10:1a:4e:47:af:41:22:87:
                    c7:af:ed:23:d8:00:25:0c:98:fb:00:ec:07:ac:d4:
                    97:06:20:ff:9d:b6:57:4e:90:be:5f:e2:83:71:4d:
                    64:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FD:B0:B6:EF:88:42:98:2D:E2:85:7C:AC:23:D1:00:6E:D5:25:71
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3f2wtu-IQpgt4oV8rCPRAG7VJXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:de:b4:58:e7:ba:bd:5a:b6:18:ec:63:2d:ba:7b:3f:74:23:
         fc:b1:40:6d:c6:b2:b7:a8:0a:2c:f5:45:ee:9e:c5:8b:ec:f2:
         89:8e:03:8a:fe:e5:14:c8:04:6d:98:49:d2:d7:c3:e6:14:75:
         23:17:51:ce:8c:24:99:ba:42:97:ed:9d:ef:04:d9:a0:e6:67:
         61:10:0a:b9:89:2c:37:03:df:04:c0:ec:6a:16:2f:c9:1f:4d:
         ae:a5:20:d5:9a:34:9b:9f:f5:7e:75:e7:83:a0:15:33:2c:58:
         09:9f:07:43:c6:39:75:93:e3:dc:5c:ad:4a:99:76:df:85:f2:
         14:86:70:86:4b:73:0b:93:34:4a:bc:47:a3:87:26:d4:98:6d:
         8b:fd:59:8b:2b:cb:9c:56:63:75:95:7d:06:60:ae:47:4d:06:
         28:85:7e:60:22:be:e7:1b:97:e1:a0:38:d6:38:bf:d4:47:7a:
         ea:07:48:94:cb:d9:26:6e:2e:9c:c1:07:8b:f2:a9:59:ec:88:
         6c:68:67:14:c3:e1:71:5c:a9:9b:e5:c1:0a:00:b7:7f:0e:10:
         99:75:3c:ba:7b:1f:0e:df:b6:28:77:3e:6b:5b:ad:71:a8:9d:
         2f:d4:da:77:c4:19:a5:92:99:ca:e6:44:1c:e8:7c:86:e1:44:
         53:89:80:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaaBDxezwecC5RjHcPTsuZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA0MDYzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZkYjBiNmVmODg0Mjk4MmRlMjg1N2NhYzIzZDEwMDZlZDUyNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk4V5V2c/2meg07TMZL4DazwfbLX
BgPOdwUUJnERXgQ1djgZUHBP7Kyn/bN3we6Gq365JeCQaK9B6ZOY6UMVjs74PhPb
+mYKnjNB0XC9onQNQOXakuZ5Ja3Ho7nnWX39vOcJGwIcPecIKR5v3NxhcciKo3UE
roHA3T4es2oTXwN5C0bo0B6OcvqT9EjO7Bi6KM8fXwGyodEA5jGOMrJ7qrhQKxDk
sXsdUHeKk+YbKrqQmZkFT/RdBJMciJ39RTdHN8Kq/hTY0TTlo6/DnXrhVAWJy852
XSaHEBpOR69BIofHr+0j2AAlDJj7AOwHrNSXBiD/nbZXTpC+X+KDcU1kdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN39sLbviEKYLeKFfKwj0QBu1SVxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM2Yyd3R1LUlRcGd0NG9WOHJDUFJBRzdWSlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjpMA0G
CSqGSIb3DQEBCwUAA4IBAQA23rRY57q9WrYY7GMtuns/dCP8sUBtxrK3qAos9UXu
nsWL7PKJjgOK/uUUyARtmEnS18PmFHUjF1HOjCSZukKX7Z3vBNmg5mdhEAq5iSw3
A98EwOxqFi/JH02upSDVmjSbn/V+deeDoBUzLFgJnwdDxjl1k+PcXK1KmXbfhfIU
hnCGS3MLkzRKvEejhybUmG2L/VmLK8ucVmN1lX0GYK5HTQYohX5gIr7nG5fhoDjW
OL/UR3rqB0iUy9kmbi6cwQeL8qlZ7IhsaGcUw+FxXKmb5cEKALd/DhCZdTy6ex8O
37Yodz5rW61xqJ0v1Np3xBmlkpnK5kQc6HyG4URTiYAQ
-----END CERTIFICATE-----