Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PkoMUMgI7F3YXl2WiuE_l9oa06s.roa
File:                     PkoMUMgI7F3YXl2WiuE_l9oa06s.roa (raw, json)
Hash identifier:          b428zFkRKRfJBuj5J/0tIKT1+qZryP27o3VL8pXnvyY=
Subject key identifier:   3E:4A:0C:50:C8:08:EC:5D:D8:5E:5D:96:8A:E1:3F:97:DA:1A:D3:AB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198B35A256E1A0E790A6E4DFDE54BE88ECE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PkoMUMgI7F3YXl2WiuE_l9oa06s.roa
Signing time:             Sat 16 Aug 2025 14:48:06 +0000
ROA not before:           Sat 16 Aug 2025 14:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216145
IP address blocks:        31.57.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:32:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:5a:25:6e:1a:0e:79:0a:6e:4d:fd:e5:4b:e8:8e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 16 14:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e4a0c50c808ec5dd85e5d968ae13f97da1ad3ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d3:d1:c7:88:d7:25:40:ea:b2:86:20:de:64:
                    5a:8d:88:9e:22:86:2c:65:a7:7e:e6:ab:be:21:ef:
                    ff:85:e4:ad:0b:02:f7:63:e2:91:87:d6:38:17:70:
                    1b:75:a5:cb:6e:24:51:b3:81:c9:5f:2b:b5:b4:56:
                    ad:eb:24:58:ce:f2:f0:09:5a:ad:ae:3e:b8:d0:17:
                    44:94:30:86:ed:13:d0:c6:7a:3b:39:bb:52:94:53:
                    90:14:4c:8a:5b:1c:2d:40:a3:46:9f:06:98:f9:3f:
                    2d:fa:81:2f:79:44:96:c2:10:f6:77:b0:2d:4a:17:
                    69:29:67:62:e5:38:06:6d:76:44:77:d5:f4:c9:aa:
                    ed:43:29:6c:1b:ed:09:44:d2:f1:2f:75:a9:98:d6:
                    5e:11:24:03:17:fa:2c:a8:9b:d8:bf:4f:f9:02:98:
                    9e:07:c0:22:8d:81:c3:72:22:70:8b:29:71:73:d4:
                    44:84:ee:b6:ae:d6:cf:8c:e7:07:c3:c6:8f:dc:f2:
                    3e:5f:ea:48:4a:0f:ab:8a:d4:9d:05:a1:b7:cf:80:
                    5a:3f:13:2b:d6:70:f0:ee:75:ed:6f:cf:ef:86:50:
                    84:be:ed:e9:4a:32:d6:4f:71:d9:b8:60:e9:ff:c5:
                    5e:33:c9:15:b5:7e:09:82:1c:2e:f5:4b:54:bb:f6:
                    b2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4A:0C:50:C8:08:EC:5D:D8:5E:5D:96:8A:E1:3F:97:DA:1A:D3:AB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PkoMUMgI7F3YXl2WiuE_l9oa06s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:42:ba:e0:8a:09:cd:de:cb:ef:f7:09:2a:34:ca:d6:67:e1:
         37:ef:12:69:d4:d6:2e:19:21:e4:f8:02:50:5f:de:bd:73:26:
         38:82:68:31:d7:47:a9:35:3e:a9:4c:78:a3:ec:7e:80:e0:e1:
         1b:a1:d2:1c:42:9e:e7:44:e5:d2:1c:25:f1:18:1e:80:e1:84:
         ed:ef:16:ab:49:b7:e2:27:ea:d2:dc:97:cc:07:59:e4:54:36:
         fb:0b:c0:1a:b7:76:8a:1b:72:92:05:09:f4:13:ea:00:1c:55:
         4b:2c:0c:c6:36:1f:50:c7:d6:9b:49:7e:02:22:99:97:e1:80:
         0b:18:22:ee:33:59:19:81:24:6d:50:f2:39:41:df:58:65:e4:
         a8:0b:b9:73:1f:11:92:f6:84:88:d6:8a:1d:50:d2:b2:24:5a:
         c7:58:e7:f9:9b:7a:5e:db:f7:70:06:0c:dc:9d:2e:89:f8:27:
         0d:d4:40:fa:37:c7:3a:6b:66:cc:95:1d:d6:c8:21:b2:90:fd:
         95:a3:7c:5b:80:ad:ba:4d:1e:c9:e0:a9:8b:d0:21:f6:a3:0d:
         3f:32:51:ae:3b:7f:c3:bb:87:ef:49:96:40:c9:81:ac:e6:6d:
         c2:b5:d4:25:17:e5:87:d1:84:2b:a1:50:c3:bd:3b:54:f9:7f:
         c1:59:ca:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizWiVuGg55Cm5N/eVL6I7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODE2MTQ0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRhMGM1MGM4MDhlYzVkZDg1ZTVkOTY4YWUxM2Y5N2RhMWFkM2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldPRx4jXJUDqsoYg3mRajYieIoYs
Zad+5qu+Ie//heStCwL3Y+KRh9Y4F3AbdaXLbiRRs4HJXyu1tFat6yRYzvLwCVqt
rj640BdElDCG7RPQxno7ObtSlFOQFEyKWxwtQKNGnwaY+T8t+oEveUSWwhD2d7At
ShdpKWdi5TgGbXZEd9X0yartQylsG+0JRNLxL3WpmNZeESQDF/osqJvYv0/5Apie
B8AijYHDciJwiylxc9REhO62rtbPjOcHw8aP3PI+X+pISg+ritSdBaG3z4BaPxMr
1nDw7nXtb8/vhlCEvu3pSjLWT3HZuGDp/8VeM8kVtX4Jghwu9UtUu/ayVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5KDFDICOxd2F5dlorhP5faGtOrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUGtvTVVNZ0k3RjNZWGwyV2l1RV9sOW9hMDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmnMA0G
CSqGSIb3DQEBCwUAA4IBAQC+QrrgignN3svv9wkqNMrWZ+E37xJp1NYuGSHk+AJQ
X969cyY4gmgx10epNT6pTHij7H6A4OEbodIcQp7nROXSHCXxGB6A4YTt7xarSbfi
J+rS3JfMB1nkVDb7C8Aat3aKG3KSBQn0E+oAHFVLLAzGNh9Qx9abSX4CIpmX4YAL
GCLuM1kZgSRtUPI5Qd9YZeSoC7lzHxGS9oSI1oodUNKyJFrHWOf5m3pe2/dwBgzc
nS6J+CcN1ED6N8c6a2bMlR3WyCGykP2Vo3xbgK26TR7J4KmL0CH2ow0/MlGuO3/D
u4fvSZZAyYGs5m3CtdQlF+WH0YQroVDDvTtU+X/BWcqQ
-----END CERTIFICATE-----