Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4c5-d6Ri7-QmpcSSjjM5d0cSSmo.roa
File:                     4c5-d6Ri7-QmpcSSjjM5d0cSSmo.roa (raw, json)
Hash identifier:          HEPqxOLRytP8H7PaAEAX/V9ek+ySwX6rMmmH2Wp//UA=
Subject key identifier:   E1:CE:7E:77:A4:62:EF:E4:26:A5:C4:92:8E:33:39:77:47:12:4A:6A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197A5F141B50C0B77273D90E6491B0DD911
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4c5-d6Ri7-QmpcSSjjM5d0cSSmo.roa
Signing time:             Wed 25 Jun 2025 07:15:41 +0000
ROA not before:           Wed 25 Jun 2025 07:15:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        31.58.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 06:19:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a5:f1:41:b5:0c:0b:77:27:3d:90:e6:49:1b:0d:d9:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 25 07:15:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1ce7e77a462efe426a5c4928e33397747124a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:de:0a:02:30:bb:57:d3:de:32:7b:89:bb:29:
                    82:b1:bd:26:8d:c9:4b:a3:80:97:11:de:1c:0e:91:
                    b0:93:70:7a:35:66:94:80:2b:20:25:e5:e7:50:51:
                    5e:ec:51:6c:a4:f7:50:84:ae:30:e1:fb:d3:8c:44:
                    55:28:ea:1a:57:fd:c0:b1:62:e7:d3:02:00:23:89:
                    47:2c:f9:68:2d:4d:30:89:23:49:9f:0d:c8:de:02:
                    fd:80:9e:94:30:40:7c:dd:4b:1d:fb:02:df:72:e7:
                    09:79:7a:c9:ca:19:6f:d8:8b:ae:02:fe:f8:44:85:
                    35:46:3a:98:b7:8e:9e:c9:1c:6b:8b:52:52:62:7a:
                    3e:88:7f:45:85:41:ee:a6:a0:b5:08:2b:3f:48:a1:
                    9d:86:8a:c5:bc:1c:8e:bc:e1:d1:32:6d:2c:6b:b2:
                    48:33:70:e3:3f:10:41:16:0b:e7:8b:77:2d:68:be:
                    e5:e4:ee:31:1d:4c:ac:a2:d8:f2:f9:76:4d:dd:95:
                    56:2c:55:db:de:cf:19:b8:06:c4:f2:85:90:92:35:
                    1c:f8:ba:01:f0:73:b0:4c:48:7a:8e:d1:5a:c5:57:
                    30:a1:d5:f5:44:78:b5:9a:56:61:27:4d:44:db:61:
                    18:7c:e2:89:3e:4e:e9:f2:d1:d0:d8:d1:50:8a:4d:
                    20:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CE:7E:77:A4:62:EF:E4:26:A5:C4:92:8E:33:39:77:47:12:4A:6A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4c5-d6Ri7-QmpcSSjjM5d0cSSmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:f4:f9:52:8a:27:d6:fb:de:9a:d0:d6:6b:36:53:0b:f6:a3:
         76:80:a8:bc:8e:a2:99:3a:3b:b6:6a:b5:03:c6:05:c0:08:d4:
         07:aa:86:62:27:be:8d:4e:31:0b:df:68:7f:27:aa:55:2f:14:
         83:85:13:b1:5a:8b:ea:79:48:6e:b3:ef:37:ff:cb:bd:64:d7:
         dd:2e:84:80:ab:09:25:49:aa:76:98:d5:ba:fd:7b:03:9a:c7:
         c7:34:4e:cb:20:dd:0a:65:4c:a0:8d:33:e3:30:75:b0:62:52:
         97:99:17:66:0c:da:e9:1f:83:44:12:da:f4:1d:e8:14:bd:45:
         57:07:a1:72:b3:9b:cc:fd:19:30:27:27:d6:32:eb:ea:4b:4f:
         a6:d9:37:94:65:48:5d:9f:06:92:5f:87:96:29:02:2d:2a:a1:
         1f:4f:05:ad:55:84:5e:de:2d:44:d0:0d:80:fa:6d:52:28:c1:
         e4:a5:b6:48:cc:72:04:bb:ac:d3:ac:54:e6:73:76:72:ca:d4:
         18:f3:c0:ce:c9:ba:22:15:e7:11:7b:cd:7e:0b:3f:6b:10:29:
         0c:7e:14:9d:a2:ee:f6:4a:57:4e:98:55:9c:92:e6:17:65:65:
         ae:8b:92:c6:6d:52:0f:ea:cb:1b:71:2e:90:5f:66:d4:17:f3:
         76:eb:19:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZel8UG1DAt3Jz2Q5kkbDdkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjI1MDcxNTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWNlN2U3N2E0NjJlZmU0MjZhNWM0OTI4ZTMzMzk3NzQ3MTI0YTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxN4KAjC7V9PeMnuJuymCsb0mjclL
o4CXEd4cDpGwk3B6NWaUgCsgJeXnUFFe7FFspPdQhK4w4fvTjERVKOoaV/3AsWLn
0wIAI4lHLPloLU0wiSNJnw3I3gL9gJ6UMEB83Usd+wLfcucJeXrJyhlv2IuuAv74
RIU1RjqYt46eyRxri1JSYno+iH9FhUHupqC1CCs/SKGdhorFvByOvOHRMm0sa7JI
M3DjPxBBFgvni3ctaL7l5O4xHUysotjy+XZN3ZVWLFXb3s8ZuAbE8oWQkjUc+LoB
8HOwTEh6jtFaxVcwodX1RHi1mlZhJ01E22EYfOKJPk7p8tHQ2NFQik0g9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHOfnekYu/kJqXEko4zOXdHEkpqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNGM1LWQ2Umk3LVFtcGNTU2pqTTVkMGNTU21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqGMA0G
CSqGSIb3DQEBCwUAA4IBAQC29PlSiifW+96a0NZrNlML9qN2gKi8jqKZOju2arUD
xgXACNQHqoZiJ76NTjEL32h/J6pVLxSDhROxWovqeUhus+83/8u9ZNfdLoSAqwkl
Sap2mNW6/XsDmsfHNE7LIN0KZUygjTPjMHWwYlKXmRdmDNrpH4NEEtr0HegUvUVX
B6Fys5vM/RkwJyfWMuvqS0+m2TeUZUhdnwaSX4eWKQItKqEfTwWtVYRe3i1E0A2A
+m1SKMHkpbZIzHIEu6zTrFTmc3ZyytQY88DOyboiFecRe81+Cz9rECkMfhSdou72
SldOmFWckuYXZWWui5LGbVIP6ssbcS6QX2bUF/N26xnR
-----END CERTIFICATE-----