Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ANCyxfCSJ6FID_12YZDF7pDQ8VU.roa
File:                     ANCyxfCSJ6FID_12YZDF7pDQ8VU.roa (raw, json)
Hash identifier:          3ouqUR8VZx34z2lRWmlJjXs4d7YZheDpK5fPNSupqBk=
Subject key identifier:   00:D0:B2:C5:F0:92:27:A1:48:0F:FD:76:61:90:C5:EE:90:D0:F1:55
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198B35BF8D39F801811752A8447E2B47C05
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ANCyxfCSJ6FID_12YZDF7pDQ8VU.roa
Signing time:             Sat 16 Aug 2025 14:50:05 +0000
ROA not before:           Sat 16 Aug 2025 14:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205536
IP address blocks:        31.58.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:5b:f8:d3:9f:80:18:11:75:2a:84:47:e2:b4:7c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 16 14:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00d0b2c5f09227a1480ffd766190c5ee90d0f155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:97:d5:80:82:82:e9:b0:bf:fc:6a:16:eb:51:
                    0a:a0:08:95:0c:a7:80:f2:a1:6e:cb:35:c9:78:bf:
                    a6:ed:fc:29:2b:91:f0:a1:4f:2e:d1:16:e5:03:dc:
                    ca:05:d3:b1:f5:e0:a2:aa:c5:74:58:92:04:80:63:
                    58:08:4d:fc:0c:f7:25:cd:81:e1:fa:c8:7a:18:e8:
                    25:b7:a6:44:df:ca:0a:33:34:e8:76:22:5a:5a:9d:
                    a1:5f:9c:24:d2:59:6b:39:c9:d9:7c:d8:c5:b6:75:
                    da:6f:90:ed:86:e2:29:35:f7:69:bc:aa:07:60:69:
                    65:00:ff:99:28:fa:a3:8e:58:15:97:b8:51:eb:0d:
                    2b:94:2d:7e:48:60:48:4c:0e:32:fb:47:5b:6e:d9:
                    a3:02:75:9e:f7:22:d5:81:11:0b:32:9f:b0:1c:3b:
                    ee:26:e9:e1:c5:53:ee:87:77:4c:03:de:13:28:0d:
                    b3:91:bd:e8:f3:7b:3d:07:09:91:70:58:72:b6:85:
                    13:af:a1:26:d3:20:c2:a4:0b:be:54:ac:13:da:3d:
                    dd:a1:1c:54:fe:84:6c:e4:a9:be:0b:1d:fc:77:fe:
                    03:76:25:97:ea:90:44:c3:56:44:c8:f0:c0:b8:01:
                    c0:ad:14:7d:17:67:92:53:90:e4:74:49:bd:f3:f4:
                    cf:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D0:B2:C5:F0:92:27:A1:48:0F:FD:76:61:90:C5:EE:90:D0:F1:55
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ANCyxfCSJ6FID_12YZDF7pDQ8VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:ba:f4:d8:c4:b0:a1:75:ae:9b:00:a9:d8:dd:81:fe:20:17:
         52:f6:85:6a:48:9d:07:55:b8:19:4e:7d:bb:50:a8:b1:a1:5c:
         ac:d6:ba:5d:b1:c9:ae:1f:b4:50:92:10:f2:8e:77:ed:15:1d:
         ac:56:2b:99:ae:fb:ad:e0:02:95:02:bc:ad:9c:6b:e8:b5:3a:
         53:5f:3c:d5:df:fa:34:2c:56:02:91:65:ce:79:e5:1d:91:54:
         61:7f:01:f3:8f:c2:a5:91:80:dc:d4:bf:4e:9e:57:17:f2:5c:
         79:00:7f:01:78:f7:d5:91:14:23:f5:28:f6:64:ac:29:86:53:
         e4:82:9b:b4:9c:75:cc:cf:6e:42:1b:56:c6:de:ba:78:cc:a2:
         50:85:51:ec:1c:c6:78:cc:3a:d0:e5:9d:d9:fd:39:c4:77:e7:
         74:2f:82:e0:5f:4a:fd:36:07:4a:d9:3f:4e:5c:38:d6:16:6f:
         13:37:a3:ee:c2:70:d5:fe:80:d8:c2:de:c9:2b:37:cf:0d:e0:
         e1:cb:ee:3d:9b:4e:d3:8e:c0:60:a4:ff:41:43:f6:91:e6:77:
         e7:10:a7:c8:40:72:7a:3e:9b:d1:3f:2a:71:67:0c:c5:0a:cc:
         40:91:b5:cd:05:e7:f8:f1:62:fe:6c:f1:a9:78:db:c8:1f:85:
         eb:87:63:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizW/jTn4AYEXUqhEfitHwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE2MTQ1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQwYjJjNWYwOTIyN2ExNDgwZmZkNzY2MTkwYzVlZTkwZDBmMTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5fVgIKC6bC//GoW61EKoAiVDKeA
8qFuyzXJeL+m7fwpK5HwoU8u0RblA9zKBdOx9eCiqsV0WJIEgGNYCE38DPclzYHh
+sh6GOglt6ZE38oKMzTodiJaWp2hX5wk0llrOcnZfNjFtnXab5DthuIpNfdpvKoH
YGllAP+ZKPqjjlgVl7hR6w0rlC1+SGBITA4y+0dbbtmjAnWe9yLVgRELMp+wHDvu
JunhxVPuh3dMA94TKA2zkb3o83s9BwmRcFhytoUTr6Em0yDCpAu+VKwT2j3doRxU
/oRs5Km+Cx38d/4DdiWX6pBEw1ZEyPDAuAHArRR9F2eSU5DkdEm98/TPMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADQssXwkiehSA/9dmGQxe6Q0PFVMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQU5DeXhmQ1NKNkZJRF8xMllaREY3cERROFZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrvMA0G
CSqGSIb3DQEBCwUAA4IBAQCsuvTYxLChda6bAKnY3YH+IBdS9oVqSJ0HVbgZTn27
UKixoVys1rpdscmuH7RQkhDyjnftFR2sViuZrvut4AKVArytnGvotTpTXzzV3/o0
LFYCkWXOeeUdkVRhfwHzj8KlkYDc1L9OnlcX8lx5AH8BePfVkRQj9Sj2ZKwphlPk
gpu0nHXMz25CG1bG3rp4zKJQhVHsHMZ4zDrQ5Z3Z/TnEd+d0L4LgX0r9NgdK2T9O
XDjWFm8TN6PuwnDV/oDYwt7JKzfPDeDhy+49m07TjsBgpP9BQ/aR5nfnEKfIQHJ6
PpvRPypxZwzFCsxAkbXNBef48WL+bPGpeNvIH4Xrh2M6
-----END CERTIFICATE-----