Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IIOKh_VQ3ofTcxhNB7-4qmzV864.roa
File:                     IIOKh_VQ3ofTcxhNB7-4qmzV864.roa (raw, json)
Hash identifier:          0XVhcOlhV3LYGZKA6teMTc/CuPcuFyFWBm2KKTi8Hc8=
Subject key identifier:   20:83:8A:87:F5:50:DE:87:D3:73:18:4D:07:BF:B8:AA:6C:D5:F3:AE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019899A10DC85B22D62D713D3CE7D5986A2B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IIOKh_VQ3ofTcxhNB7-4qmzV864.roa
Signing time:             Mon 11 Aug 2025 14:55:25 +0000
ROA not before:           Mon 11 Aug 2025 14:55:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210634
IP address blocks:        31.57.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:32:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:a1:0d:c8:5b:22:d6:2d:71:3d:3c:e7:d5:98:6a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 11 14:55:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20838a87f550de87d373184d07bfb8aa6cd5f3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:54:b2:51:00:7c:96:01:7e:16:c0:8c:93:8c:
                    b3:77:3c:e9:b9:6d:ac:a9:c8:c1:78:b1:d3:c2:93:
                    c2:65:bc:1e:88:df:ef:ab:5f:23:07:27:e8:e5:92:
                    ec:82:b8:a2:3a:a8:2f:c8:ae:c8:f5:02:16:a5:3e:
                    a9:b7:fa:b2:b7:b8:07:e7:41:fc:c1:96:a2:d8:6c:
                    56:c5:1b:26:26:bc:bb:b3:ba:5c:bc:d9:41:0a:79:
                    97:3c:2a:36:90:ad:78:c3:e8:69:5c:db:6d:cf:79:
                    d2:48:46:de:a2:24:0b:9c:78:d5:18:39:f4:51:68:
                    f7:0a:5c:e9:ee:8c:61:90:5b:ef:a4:a3:f3:08:dc:
                    39:b7:2f:70:fb:7f:e4:89:f5:89:ca:a9:e9:28:60:
                    ce:35:d4:b5:82:bc:2d:2f:8c:09:da:fd:44:14:a1:
                    4b:cd:a1:6d:24:a3:f1:53:b3:8f:9d:27:2c:43:8e:
                    06:6c:ab:f4:2a:ff:c5:2f:13:2a:df:2f:c4:de:c4:
                    1b:89:a8:ac:11:db:de:97:0a:66:a3:86:82:4f:a3:
                    2a:07:28:57:06:42:fd:3b:a6:68:64:39:64:f7:ff:
                    1c:60:1a:45:51:ca:fb:72:18:be:ae:58:68:87:6f:
                    f0:11:8e:b1:4a:6c:35:a7:81:06:5f:cb:5c:6a:73:
                    48:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:83:8A:87:F5:50:DE:87:D3:73:18:4D:07:BF:B8:AA:6C:D5:F3:AE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IIOKh_VQ3ofTcxhNB7-4qmzV864.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:f4:d9:64:39:55:c7:0d:4d:4d:27:c1:9f:09:7a:59:19:c8:
         cf:e1:ec:65:53:96:7c:bb:17:58:73:0f:ca:ca:e6:57:bd:f3:
         d8:bb:60:37:2e:8a:4a:0a:c3:e5:4a:a0:bd:86:9b:d3:17:3b:
         a9:73:45:03:3b:a8:15:35:6f:83:e2:84:f0:87:56:2a:2b:78:
         66:f6:12:e8:57:bd:9d:34:cc:1f:d9:ac:c6:15:ac:89:3f:3f:
         82:68:5c:33:41:8d:60:77:a7:e3:6a:03:04:af:21:3c:8e:f8:
         5c:ec:49:5a:73:bb:7c:b6:26:da:6b:07:61:8c:1c:49:55:19:
         b9:cf:2c:01:a6:cc:8a:16:02:6c:ba:e6:a9:ba:f0:95:f5:93:
         34:e2:33:e2:e9:7f:77:f7:ec:e2:63:4e:1d:58:e9:20:1e:2e:
         ba:d5:48:f3:05:27:b3:33:80:7b:14:06:8f:15:4f:5f:ae:93:
         be:c4:c2:c6:fe:86:00:e9:ca:6a:f2:9d:88:c0:47:5b:da:de:
         d2:f5:3a:5d:9c:33:6b:e7:0e:d1:8a:ca:4b:82:98:26:97:49:
         82:24:06:9c:53:6e:8d:f6:e5:56:7b:ec:90:ea:5d:7e:1b:52:
         4c:1d:83:aa:1e:55:76:d5:2a:ba:fb:21:4b:cb:b7:b2:8d:ee:
         f4:46:76:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiZoQ3IWyLWLXE9POfVmGorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODExMTQ1NTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDgzOGE4N2Y1NTBkZTg3ZDM3MzE4NGQwN2JmYjhhYTZjZDVmM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1SyUQB8lgF+FsCMk4yzdzzpuW2s
qcjBeLHTwpPCZbweiN/vq18jByfo5ZLsgriiOqgvyK7I9QIWpT6pt/qyt7gH50H8
wZai2GxWxRsmJry7s7pcvNlBCnmXPCo2kK14w+hpXNttz3nSSEbeoiQLnHjVGDn0
UWj3Clzp7oxhkFvvpKPzCNw5ty9w+3/kifWJyqnpKGDONdS1grwtL4wJ2v1EFKFL
zaFtJKPxU7OPnScsQ44GbKv0Kv/FLxMq3y/E3sQbiaisEdvelwpmo4aCT6MqByhX
BkL9O6ZoZDlk9/8cYBpFUcr7chi+rlhoh2/wEY6xSmw1p4EGX8tcanNIZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCDiof1UN6H03MYTQe/uKps1fOuMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSUlPS2hfVlEzb2ZUY3hoTkI3LTRxbXpWODY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkKMA0G
CSqGSIb3DQEBCwUAA4IBAQCx9NlkOVXHDU1NJ8GfCXpZGcjP4exlU5Z8uxdYcw/K
yuZXvfPYu2A3LopKCsPlSqC9hpvTFzupc0UDO6gVNW+D4oTwh1YqK3hm9hLoV72d
NMwf2azGFayJPz+CaFwzQY1gd6fjagMEryE8jvhc7Elac7t8tibaawdhjBxJVRm5
zywBpsyKFgJsuuapuvCV9ZM04jPi6X939+ziY04dWOkgHi661UjzBSezM4B7FAaP
FU9frpO+xMLG/oYA6cpq8p2IwEdb2t7S9TpdnDNr5w7RispLgpgml0mCJAacU26N
9uVWe+yQ6l1+G1JMHYOqHlV21Sq6+yFLy7eyje70RnZ9
-----END CERTIFICATE-----