Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FqD-SfICa421DEG0AqSLtZsXM8k.roa
File:                     FqD-SfICa421DEG0AqSLtZsXM8k.roa (raw, json)
Hash identifier:          JB1951TnQ1XEZiqAqJ9vE7OWgZktCW9T5uzcHYP0Oqs=
Subject key identifier:   16:A0:FE:49:F2:02:6B:8D:B5:0C:41:B4:02:A4:8B:B5:9B:17:33:C9
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198B386FF95463FDAEA42F29D004A37E54D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FqD-SfICa421DEG0AqSLtZsXM8k.roa
Signing time:             Sat 16 Aug 2025 15:37:05 +0000
ROA not before:           Sat 16 Aug 2025 15:37:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        31.57.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:86:ff:95:46:3f:da:ea:42:f2:9d:00:4a:37:e5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 16 15:37:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16a0fe49f2026b8db50c41b402a48bb59b1733c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9e:a6:f9:58:c9:de:62:74:94:4b:dc:c6:6b:
                    28:9c:8c:72:0d:77:3b:c9:05:25:24:e4:1a:3e:57:
                    d6:fc:39:f3:cc:bf:52:d8:11:74:56:e3:40:a7:8c:
                    8a:c9:6a:d1:df:9a:d7:22:27:cb:3e:7c:e3:28:6c:
                    e0:1b:71:90:ce:ff:3d:24:4c:ca:00:28:51:91:db:
                    39:1f:33:26:69:c1:dd:4d:76:70:e7:ae:0f:44:d6:
                    89:7c:e9:f3:8e:76:88:d2:26:72:57:52:c8:a8:31:
                    11:32:b3:26:23:4a:68:9b:dd:7a:76:f9:30:08:2b:
                    89:1d:bd:f4:59:d3:48:50:f2:a5:a8:9f:a3:15:d8:
                    0a:0f:e6:a3:d6:65:f5:31:33:81:b3:24:4e:69:18:
                    2a:e6:19:e9:c0:4e:8d:08:a1:1f:98:ca:f4:d5:88:
                    48:83:45:0b:82:3d:f9:5d:af:f7:f4:62:dd:04:cc:
                    c2:95:02:f5:4f:a6:4f:20:70:b7:51:0a:cb:b7:93:
                    a0:fc:f9:ab:a0:a1:cd:8b:2d:13:3c:30:94:61:f9:
                    9e:a0:bd:92:5f:f8:78:75:4d:96:7f:0f:f5:49:ce:
                    4d:05:d2:a0:ba:dd:c5:eb:c0:3d:47:2a:00:37:a1:
                    66:36:0b:6b:cb:eb:88:ba:aa:84:fd:68:a5:a9:b9:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A0:FE:49:F2:02:6B:8D:B5:0C:41:B4:02:A4:8B:B5:9B:17:33:C9
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FqD-SfICa421DEG0AqSLtZsXM8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:17:26:b2:71:cd:64:8a:5d:81:1b:72:3f:97:1e:5f:3a:12:
         23:23:98:ab:1d:1e:0e:ca:a5:22:f0:20:26:47:23:25:57:58:
         3d:68:24:bb:cd:73:cd:48:6b:e9:9f:db:98:fe:bf:3c:d7:11:
         91:e7:2f:07:c4:7a:cd:5e:9b:80:d9:e7:ef:06:44:74:8c:7d:
         be:b8:78:f3:3a:73:d3:07:c1:42:bf:ca:7a:d8:14:a5:55:81:
         e5:93:62:75:66:04:d9:02:83:13:c4:79:ef:00:6d:c8:09:17:
         e4:9c:da:d6:ce:9d:a5:99:bc:76:ab:bf:e3:c2:31:42:23:48:
         0e:be:7f:7d:e2:3c:f7:9c:80:4f:c4:4d:b3:f4:43:41:f7:54:
         95:e1:b1:5b:a0:af:0a:cf:c0:d2:66:90:13:d6:55:0f:9c:44:
         f5:6c:83:f2:7b:81:19:88:f8:c6:7d:9e:28:4c:dc:75:38:c6:
         27:32:b7:b8:b3:37:44:da:3c:ab:90:ae:89:07:52:c6:af:78:
         02:89:be:2c:42:8a:fc:92:2e:66:86:2e:5c:3b:af:47:1a:19:
         52:36:36:56:07:44:1a:41:69:b1:18:a1:23:ac:0f:fb:6b:1c:
         ef:62:a2:37:02:a6:37:0f:8a:57:e0:3b:9e:af:94:2b:8a:85:
         7d:e3:d8:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizhv+VRj/a6kLynQBKN+VNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE2MTUzNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmEwZmU0OWYyMDI2YjhkYjUwYzQxYjQwMmE0OGJiNTliMTczM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp6m+VjJ3mJ0lEvcxmsonIxyDXc7
yQUlJOQaPlfW/DnzzL9S2BF0VuNAp4yKyWrR35rXIifLPnzjKGzgG3GQzv89JEzK
AChRkds5HzMmacHdTXZw564PRNaJfOnzjnaI0iZyV1LIqDERMrMmI0pom916dvkw
CCuJHb30WdNIUPKlqJ+jFdgKD+aj1mX1MTOBsyROaRgq5hnpwE6NCKEfmMr01YhI
g0ULgj35Xa/39GLdBMzClQL1T6ZPIHC3UQrLt5Og/PmroKHNiy0TPDCUYfmeoL2S
X/h4dU2Wfw/1Sc5NBdKgut3F68A9RyoAN6FmNgtry+uIuqqE/Wilqbl8/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBag/knyAmuNtQxBtAKki7WbFzPJMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRnFELVNmSUNhNDIxREVHMEFxU0x0WnNYTThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkLMA0G
CSqGSIb3DQEBCwUAA4IBAQASFyaycc1kil2BG3I/lx5fOhIjI5irHR4OyqUi8CAm
RyMlV1g9aCS7zXPNSGvpn9uY/r881xGR5y8HxHrNXpuA2efvBkR0jH2+uHjzOnPT
B8FCv8p62BSlVYHlk2J1ZgTZAoMTxHnvAG3ICRfknNrWzp2lmbx2q7/jwjFCI0gO
vn994jz3nIBPxE2z9ENB91SV4bFboK8Kz8DSZpAT1lUPnET1bIPye4EZiPjGfZ4o
TNx1OMYnMre4szdE2jyrkK6JB1LGr3gCib4sQor8ki5mhi5cO69HGhlSNjZWB0Qa
QWmxGKEjrA/7axzvYqI3AqY3D4pX4Duer5QrioV949g5
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:58:16 2025 by rpki-client