Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/STa5ai5v96Pq84y8jHNnZ40yrAw.roa
File:                     STa5ai5v96Pq84y8jHNnZ40yrAw.roa (raw, json)
Hash identifier:          UpkWU4sBcgkd12JXRFQmX4+bhDO20x1c2+liTR+aRzc=
Subject key identifier:   49:36:B9:6A:2E:6F:F7:A3:EA:F3:8C:BC:8C:73:67:67:8D:32:AC:0C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01999E35B21CB4975853336F0A76CF5D7BC2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/STa5ai5v96Pq84y8jHNnZ40yrAw.roa
Signing time:             Wed 01 Oct 2025 05:19:03 +0000
ROA not before:           Wed 01 Oct 2025 05:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        31.58.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:35:b2:1c:b4:97:58:53:33:6f:0a:76:cf:5d:7b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  1 05:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4936b96a2e6ff7a3eaf38cbc8c7367678d32ac0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:96:2b:35:08:13:56:0b:d9:ef:8f:6c:da:44:
                    d4:39:c6:be:c0:22:50:1f:3c:96:f8:ac:db:89:8c:
                    28:c0:88:8f:e8:fa:1a:d2:ec:9a:21:d6:52:a4:58:
                    2d:d0:ba:02:84:aa:bc:ed:1d:c7:43:4c:07:4b:2b:
                    5c:08:b1:8c:f8:e8:a0:26:01:e4:b9:49:e4:18:76:
                    12:53:75:ad:21:04:f7:26:90:45:14:1b:60:e7:d8:
                    25:d0:ba:69:87:75:e4:6a:99:9d:9d:e3:e5:24:36:
                    b8:f7:e2:24:f6:91:1e:5b:01:c0:51:a5:82:a7:c9:
                    91:1b:d8:7a:b8:94:2e:a3:69:d3:69:94:58:06:38:
                    7c:80:78:11:a8:78:55:53:c2:5e:fa:1d:79:5f:17:
                    90:43:c1:97:8a:3f:24:6d:c0:a4:e4:84:d8:6c:1b:
                    a1:d2:b1:46:88:c2:1b:9c:7a:24:c1:6b:c0:c5:9c:
                    ed:c9:e9:8c:02:88:d1:5e:83:39:06:a7:f6:ec:59:
                    dd:9c:ba:36:d5:e2:4a:09:7a:45:3f:c7:c4:f1:4a:
                    a8:f2:a3:fb:dc:32:7b:f2:43:ef:9c:ca:46:2a:3c:
                    9a:14:8c:db:42:72:8d:fd:21:2a:b6:b8:c2:76:fe:
                    64:1f:19:c5:44:ea:f7:2b:eb:a1:a9:44:4d:35:ce:
                    13:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:36:B9:6A:2E:6F:F7:A3:EA:F3:8C:BC:8C:73:67:67:8D:32:AC:0C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/STa5ai5v96Pq84y8jHNnZ40yrAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ce:b3:72:15:5b:6e:ce:e0:23:48:88:a9:d9:31:a0:ca:5d:
         9f:42:21:c1:20:87:ef:95:e2:a2:1b:9d:24:b3:e3:26:52:47:
         64:86:9f:78:a9:e7:3a:fb:1b:ea:5d:24:0d:ee:6f:83:ce:86:
         76:12:cd:59:61:f4:16:34:c7:5e:bc:fe:65:10:94:3f:71:9e:
         ad:03:b0:f9:b8:08:5f:fa:ad:f3:99:47:51:ad:b8:3b:12:98:
         7f:d2:e1:a8:5e:19:30:13:eb:e7:95:15:36:ce:9f:c4:b8:b0:
         37:51:dc:88:8f:e4:98:63:a1:2d:46:a3:de:ab:45:26:a6:bd:
         5b:6e:ed:61:76:3f:80:9e:51:88:23:39:a1:a3:48:76:72:93:
         4b:62:82:e5:99:05:0d:87:a0:5c:29:da:dc:97:48:19:07:a3:
         bd:e2:7a:cc:57:64:c1:9a:66:a2:c2:56:69:69:ed:38:61:5b:
         e4:3a:85:21:9c:ab:e3:dd:3a:dc:39:16:a6:71:b6:51:ed:e1:
         64:d2:e7:3c:6c:51:c5:e1:f1:b0:1f:7a:66:fc:3e:ec:67:c3:
         b5:3e:9c:ce:74:8a:9e:7c:7b:59:14:12:29:29:b1:d3:54:bc:
         d3:5b:0b:39:7e:b7:be:e0:7a:d0:8d:07:a4:b5:d8:0f:61:d3:
         92:58:85:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmeNbIctJdYUzNvCnbPXXvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDAxMDUxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM2Yjk2YTJlNmZmN2EzZWFmMzhjYmM4YzczNjc2NzhkMzJhYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5YrNQgTVgvZ749s2kTUOca+wCJQ
HzyW+KzbiYwowIiP6Poa0uyaIdZSpFgt0LoChKq87R3HQ0wHSytcCLGM+OigJgHk
uUnkGHYSU3WtIQT3JpBFFBtg59gl0Lpph3XkapmdnePlJDa49+Ik9pEeWwHAUaWC
p8mRG9h6uJQuo2nTaZRYBjh8gHgRqHhVU8Je+h15XxeQQ8GXij8kbcCk5ITYbBuh
0rFGiMIbnHokwWvAxZztyemMAojRXoM5Bqf27FndnLo21eJKCXpFP8fE8Uqo8qP7
3DJ78kPvnMpGKjyaFIzbQnKN/SEqtrjCdv5kHxnFROr3K+uhqURNNc4TYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk2uWoub/ej6vOMvIxzZ2eNMqwMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvU1RhNWFpNXY5NlBxODR5OGpITm5aNDB5ckF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrWMA0G
CSqGSIb3DQEBCwUAA4IBAQAKzrNyFVtuzuAjSIip2TGgyl2fQiHBIIfvleKiG50k
s+MmUkdkhp94qec6+xvqXSQN7m+DzoZ2Es1ZYfQWNMdevP5lEJQ/cZ6tA7D5uAhf
+q3zmUdRrbg7Eph/0uGoXhkwE+vnlRU2zp/EuLA3UdyIj+SYY6EtRqPeq0Umpr1b
bu1hdj+AnlGIIzmho0h2cpNLYoLlmQUNh6BcKdrcl0gZB6O94nrMV2TBmmaiwlZp
ae04YVvkOoUhnKvj3TrcORamcbZR7eFk0uc8bFHF4fGwH3pm/D7sZ8O1PpzOdIqe
fHtZFBIpKbHTVLzTWws5fre+4HrQjQektdgPYdOSWIUW
-----END CERTIFICATE-----