Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Mq2ri_SSu3ILw3ljGEFFKeZbZxU.roa
File:                     Mq2ri_SSu3ILw3ljGEFFKeZbZxU.roa (raw, json)
Hash identifier:          zVzXIcR5ngd3Zm633haslMwJncIs7C9mhacDPNLm2G4=
Subject key identifier:   32:AD:AB:8B:F4:92:BB:72:0B:C3:79:63:18:41:45:29:E6:5B:67:15
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198A79AF1CB6214B179DADE544EEE8AC8F1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Mq2ri_SSu3ILw3ljGEFFKeZbZxU.roa
Signing time:             Thu 14 Aug 2025 08:03:26 +0000
ROA not before:           Thu 14 Aug 2025 08:03:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        31.57.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:9a:f1:cb:62:14:b1:79:da:de:54:4e:ee:8a:c8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 14 08:03:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32adab8bf492bb720bc3796318414529e65b6715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:04:d2:8a:35:a3:da:4d:49:41:2a:b3:9f:af:
                    bb:2e:72:70:13:88:5e:4e:90:6e:5e:9d:9f:54:cb:
                    3c:e5:30:e0:f7:d1:3e:ee:99:6b:6f:4f:33:f6:f3:
                    54:28:5f:4f:95:fe:70:49:24:be:24:dc:eb:a6:35:
                    88:4e:05:98:cc:5a:51:46:8d:e6:14:f7:78:ca:43:
                    67:bc:a4:a2:76:e6:4a:d5:ab:1f:d5:60:18:d5:52:
                    13:6a:94:10:d0:f9:41:dd:d9:a8:f5:18:ba:1a:2b:
                    07:26:67:cb:20:22:1f:c9:3c:46:e1:24:79:e4:4e:
                    3e:9b:02:bc:b4:ef:82:f4:5c:28:35:95:f7:82:00:
                    3c:c8:87:98:69:b1:dc:6b:5c:3c:f3:8d:1e:ae:9e:
                    42:43:c5:36:bb:f6:16:45:21:97:b5:5f:19:d9:70:
                    a3:10:e8:06:f1:15:ea:5b:b8:f2:98:6c:2f:71:d4:
                    c1:a5:76:db:89:2f:3f:d4:e3:14:99:54:13:86:95:
                    72:e7:b2:af:8f:5a:6b:85:51:8d:c0:d8:bf:dd:67:
                    27:30:d5:05:d5:7e:c6:fc:71:bf:66:0e:96:57:bd:
                    14:5a:35:c2:e8:3a:c2:ee:89:d0:56:13:ab:fd:9e:
                    33:92:c0:2c:7e:0d:23:02:17:13:fe:2f:df:b9:b5:
                    8f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AD:AB:8B:F4:92:BB:72:0B:C3:79:63:18:41:45:29:E6:5B:67:15
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Mq2ri_SSu3ILw3ljGEFFKeZbZxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ae:ab:90:a6:94:bd:28:33:87:c7:d1:68:ec:98:d2:4b:24:
         75:2d:88:61:c4:00:6d:f0:b3:8e:35:0f:ca:ce:92:81:f8:b7:
         33:86:69:f1:d3:55:47:95:42:01:fb:38:6d:55:71:70:13:e8:
         21:b8:a4:8c:f0:93:00:36:e3:b3:60:26:63:6d:40:96:9f:06:
         cb:40:4e:38:bb:c7:f0:a2:80:ed:55:b3:1b:d6:b4:2f:b6:de:
         63:87:48:08:cb:2f:68:22:91:f4:1f:45:3a:f5:90:81:89:aa:
         6e:1d:2a:e2:65:2d:03:59:a6:d2:42:46:68:1e:98:99:e8:48:
         57:59:83:9f:b0:3f:14:9c:85:6e:36:3e:a6:b1:c5:06:71:0a:
         be:a4:52:31:61:e4:e8:f1:68:9b:df:48:6a:32:14:5b:c8:ae:
         e5:34:17:79:a2:6a:a3:67:fe:ab:79:3e:c4:cb:49:e8:8e:b2:
         b5:02:f8:ed:df:bd:25:58:70:cf:66:a3:e5:ca:53:7b:48:7a:
         7f:9b:db:b3:05:2b:07:22:a8:9f:45:d5:82:dc:6c:7e:3c:47:
         ca:95:5f:4d:5b:eb:e6:9c:64:e0:85:d5:de:6d:a9:ea:e6:0e:
         58:5f:e8:84:52:d6:f9:33:b4:65:15:47:73:55:9c:69:54:09:
         aa:ce:61:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZinmvHLYhSxedreVE7uisjxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE0MDgwMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFkYWI4YmY0OTJiYjcyMGJjMzc5NjMxODQxNDUyOWU2NWI2NzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwTSijWj2k1JQSqzn6+7LnJwE4he
TpBuXp2fVMs85TDg99E+7plrb08z9vNUKF9Plf5wSSS+JNzrpjWITgWYzFpRRo3m
FPd4ykNnvKSiduZK1asf1WAY1VITapQQ0PlB3dmo9Ri6GisHJmfLICIfyTxG4SR5
5E4+mwK8tO+C9FwoNZX3ggA8yIeYabHca1w8840erp5CQ8U2u/YWRSGXtV8Z2XCj
EOgG8RXqW7jymGwvcdTBpXbbiS8/1OMUmVQThpVy57Kvj1prhVGNwNi/3WcnMNUF
1X7G/HG/Zg6WV70UWjXC6DrC7onQVhOr/Z4zksAsfg0jAhcT/i/fubWPfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKtq4v0krtyC8N5YxhBRSnmW2cVMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTXEycmlfU1N1M0lMdzNsakdFRkZLZVpiWnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmfMA0G
CSqGSIb3DQEBCwUAA4IBAQBVrquQppS9KDOHx9Fo7JjSSyR1LYhhxABt8LOONQ/K
zpKB+Lczhmnx01VHlUIB+zhtVXFwE+ghuKSM8JMANuOzYCZjbUCWnwbLQE44u8fw
ooDtVbMb1rQvtt5jh0gIyy9oIpH0H0U69ZCBiapuHSriZS0DWabSQkZoHpiZ6EhX
WYOfsD8UnIVuNj6mscUGcQq+pFIxYeTo8Wib30hqMhRbyK7lNBd5omqjZ/6reT7E
y0nojrK1Avjt370lWHDPZqPlylN7SHp/m9uzBSsHIqifRdWC3Gx+PEfKlV9NW+vm
nGTghdXebanq5g5YX+iEUtb5M7RlFUdzVZxpVAmqzmGc
-----END CERTIFICATE-----