Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GPeiH9egPcWzEPc3ObF_8A87dZM.roa
File:                     GPeiH9egPcWzEPc3ObF_8A87dZM.roa (raw, json)
Hash identifier:          3vOD6H7mPgOq6UXU2nLVBZoxvS6QXa+QtkBTZ8DDA+g=
Subject key identifier:   18:F7:A2:1F:D7:A0:3D:C5:B3:10:F7:37:39:B1:7F:F0:0F:3B:75:93
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198A79AF16AB9EAB63A35E2126E9B55D29D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GPeiH9egPcWzEPc3ObF_8A87dZM.roa
Signing time:             Thu 14 Aug 2025 08:03:26 +0000
ROA not before:           Thu 14 Aug 2025 08:03:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        31.57.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:9a:f1:6a:b9:ea:b6:3a:35:e2:12:6e:9b:55:d2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 14 08:03:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18f7a21fd7a03dc5b310f73739b17ff00f3b7593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:be:69:bc:a2:d9:41:c6:32:80:78:3b:ea:5b:
                    26:7e:7d:4d:b7:c8:d0:e8:b7:d9:62:d9:fc:0f:e0:
                    f9:f5:e5:23:e4:81:d5:1b:40:e1:ad:7b:d7:a7:49:
                    e8:41:e0:52:39:f6:2b:eb:ca:19:c4:25:cf:5a:11:
                    37:ea:3d:a1:d1:f0:63:cf:2f:30:2a:78:5d:06:92:
                    1a:da:1d:54:7d:3e:36:f5:9d:e4:17:65:19:af:8c:
                    3d:ad:c2:1e:1c:2e:96:7b:ee:e6:d4:2f:7c:3b:75:
                    5e:c0:ee:df:02:e3:d3:d6:65:70:12:a9:21:a2:18:
                    7f:65:21:39:94:ba:b0:e5:13:6c:c0:13:70:76:ec:
                    69:f6:d7:c5:59:a3:76:22:39:1e:a0:14:43:e6:45:
                    e0:97:ac:52:a2:45:ae:bc:36:d8:2d:d6:58:7c:be:
                    ec:92:76:a5:1f:86:5b:08:f1:c2:b9:d5:30:f1:b9:
                    a9:4a:56:1f:5d:48:9f:5e:60:90:91:ae:b1:7c:d2:
                    2d:8e:00:2c:a4:68:c4:96:ca:72:45:63:de:42:b1:
                    d0:d8:8c:15:dc:63:4a:84:13:e5:94:b8:21:10:d7:
                    f7:7a:12:cb:2d:78:bd:e7:83:df:6d:dc:1f:1b:4f:
                    24:14:f5:90:c7:74:a3:6e:51:82:ef:34:06:05:80:
                    aa:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F7:A2:1F:D7:A0:3D:C5:B3:10:F7:37:39:B1:7F:F0:0F:3B:75:93
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/GPeiH9egPcWzEPc3ObF_8A87dZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e0:df:df:88:5d:f0:89:d3:4f:cd:8a:60:e8:92:9b:a2:7e:
         98:13:3b:9d:b7:da:f5:75:6b:ca:fc:d2:d3:3b:54:a6:4e:7d:
         2b:c5:c8:30:c0:7d:07:ae:f9:34:74:ba:96:44:91:0c:39:07:
         7a:ef:3b:64:e5:65:82:21:83:b3:2e:68:80:28:66:74:8f:d1:
         1e:d5:48:a7:65:d4:f9:73:37:ae:c7:0c:55:ef:21:b9:81:bd:
         39:e0:4d:e4:66:4f:92:99:26:dc:cb:ee:7f:d0:30:dc:76:c5:
         a3:e9:40:fa:ce:c6:10:25:87:5f:91:53:62:17:55:fa:13:1a:
         10:ca:0d:98:db:4c:3a:38:8d:fa:39:6d:31:11:bc:6f:0a:c2:
         5d:e8:31:2e:52:36:4b:ad:94:86:b8:a2:09:4f:61:d0:87:d3:
         5c:18:8e:5d:ae:bd:93:7c:d5:b4:39:1a:f2:f1:df:5f:b3:e4:
         c2:d4:99:08:a7:83:e3:f7:20:87:99:2e:2b:64:c3:64:9d:5f:
         a2:21:b6:da:06:b1:c3:9a:c7:f0:d3:82:f6:22:a8:2f:fb:11:
         9f:1b:43:a7:c1:5f:46:54:81:6e:51:e6:14:47:03:ad:90:c8:
         6a:6f:1e:29:1b:da:a8:ca:87:c9:27:07:6b:1e:b0:77:bf:5c:
         f0:7d:32:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZinmvFqueq2OjXiEm6bVdKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE0MDgwMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGY3YTIxZmQ3YTAzZGM1YjMxMGY3MzczOWIxN2ZmMDBmM2I3NTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L5pvKLZQcYygHg76lsmfn1Nt8jQ
6LfZYtn8D+D59eUj5IHVG0DhrXvXp0noQeBSOfYr68oZxCXPWhE36j2h0fBjzy8w
KnhdBpIa2h1UfT429Z3kF2UZr4w9rcIeHC6We+7m1C98O3VewO7fAuPT1mVwEqkh
ohh/ZSE5lLqw5RNswBNwduxp9tfFWaN2IjkeoBRD5kXgl6xSokWuvDbYLdZYfL7s
knalH4ZbCPHCudUw8bmpSlYfXUifXmCQka6xfNItjgAspGjElspyRWPeQrHQ2IwV
3GNKhBPllLghENf3ehLLLXi954PfbdwfG08kFPWQx3SjblGC7zQGBYCqBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBj3oh/XoD3FsxD3Nzmxf/APO3WTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvR1BlaUg5ZWdQY1d6RVBjM09iRl84QTg3ZFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzm2MA0G
CSqGSIb3DQEBCwUAA4IBAQBT4N/fiF3widNPzYpg6JKbon6YEzudt9r1dWvK/NLT
O1SmTn0rxcgwwH0Hrvk0dLqWRJEMOQd67ztk5WWCIYOzLmiAKGZ0j9Ee1UinZdT5
czeuxwxV7yG5gb054E3kZk+SmSbcy+5/0DDcdsWj6UD6zsYQJYdfkVNiF1X6ExoQ
yg2Y20w6OI36OW0xEbxvCsJd6DEuUjZLrZSGuKIJT2HQh9NcGI5drr2TfNW0ORry
8d9fs+TC1JkIp4Pj9yCHmS4rZMNknV+iIbbaBrHDmsfw04L2Iqgv+xGfG0OnwV9G
VIFuUeYURwOtkMhqbx4pG9qoyofJJwdrHrB3v1zwfTKq
-----END CERTIFICATE-----