Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PiwvQNWirnkXW-SIpwAEyz1fmJk.roa
File:                     PiwvQNWirnkXW-SIpwAEyz1fmJk.roa (raw, json)
Hash identifier:          w7UvbaOWgIrdYJBqSD9yEroTmk0LHxpJYk4yAzIJy3Y=
Subject key identifier:   3E:2C:2F:40:D5:A2:AE:79:17:5B:E4:88:A7:00:04:CB:3D:5F:98:99
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198B831C2DBC060F2C8956BE1730F61F9FB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PiwvQNWirnkXW-SIpwAEyz1fmJk.roa
Signing time:             Sun 17 Aug 2025 13:22:05 +0000
ROA not before:           Sun 17 Aug 2025 13:22:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        31.58.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b8:31:c2:db:c0:60:f2:c8:95:6b:e1:73:0f:61:f9:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 17 13:22:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e2c2f40d5a2ae79175be488a70004cb3d5f9899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:dc:52:01:84:ba:d3:17:4e:83:05:f2:91:95:
                    b0:62:3c:63:82:df:d8:1f:e8:47:cc:48:55:80:df:
                    d0:64:4d:31:e1:c0:ff:24:e8:1c:b1:fa:c1:19:c7:
                    5d:9b:9d:03:64:d4:c4:16:32:0e:d9:90:5b:f7:b3:
                    32:28:62:55:54:26:fd:a0:5b:d0:3c:38:5a:7c:d8:
                    e8:d0:19:92:ed:04:f0:99:9e:23:be:59:dc:ed:c5:
                    29:fd:b3:36:76:e0:ac:45:ff:3a:e4:4c:34:58:61:
                    6f:e5:85:d2:c4:74:b5:5b:0d:7b:c1:dc:6c:20:2a:
                    fe:69:34:38:be:6a:2d:1b:c2:f1:53:60:96:81:3d:
                    81:db:8e:0d:e6:e8:af:ea:22:4b:3d:15:3d:43:c2:
                    42:0e:d8:db:a9:f0:30:d7:12:c1:e3:08:a3:ca:75:
                    3b:af:84:09:52:bb:4b:4b:ad:b9:13:63:1e:bf:13:
                    c9:7a:5b:73:75:39:6c:bb:dd:31:4a:41:f0:84:43:
                    fe:f8:93:de:d4:62:23:27:5b:e8:ce:be:ed:dd:42:
                    22:89:ad:38:51:eb:a2:a2:d9:e6:f9:6a:c2:dd:50:
                    c9:37:86:5f:96:1f:bc:f1:f0:b1:f0:f5:b7:09:97:
                    ce:42:a8:c3:cc:c1:ea:f0:17:4f:36:42:7c:8a:07:
                    cd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2C:2F:40:D5:A2:AE:79:17:5B:E4:88:A7:00:04:CB:3D:5F:98:99
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PiwvQNWirnkXW-SIpwAEyz1fmJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:07:b1:2d:95:8b:68:b5:db:1c:28:58:38:f3:a3:22:bb:6f:
         5b:ca:e2:2e:70:29:11:df:da:74:db:0b:20:9c:d4:26:03:f2:
         43:81:93:fd:ef:21:b9:51:7b:b6:99:75:bc:6c:a9:ab:b5:43:
         8d:34:00:b7:9c:05:2a:23:c1:d1:b2:3d:de:bb:e2:37:68:0f:
         e2:2e:45:94:3c:1c:0f:e6:4b:de:07:ea:74:0a:4e:73:60:62:
         ff:38:ba:fb:d4:a1:9c:91:b9:a7:3e:a4:6f:cc:a0:f4:74:ca:
         28:93:f5:3a:0f:1c:03:55:e8:fc:ef:21:e5:c5:a3:f4:a7:a6:
         e2:81:3e:58:ce:40:16:4b:c6:ad:19:90:0b:23:52:c9:d7:61:
         3e:be:46:57:2f:5f:18:0a:89:c3:15:22:29:c3:c1:2e:d3:1c:
         9c:bf:ab:52:b5:b7:59:6a:78:74:1b:ac:c8:95:e5:cd:e5:ef:
         54:4b:04:e1:df:9b:5b:89:ba:6d:14:04:c0:30:81:6b:00:de:
         ad:d6:df:80:de:d2:44:29:57:74:5a:70:32:30:73:3c:8e:6b:
         cc:e2:d4:18:16:9b:f0:0f:7d:e7:07:69:46:bc:98:34:be:aa:
         80:a6:0f:ee:96:ec:96:77:37:41:4c:ce:44:e8:49:bb:e2:2a:
         c5:6b:69:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi4McLbwGDyyJVr4XMPYfn7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE3MTMyMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJjMmY0MGQ1YTJhZTc5MTc1YmU0ODhhNzAwMDRjYjNkNWY5ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9xSAYS60xdOgwXykZWwYjxjgt/Y
H+hHzEhVgN/QZE0x4cD/JOgcsfrBGcddm50DZNTEFjIO2ZBb97MyKGJVVCb9oFvQ
PDhafNjo0BmS7QTwmZ4jvlnc7cUp/bM2duCsRf865Ew0WGFv5YXSxHS1Ww17wdxs
ICr+aTQ4vmotG8LxU2CWgT2B244N5uiv6iJLPRU9Q8JCDtjbqfAw1xLB4wijynU7
r4QJUrtLS625E2MevxPJeltzdTlsu90xSkHwhEP++JPe1GIjJ1vozr7t3UIiia04
Ueuiotnm+WrC3VDJN4Zflh+88fCx8PW3CZfOQqjDzMHq8BdPNkJ8igfNdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4sL0DVoq55F1vkiKcABMs9X5iZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUGl3dlFOV2lybmtYVy1TSXB3QUV5ejFmbUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrTMA0G
CSqGSIb3DQEBCwUAA4IBAQCKB7EtlYtotdscKFg486Miu29byuIucCkR39p02wsg
nNQmA/JDgZP97yG5UXu2mXW8bKmrtUONNAC3nAUqI8HRsj3eu+I3aA/iLkWUPBwP
5kveB+p0Ck5zYGL/OLr71KGckbmnPqRvzKD0dMook/U6DxwDVej87yHlxaP0p6bi
gT5YzkAWS8atGZALI1LJ12E+vkZXL18YConDFSIpw8Eu0xycv6tStbdZanh0G6zI
leXN5e9USwTh35tbibptFATAMIFrAN6t1t+A3tJEKVd0WnAyMHM8jmvM4tQYFpvw
D33nB2lGvJg0vqqApg/uluyWdzdBTM5E6Em74irFa2nk
-----END CERTIFICATE-----