Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4j5iaPkH37qdJPQ_rzvRLh_5yPg.roa
File:                     4j5iaPkH37qdJPQ_rzvRLh_5yPg.roa (raw, json)
Hash identifier:          yR+zAlJ3QuE+YqksaJQvvzMk+lszXiKpFKLShKTZlGc=
Subject key identifier:   E2:3E:62:68:F9:07:DF:BA:9D:24:F4:3F:AF:3B:D1:2E:1F:F9:C8:F8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199DC5B5AACAB959B453EF551F9DF0FC73E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4j5iaPkH37qdJPQ_rzvRLh_5yPg.roa
Signing time:             Mon 13 Oct 2025 06:56:38 +0000
ROA not before:           Mon 13 Oct 2025 06:56:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        31.57.146.0/24 maxlen: 24
                          31.57.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:5b:5a:ac:ab:95:9b:45:3e:f5:51:f9:df:0f:c7:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 13 06:56:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e23e6268f907dfba9d24f43faf3bd12e1ff9c8f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:17:71:ea:86:af:ef:76:20:00:2a:23:20:39:
                    22:82:8e:64:d8:d3:bb:a4:18:4b:0a:43:ae:99:7d:
                    5a:fd:aa:ea:76:90:a3:f7:79:c2:1b:1a:4c:82:fd:
                    74:55:3d:e5:33:05:e4:c0:f8:f5:fd:31:d6:7c:09:
                    81:c4:2a:e9:e6:d1:33:5a:08:a5:b4:fa:a0:85:96:
                    d2:63:ca:3d:54:5b:22:9e:ad:1c:a0:73:c0:74:02:
                    52:ab:2c:99:29:50:62:5a:73:53:8f:b9:a9:94:71:
                    9d:47:81:b2:c1:35:3d:0d:34:53:07:5e:62:5c:0a:
                    db:ad:41:1c:72:2e:f0:6c:d1:ba:5d:fd:8e:6c:71:
                    56:c8:1d:a6:f4:ad:4f:f4:c2:f8:10:65:ba:fe:86:
                    38:af:44:7a:17:28:3a:7a:5e:2c:87:86:ea:8d:3e:
                    42:77:59:b7:a8:77:6b:83:49:eb:34:b7:5d:72:99:
                    fc:d8:43:57:b8:6c:c5:5e:f4:5e:73:80:85:cf:81:
                    45:d1:59:ed:93:50:74:a8:9b:ec:37:0c:17:b0:9c:
                    3a:e6:bb:75:4f:36:4f:c4:b2:08:71:f3:b0:2a:39:
                    69:2b:42:4a:c7:fa:e6:1f:d1:5e:d0:d4:00:57:83:
                    cb:f4:3a:6d:70:7c:f6:cf:2f:78:b2:41:82:6e:eb:
                    8c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3E:62:68:F9:07:DF:BA:9D:24:F4:3F:AF:3B:D1:2E:1F:F9:C8:F8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/4j5iaPkH37qdJPQ_rzvRLh_5yPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.146.0/24
                  31.57.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:d6:b6:31:7a:8f:39:a1:5a:e5:c7:c1:9a:92:65:51:bb:59:
         0d:2d:79:36:a3:2b:4c:6d:82:db:78:77:c7:3f:ff:da:8a:3d:
         68:b3:e7:6f:ff:7c:5c:89:ef:02:14:a2:37:17:65:72:7a:90:
         c1:a5:96:c2:47:62:94:11:3e:ba:bb:74:ea:7e:95:ed:35:a4:
         1f:12:35:21:ee:ee:47:4e:08:e2:02:72:d4:28:05:d9:a8:03:
         5d:44:11:99:c0:a8:d5:77:de:1e:03:be:13:a8:89:f3:27:1b:
         54:1e:e8:94:ab:17:e3:ba:ac:af:97:56:f2:8d:d5:42:08:b6:
         79:25:52:d0:bd:23:fa:a7:68:a6:05:e0:5d:83:67:c8:8c:29:
         96:db:ea:a1:cd:48:49:77:c6:bf:c9:17:c5:f8:cc:80:bf:e3:
         c3:63:2a:30:af:5e:2b:e3:0c:10:eb:ed:09:79:f8:5a:c8:cf:
         11:9e:98:ab:60:e1:fd:50:56:bc:d9:c6:58:5d:e4:14:33:2a:
         86:f3:d6:b3:52:95:a2:19:a2:7b:40:96:f0:b9:24:4c:c2:39:
         d0:09:d0:33:f5:86:a8:45:b9:ec:ed:b6:cc:35:6e:be:bb:9e:
         55:fb:ec:b5:cc:70:83:f6:7e:bb:ff:ad:e0:d1:af:ad:b6:78:
         48:c8:8c:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZncW1qsq5WbRT71UfnfD8c+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDEzMDY1NjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjNlNjI2OGY5MDdkZmJhOWQyNGY0M2ZhZjNiZDEyZTFmZjljOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxdx6oav73YgACojIDkigo5k2NO7
pBhLCkOumX1a/arqdpCj93nCGxpMgv10VT3lMwXkwPj1/THWfAmBxCrp5tEzWgil
tPqghZbSY8o9VFsinq0coHPAdAJSqyyZKVBiWnNTj7mplHGdR4GywTU9DTRTB15i
XArbrUEcci7wbNG6Xf2ObHFWyB2m9K1P9ML4EGW6/oY4r0R6Fyg6el4sh4bqjT5C
d1m3qHdrg0nrNLddcpn82ENXuGzFXvRec4CFz4FF0Vntk1B0qJvsNwwXsJw65rt1
TzZPxLIIcfOwKjlpK0JKx/rmH9Fe0NQAV4PL9DptcHz2zy94skGCbuuMcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOI+Ymj5B9+6nST0P6870S4f+cj4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNGo1aWFQa0gzN3FkSlBRX3J6dlJMaF81eVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmSAwQA
HznNMA0GCSqGSIb3DQEBCwUAA4IBAQAp1rYxeo85oVrlx8GakmVRu1kNLXk2oytM
bYLbeHfHP//aij1os+dv/3xcie8CFKI3F2VyepDBpZbCR2KUET66u3TqfpXtNaQf
EjUh7u5HTgjiAnLUKAXZqANdRBGZwKjVd94eA74TqInzJxtUHuiUqxfjuqyvl1by
jdVCCLZ5JVLQvSP6p2imBeBdg2fIjCmW2+qhzUhJd8a/yRfF+MyAv+PDYyowr14r
4wwQ6+0JefhayM8RnpirYOH9UFa82cZYXeQUMyqG89azUpWiGaJ7QJbwuSRMwjnQ
CdAz9YaoRbns7bbMNW6+u55V++y1zHCD9n67/63g0a+ttnhIyIwa
-----END CERTIFICATE-----