Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E6zRoqSFcApTLyGGnIlElNn4Uq0.roa
File:                     E6zRoqSFcApTLyGGnIlElNn4Uq0.roa (raw, json)
Hash identifier:          6MdcsV5rH56Lpgyj6dyK3wbvX8uUxvncjgQNXCvA0mc=
Subject key identifier:   13:AC:D1:A2:A4:85:70:0A:53:2F:21:86:9C:89:44:94:D9:F8:52:AD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01979D1E935201ABC758D87467A468B8D3E8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E6zRoqSFcApTLyGGnIlElNn4Uq0.roa
Signing time:             Mon 23 Jun 2025 14:08:35 +0000
ROA not before:           Mon 23 Jun 2025 14:08:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        31.57.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:1e:93:52:01:ab:c7:58:d8:74:67:a4:68:b8:d3:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 23 14:08:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13acd1a2a485700a532f21869c894494d9f852ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c0:55:5e:c3:7d:2f:f1:b4:c5:a0:3d:9e:9c:
                    53:b0:a5:6a:ad:b7:75:f9:56:a0:a3:ad:53:d4:41:
                    e5:e5:5b:e0:f3:2c:7e:5e:48:6c:4a:93:6b:7f:95:
                    71:66:af:7f:55:0a:98:73:4f:58:2a:4e:97:a1:ca:
                    d9:77:c3:4b:8b:4e:c8:43:1e:47:56:07:b9:5e:b9:
                    c1:7a:15:7f:ab:51:43:42:fa:21:3c:35:e3:c2:71:
                    25:4e:6b:a6:24:91:98:71:68:9e:76:2e:ed:ec:70:
                    52:b0:37:4a:10:42:be:8c:cb:5b:17:91:e7:98:3f:
                    74:cf:8e:a3:b0:94:87:d6:c0:e8:da:19:e5:d4:41:
                    8b:32:69:5f:7f:a3:79:16:1f:ff:e6:22:4e:a3:26:
                    57:54:5f:41:4f:82:b6:42:5b:d1:1e:7a:98:f9:79:
                    a3:f1:3a:0b:f6:50:b9:a0:7a:1f:e7:77:ac:fa:15:
                    f1:9f:00:02:ff:eb:0e:a7:b7:d7:b3:7f:ac:27:53:
                    78:d0:8a:a2:92:56:3f:69:9e:a1:39:5b:b8:55:6f:
                    24:85:f2:7c:5a:81:ec:79:c5:75:ab:46:f6:2e:c8:
                    27:ba:20:f9:14:6b:0c:d0:25:67:a5:1b:87:87:f8:
                    78:55:1d:5e:58:3d:cf:a9:76:50:c7:ff:15:14:b4:
                    05:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:AC:D1:A2:A4:85:70:0A:53:2F:21:86:9C:89:44:94:D9:F8:52:AD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E6zRoqSFcApTLyGGnIlElNn4Uq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:9e:5d:d7:6e:e1:12:38:14:a4:4d:15:99:a7:a4:66:47:ad:
         52:1f:d5:0e:2a:76:3b:2e:bd:6d:d3:e6:cc:fe:3c:e4:70:52:
         b8:2d:c5:9d:19:32:f2:40:20:74:e7:1f:a8:2c:72:f4:0c:10:
         70:51:5d:2d:9e:35:6c:5a:7c:c5:7d:d3:c9:b2:eb:ae:1d:4c:
         e2:30:db:42:d4:4e:98:92:3e:05:04:fa:96:40:96:1e:90:c7:
         b5:f6:92:63:a6:a8:76:78:e1:02:2a:83:5d:c0:fc:e1:52:25:
         40:9f:74:ac:e8:36:75:5e:9c:52:7a:45:d1:1d:ff:d7:46:23:
         0d:4f:b1:41:4b:0d:ea:89:ac:da:3d:c9:87:73:cc:d8:71:15:
         64:fe:ba:17:b3:51:ab:dd:05:5f:75:cd:1d:7e:d6:44:3b:41:
         39:45:91:76:72:86:ee:2c:a0:1d:d5:e3:ad:c6:3c:f3:cf:af:
         bd:09:7f:58:ba:c6:9b:24:5b:e6:22:da:ed:ac:36:ce:ef:ed:
         29:44:b7:cd:03:60:b6:72:84:2e:64:9a:a9:84:08:3f:65:c0:
         2f:8c:ba:57:cc:a9:26:33:69:e5:2b:13:b1:cc:7e:df:28:c9:
         13:20:35:3c:59:ef:de:4e:e5:a4:72:21:55:9a:43:e1:38:9b:
         e6:ea:ad:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZedHpNSAavHWNh0Z6RouNPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjIzMTQwODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2FjZDFhMmE0ODU3MDBhNTMyZjIxODY5Yzg5NDQ5NGQ5Zjg1MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sBVXsN9L/G0xaA9npxTsKVqrbd1
+Vago61T1EHl5Vvg8yx+XkhsSpNrf5VxZq9/VQqYc09YKk6XocrZd8NLi07IQx5H
Vge5XrnBehV/q1FDQvohPDXjwnElTmumJJGYcWiedi7t7HBSsDdKEEK+jMtbF5Hn
mD90z46jsJSH1sDo2hnl1EGLMmlff6N5Fh//5iJOoyZXVF9BT4K2QlvRHnqY+Xmj
8ToL9lC5oHof53es+hXxnwAC/+sOp7fXs3+sJ1N40IqiklY/aZ6hOVu4VW8khfJ8
WoHsecV1q0b2LsgnuiD5FGsM0CVnpRuHh/h4VR1eWD3PqXZQx/8VFLQFOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOs0aKkhXAKUy8hhpyJRJTZ+FKtMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRTZ6Um9xU0ZjQXBUTHlHR25JbEVsTm40VXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzleMA0G
CSqGSIb3DQEBCwUAA4IBAQCcnl3XbuESOBSkTRWZp6RmR61SH9UOKnY7Lr1t0+bM
/jzkcFK4LcWdGTLyQCB05x+oLHL0DBBwUV0tnjVsWnzFfdPJsuuuHUziMNtC1E6Y
kj4FBPqWQJYekMe19pJjpqh2eOECKoNdwPzhUiVAn3Ss6DZ1XpxSekXRHf/XRiMN
T7FBSw3qiazaPcmHc8zYcRVk/roXs1Gr3QVfdc0dftZEO0E5RZF2cobuLKAd1eOt
xjzzz6+9CX9YusabJFvmItrtrDbO7+0pRLfNA2C2coQuZJqphAg/ZcAvjLpXzKkm
M2nlKxOxzH7fKMkTIDU8We/eTuWkciFVmkPhOJvm6q0m
-----END CERTIFICATE-----