Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D3IZ6Rwwsgzf5YJfLBOkhku4F6Y.roa
File:                     D3IZ6Rwwsgzf5YJfLBOkhku4F6Y.roa (raw, json)
Hash identifier:          b6ni6aDqMnAlqrDKw+sZw/GK4srDHWR20Aiw/+bGI0M=
Subject key identifier:   0F:72:19:E9:1C:30:B2:0C:DF:E5:82:5F:2C:13:A4:86:4B:B8:17:A6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199E407297FC0C32318E3B873C5093EA785
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D3IZ6Rwwsgzf5YJfLBOkhku4F6Y.roa
Signing time:             Tue 14 Oct 2025 18:41:38 +0000
ROA not before:           Tue 14 Oct 2025 18:41:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        31.56.102.0/24 maxlen: 24
                          31.59.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:07:29:7f:c0:c3:23:18:e3:b8:73:c5:09:3e:a7:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 14 18:41:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f7219e91c30b20cdfe5825f2c13a4864bb817a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:9d:c6:d5:9f:d2:f4:b5:e8:34:e2:d3:61:
                    d7:34:1f:f2:4f:5c:44:96:1e:6c:33:93:91:ab:f6:
                    e3:a4:4c:fa:f5:ca:f7:d9:41:47:d6:f6:df:e3:0e:
                    e5:43:d8:42:27:8a:d2:a4:63:3c:0c:d0:8a:b7:89:
                    1f:c6:b1:ab:73:39:4f:17:5a:8c:b6:24:19:1e:6b:
                    f4:62:91:3d:09:3f:a0:02:bd:3f:b0:30:37:38:f1:
                    c1:b8:3f:43:9e:cd:4c:29:74:64:61:a6:a7:13:f9:
                    e6:36:aa:26:f7:85:6f:3f:8b:0e:cb:b9:9b:92:4f:
                    52:b8:fa:30:8e:ca:d2:2f:5c:fa:07:a3:6d:a9:4a:
                    b0:fb:74:57:a4:a0:a3:27:5c:14:23:aa:ff:1d:de:
                    fe:0c:c9:20:b0:3c:2e:13:06:bb:da:61:1a:39:37:
                    3d:41:95:ce:e5:3b:64:ff:e8:00:fd:fc:e7:d4:1c:
                    a0:12:c7:de:23:cb:b3:c0:13:6e:47:f9:df:f5:b3:
                    86:05:c8:fc:01:03:ce:a8:10:47:d1:c2:85:d3:cd:
                    17:4c:f0:16:f3:61:0e:68:6d:9a:3f:9c:b2:d4:eb:
                    b6:34:8c:64:6c:3c:29:d2:df:2c:13:5b:a0:81:80:
                    e8:38:3f:7e:62:df:18:08:82:7a:6a:23:31:29:46:
                    97:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:72:19:E9:1C:30:B2:0C:DF:E5:82:5F:2C:13:A4:86:4B:B8:17:A6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D3IZ6Rwwsgzf5YJfLBOkhku4F6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.102.0/24
                  31.59.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d1:c8:5f:f2:ae:1b:e1:f2:1f:75:fc:57:ef:16:c8:c9:f3:
         ac:28:ea:9c:ae:72:29:1d:94:22:24:8b:ac:c3:ee:f0:ff:82:
         d4:75:f0:41:dd:89:2a:b8:f7:c4:5e:36:00:ed:53:8f:ed:70:
         26:7f:45:74:91:1c:4a:28:07:df:d2:da:24:4e:75:61:93:15:
         00:b9:43:72:93:8a:9d:40:e4:75:52:12:f9:96:95:6b:b0:a4:
         f3:b8:37:c7:19:ed:22:5a:70:4a:cb:b3:53:7a:15:b2:4b:7a:
         d9:c5:3b:93:1c:d3:5c:c9:f3:53:7e:d5:3a:43:db:48:d5:e9:
         8a:47:7f:85:15:17:a4:d7:2a:08:59:c2:f6:65:7a:f7:fd:33:
         50:69:37:1a:94:b0:13:a5:d1:14:33:c7:c0:c2:dd:ac:de:78:
         27:a6:33:d5:fd:62:22:f7:e4:aa:01:c5:b7:5b:34:d3:cf:dd:
         43:6e:8f:28:78:63:6c:b8:e8:81:15:ea:d5:a5:c0:ec:03:82:
         63:59:ce:72:1a:c0:a2:94:5f:cf:dc:dc:5e:3f:74:91:36:a8:
         d2:5a:89:62:1a:84:df:6c:31:dd:65:57:c3:4d:52:8e:22:a9:
         b2:51:06:95:a3:16:44:c6:ae:47:ea:61:61:72:21:de:8f:70:
         dc:42:e9:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnkByl/wMMjGOO4c8UJPqeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDE0MTg0MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjcyMTllOTFjMzBiMjBjZGZlNTgyNWYyYzEzYTQ4NjRiYjgxN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSGdxtWf0vS16DTi02HXNB/yT1xE
lh5sM5ORq/bjpEz69cr32UFH1vbf4w7lQ9hCJ4rSpGM8DNCKt4kfxrGrczlPF1qM
tiQZHmv0YpE9CT+gAr0/sDA3OPHBuD9Dns1MKXRkYaanE/nmNqom94VvP4sOy7mb
kk9SuPowjsrSL1z6B6NtqUqw+3RXpKCjJ1wUI6r/Hd7+DMkgsDwuEwa72mEaOTc9
QZXO5Ttk/+gA/fzn1BygEsfeI8uzwBNuR/nf9bOGBcj8AQPOqBBH0cKF080XTPAW
82EOaG2aP5yy1Ou2NIxkbDwp0t8sE1uggYDoOD9+Yt8YCIJ6aiMxKUaXewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA9yGekcMLIM3+WCXywTpIZLuBemMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRDNJWjZSd3dzZ3pmNVlKZkxCT2toa3U0RjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhmAwQA
HzutMA0GCSqGSIb3DQEBCwUAA4IBAQCZ0chf8q4b4fIfdfxX7xbIyfOsKOqcrnIp
HZQiJIusw+7w/4LUdfBB3YkquPfEXjYA7VOP7XAmf0V0kRxKKAff0tokTnVhkxUA
uUNyk4qdQOR1UhL5lpVrsKTzuDfHGe0iWnBKy7NTehWyS3rZxTuTHNNcyfNTftU6
Q9tI1emKR3+FFRek1yoIWcL2ZXr3/TNQaTcalLATpdEUM8fAwt2s3ngnpjPV/WIi
9+SqAcW3WzTTz91Dbo8oeGNsuOiBFerVpcDsA4JjWc5yGsCilF/P3NxeP3SRNqjS
WoliGoTfbDHdZVfDTVKOIqmyUQaVoxZExq5H6mFhciHej3DcQulk
-----END CERTIFICATE-----