Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BmWagV4MXpVmXksUIrwUvcYGBFo.roa
File:                     BmWagV4MXpVmXksUIrwUvcYGBFo.roa (raw, json)
Hash identifier:          NldWJTQRi7HNK8qZ00fnJ3c0U0MzfgSrp2zHr7wIXV0=
Subject key identifier:   06:65:9A:81:5E:0C:5E:95:66:5E:4B:14:22:BC:14:BD:C6:06:04:5A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197A321A6AF2AE91D4D5CA5DDA64B9B2DAA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BmWagV4MXpVmXksUIrwUvcYGBFo.roa
Signing time:             Tue 24 Jun 2025 18:09:40 +0000
ROA not before:           Tue 24 Jun 2025 18:09:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214481
IP address blocks:        31.56.59.0/24 maxlen: 24
                          31.58.51.0/24 maxlen: 24
                          31.59.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 06:19:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a3:21:a6:af:2a:e9:1d:4d:5c:a5:dd:a6:4b:9b:2d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 24 18:09:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06659a815e0c5e95665e4b1422bc14bdc606045a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:08:91:a7:9f:52:27:50:84:41:25:b9:4e:e4:
                    16:17:ee:eb:48:d0:b6:04:35:45:0d:4c:7e:77:a6:
                    9d:68:b1:9e:0f:8a:8e:76:44:6b:e1:2f:2a:f8:88:
                    bc:84:87:a2:f7:96:5d:b3:10:26:6d:cb:d9:89:8d:
                    c9:fb:fd:77:fe:39:bb:d2:e0:bf:00:b8:0b:8e:22:
                    f0:23:b2:66:0e:7f:97:57:a3:5e:26:b5:47:d7:f4:
                    ee:6d:bb:e0:34:c3:8d:9f:7b:1a:92:04:41:30:32:
                    04:e3:d8:c9:06:4a:90:d2:72:59:40:7a:3e:42:a2:
                    a8:89:54:37:01:ac:2b:0b:2f:94:10:b8:90:01:e3:
                    a4:aa:6e:d7:5c:c0:8d:3f:96:6e:56:ed:12:24:8e:
                    61:e8:ed:ac:02:ed:11:c1:b8:33:78:fd:a7:48:ab:
                    72:b3:21:00:81:bc:20:18:a7:03:b4:4b:e8:05:20:
                    8d:4c:0b:71:5c:02:37:eb:b6:39:73:a9:90:b0:7c:
                    23:da:36:90:53:ee:9a:cd:ab:5b:4b:b3:d4:9d:57:
                    64:97:0e:d7:0e:0b:fe:0a:64:3b:0d:3b:59:91:79:
                    b7:12:57:7b:ae:8c:c8:1d:48:c8:d7:81:21:ea:e9:
                    a0:3e:1f:4f:6d:dc:5e:a6:82:1f:a0:6c:fe:73:7c:
                    5a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:65:9A:81:5E:0C:5E:95:66:5E:4B:14:22:BC:14:BD:C6:06:04:5A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BmWagV4MXpVmXksUIrwUvcYGBFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.59.0/24
                  31.58.51.0/24
                  31.59.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2f:5d:3e:55:7e:14:42:7a:0d:85:be:92:a1:fb:2f:60:01:
         3d:39:77:16:0c:49:0c:70:c8:99:e3:ff:07:66:be:5e:ba:5f:
         27:a6:d3:24:e2:62:06:08:3b:4c:0d:cb:2a:13:5c:42:e7:94:
         94:9f:da:24:af:73:13:e1:71:f8:ae:9b:0b:90:e1:91:fe:9a:
         53:51:4c:30:96:57:7f:55:7f:06:46:62:c4:d3:81:50:42:6b:
         36:43:ef:cf:7a:fc:a1:aa:24:64:25:c2:d5:44:7b:d6:a7:a4:
         09:3f:03:28:3b:a8:ba:85:88:a2:61:d2:71:b3:2c:c1:03:40:
         59:c6:13:be:a0:4b:70:08:5e:74:55:ac:4e:85:45:90:b3:99:
         00:bc:70:e6:a7:a3:49:fc:3c:02:b3:89:89:d6:f0:f6:36:56:
         b3:89:9d:23:e3:58:14:16:67:03:76:96:a6:92:da:9b:36:70:
         7b:67:97:8f:26:82:37:98:22:c0:23:a9:4d:83:b4:c9:3a:bd:
         de:9e:94:ed:86:34:e9:29:ed:0a:ab:e8:22:57:fe:3f:4b:76:
         c8:cc:58:32:cf:bb:b4:b8:45:d7:e0:21:56:93:7e:9e:53:3d:
         54:5f:c8:fe:f0:ef:89:c2:24:56:f6:55:7f:2b:3a:66:8e:f8:
         e8:f2:28:b7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZejIaavKukdTVyl3aZLmy2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjI0MTgwOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjY1OWE4MTVlMGM1ZTk1NjY1ZTRiMTQyMmJjMTRiZGM2MDYwNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2giRp59SJ1CEQSW5TuQWF+7rSNC2
BDVFDUx+d6adaLGeD4qOdkRr4S8q+Ii8hIei95ZdsxAmbcvZiY3J+/13/jm70uC/
ALgLjiLwI7JmDn+XV6NeJrVH1/TubbvgNMONn3sakgRBMDIE49jJBkqQ0nJZQHo+
QqKoiVQ3AawrCy+UELiQAeOkqm7XXMCNP5ZuVu0SJI5h6O2sAu0RwbgzeP2nSKty
syEAgbwgGKcDtEvoBSCNTAtxXAI367Y5c6mQsHwj2jaQU+6azatbS7PUnVdklw7X
Dgv+CmQ7DTtZkXm3Eld7rozIHUjI14Eh6umgPh9PbdxepoIfoGz+c3xaDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAZlmoFeDF6VZl5LFCK8FL3GBgRaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQm1XYWdWNE1YcFZtWGtzVUlyd1V2Y1lHQkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzg7AwQA
HzozAwQAHzuBMA0GCSqGSIb3DQEBCwUAA4IBAQAnL10+VX4UQnoNhb6SofsvYAE9
OXcWDEkMcMiZ4/8HZr5eul8nptMk4mIGCDtMDcsqE1xC55SUn9okr3MT4XH4rpsL
kOGR/ppTUUwwlld/VX8GRmLE04FQQms2Q+/PevyhqiRkJcLVRHvWp6QJPwMoO6i6
hYiiYdJxsyzBA0BZxhO+oEtwCF50VaxOhUWQs5kAvHDmp6NJ/DwCs4mJ1vD2Nlaz
iZ0j41gUFmcDdpamktqbNnB7Z5ePJoI3mCLAI6lNg7TJOr3enpTthjTpKe0Kq+gi
V/4/S3bIzFgyz7u0uEXX4CFWk36eUz1UX8j+8O+JwiRW9lV/Kzpmjvjo8ii3
-----END CERTIFICATE-----