Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Kf45w-C-teDIn0cX8vJ9fm62RVw.roa
File:                     Kf45w-C-teDIn0cX8vJ9fm62RVw.roa (raw, json)
Hash identifier:          ZK8WKzwPrSFviCeG6vTZfB/KvXtItGyadz+vXv6tUjM=
Subject key identifier:   29:FE:39:C3:E0:BE:B5:E0:C8:9F:47:17:F2:F2:7D:7E:6E:B6:45:5C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198CD757C0DAEB1973EE19D3F388C156B24
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Kf45w-C-teDIn0cX8vJ9fm62RVw.roa
Signing time:             Thu 21 Aug 2025 16:28:05 +0000
ROA not before:           Thu 21 Aug 2025 16:28:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212513
IP address blocks:        31.56.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:75:7c:0d:ae:b1:97:3e:e1:9d:3f:38:8c:15:6b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 21 16:28:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29fe39c3e0beb5e0c89f4717f2f27d7e6eb6455c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fe:f0:1c:f2:0a:f1:b5:83:bc:13:ea:64:10:
                    84:f0:bd:72:be:03:66:33:be:83:7f:ec:f4:c1:24:
                    01:c4:05:60:c6:54:28:62:d5:31:ca:a6:c4:9f:a4:
                    5c:95:08:73:55:da:ad:69:ca:38:5a:91:fb:9c:45:
                    ee:ff:65:24:71:85:b1:2d:6b:02:3e:52:aa:91:be:
                    ac:c4:3e:9a:b3:80:cc:c7:a7:d5:77:f4:d4:2f:8f:
                    86:07:10:4f:8a:5a:11:37:db:94:ed:9c:a0:c0:e2:
                    44:37:c0:03:70:4b:02:61:4c:7b:70:0e:a0:2c:72:
                    bc:5c:0f:af:96:56:8f:5b:9e:3c:12:22:52:b1:8d:
                    1f:77:07:2f:df:45:70:0e:4c:24:1c:08:91:47:a7:
                    36:13:20:55:57:5b:61:f6:6f:bb:e0:75:d0:a9:45:
                    71:6c:96:fb:ae:15:35:d2:e0:ab:56:05:6a:fc:df:
                    b9:bc:e7:38:49:74:be:55:a2:a7:61:58:7f:c8:9f:
                    09:d7:b6:92:75:0a:c6:8b:02:fa:ed:e9:0e:f8:fb:
                    51:98:55:3f:38:00:95:33:8c:22:5d:22:3c:a2:7c:
                    67:34:18:85:83:c5:b6:58:ef:b5:29:28:17:f8:b9:
                    5b:8a:66:45:3a:98:96:50:ee:23:76:f5:48:af:41:
                    fb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FE:39:C3:E0:BE:B5:E0:C8:9F:47:17:F2:F2:7D:7E:6E:B6:45:5C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Kf45w-C-teDIn0cX8vJ9fm62RVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:27:29:b6:11:01:7f:d4:87:60:40:49:fb:b9:bb:87:28:67:
         14:8b:94:c2:1c:8c:c4:6b:8c:e3:4b:ed:53:89:36:6b:79:a5:
         53:f1:57:c9:f2:f6:e3:68:63:ee:36:a3:d7:e9:19:35:a6:1d:
         98:d0:74:fb:59:48:0b:a9:38:18:4d:18:08:e4:34:c0:aa:61:
         08:06:d5:cd:e2:3a:66:ed:67:38:84:60:af:89:33:14:30:57:
         96:1f:49:52:14:3c:a0:76:58:51:1c:0a:8b:4a:8d:ae:d8:cb:
         8b:f3:ea:ad:58:9f:c7:b9:69:6a:9f:76:72:44:30:01:7f:68:
         cd:3c:a5:91:c5:1a:bd:4a:cc:72:15:d8:75:f0:75:ac:be:25:
         5b:bd:c8:b1:cf:23:b3:7f:e1:af:01:1d:3a:23:bc:48:27:e7:
         25:69:dd:d8:4d:d4:fd:00:91:9d:58:5d:cd:fc:d0:54:a6:db:
         90:0e:37:6c:fd:2f:59:5f:31:f0:a4:05:1a:9b:fa:f0:d1:23:
         03:7b:35:06:4b:fa:34:83:cb:1c:f6:d1:68:66:25:e4:e0:b8:
         45:56:d9:08:24:9f:3c:2a:69:df:d3:cc:5b:01:e7:20:20:6f:
         58:a4:61:e3:f2:e3:a7:44:db:12:d1:5c:ba:80:2c:72:30:d3:
         1a:1c:5e:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNdXwNrrGXPuGdPziMFWskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODIxMTYyODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWZlMzljM2UwYmViNWUwYzg5ZjQ3MTdmMmYyN2Q3ZTZlYjY0NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtv7wHPIK8bWDvBPqZBCE8L1yvgNm
M76Df+z0wSQBxAVgxlQoYtUxyqbEn6RclQhzVdqtaco4WpH7nEXu/2UkcYWxLWsC
PlKqkb6sxD6as4DMx6fVd/TUL4+GBxBPiloRN9uU7ZygwOJEN8ADcEsCYUx7cA6g
LHK8XA+vllaPW548EiJSsY0fdwcv30VwDkwkHAiRR6c2EyBVV1th9m+74HXQqUVx
bJb7rhU10uCrVgVq/N+5vOc4SXS+VaKnYVh/yJ8J17aSdQrGiwL67ekO+PtRmFU/
OACVM4wiXSI8onxnNBiFg8W2WO+1KSgX+LlbimZFOpiWUO4jdvVIr0H70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn+OcPgvrXgyJ9HF/LyfX5utkVcMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS2Y0NXctQy10ZURJbjBjWDh2SjlmbTYyUlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzi0MA0G
CSqGSIb3DQEBCwUAA4IBAQAoJym2EQF/1IdgQEn7ubuHKGcUi5TCHIzEa4zjS+1T
iTZreaVT8VfJ8vbjaGPuNqPX6Rk1ph2Y0HT7WUgLqTgYTRgI5DTAqmEIBtXN4jpm
7Wc4hGCviTMUMFeWH0lSFDygdlhRHAqLSo2u2MuL8+qtWJ/HuWlqn3ZyRDABf2jN
PKWRxRq9SsxyFdh18HWsviVbvcixzyOzf+GvAR06I7xIJ+clad3YTdT9AJGdWF3N
/NBUptuQDjds/S9ZXzHwpAUam/rw0SMDezUGS/o0g8sc9tFoZiXk4LhFVtkIJJ88
Kmnf08xbAecgIG9YpGHj8uOnRNsS0Vy6gCxyMNMaHF4x
-----END CERTIFICATE-----