Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T7Jy-tqP2n6nWbSA1Uc8XPZjWs4.roa
File:                     T7Jy-tqP2n6nWbSA1Uc8XPZjWs4.roa (raw, json)
Hash identifier:          brL9QDkeTj4FRXkh5SSzg9b+XYCpmzCuEDnJ2KwD7Zk=
Subject key identifier:   4F:B2:72:FA:DA:8F:DA:7E:A7:59:B4:80:D5:47:3C:5C:F6:63:5A:CE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196C4912D75E76F8E80F8A4592498DD967C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T7Jy-tqP2n6nWbSA1Uc8XPZjWs4.roa
Signing time:             Mon 12 May 2025 12:56:10 +0000
ROA not before:           Mon 12 May 2025 12:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        31.58.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:91:2d:75:e7:6f:8e:80:f8:a4:59:24:98:dd:96:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 12 12:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fb272fada8fda7ea759b480d5473c5cf6635ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:8a:5a:39:de:82:6f:72:20:d9:0f:17:83:
                    6d:4b:4b:34:cb:b5:f4:d3:6a:a1:f4:71:bc:50:55:
                    49:f8:6b:83:30:4d:b5:69:aa:b0:24:8e:2e:62:45:
                    09:2f:b4:6e:b5:cb:65:5c:b3:83:67:11:93:70:e7:
                    dd:0f:ce:95:84:b0:ee:5a:9c:d7:3a:e1:45:9d:29:
                    7e:4f:18:9a:e1:1f:d4:01:5e:ab:92:50:eb:2f:f5:
                    c0:69:97:29:d5:16:f2:5b:28:06:61:6f:bb:6a:d7:
                    36:cd:39:83:1b:ef:73:2a:64:ad:3a:08:b3:cb:39:
                    57:4c:cc:42:bc:8e:ee:71:de:7b:49:55:60:5b:8d:
                    d3:d5:ba:48:e6:38:39:b1:de:72:72:d1:f1:9b:2a:
                    fa:41:ce:66:a8:a3:81:63:7d:df:77:51:c7:57:db:
                    e3:2e:17:7e:b9:7a:1a:b4:e1:d5:8e:e1:4c:bb:2c:
                    f2:4c:a7:e3:02:d3:73:55:c4:44:a2:cf:d5:f8:fc:
                    21:32:1d:01:2e:e6:19:47:1f:0b:94:d2:e2:cf:69:
                    bd:63:77:84:fb:87:90:0f:0d:d6:96:bd:c9:6f:04:
                    c6:cf:fa:67:23:34:ae:9c:82:fb:2f:30:e4:67:80:
                    d2:d1:50:e5:2d:37:ee:eb:d5:87:60:bd:d9:80:9d:
                    17:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B2:72:FA:DA:8F:DA:7E:A7:59:B4:80:D5:47:3C:5C:F6:63:5A:CE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/T7Jy-tqP2n6nWbSA1Uc8XPZjWs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9f:f5:a9:fc:45:05:93:23:eb:55:e3:29:d4:d3:90:66:83:
         1e:74:2b:17:e6:4e:df:b0:d9:d3:36:ca:a0:92:39:ff:ed:af:
         14:03:2d:63:20:84:28:b2:b8:7b:4b:25:1d:fd:58:b3:ee:e0:
         43:e9:ed:91:8a:e3:15:c3:d3:4b:e6:b5:a6:30:74:df:17:5a:
         19:76:fc:65:f0:32:d7:45:63:a2:6e:7e:8a:3f:18:f7:54:fa:
         48:45:fe:99:e9:d3:f4:09:fd:9a:f1:77:e2:d3:82:c5:c5:18:
         2b:9d:a4:af:52:d8:de:a2:a0:e6:94:92:81:51:d1:30:c5:30:
         1f:1e:e6:6c:74:17:f5:8b:c1:3c:40:a8:46:a6:ec:33:8e:e1:
         28:fe:f4:bf:ed:b3:b3:5d:0d:2f:00:4a:f9:f5:85:92:95:59:
         8f:44:14:a0:da:7d:57:17:42:c2:1c:c8:75:af:8c:5c:ec:65:
         b1:25:51:cc:25:d6:46:84:8c:43:6c:c1:ac:1c:1c:e3:f5:17:
         6c:60:d3:ff:af:07:27:bc:9f:d2:bb:10:1f:d2:c0:cb:0e:fd:
         56:ae:42:3f:11:5b:4d:ce:b8:54:19:e9:3b:60:87:83:b6:b1:
         be:cc:bf:85:6e:a6:d5:23:96:a7:05:ff:99:0f:ff:e3:2e:cf:
         98:a0:bd:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbEkS1152+OgPikWSSY3ZZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTEyMTI1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIyNzJmYWRhOGZkYTdlYTc1OWI0ODBkNTQ3M2M1Y2Y2NjM1YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyz+KWjnegm9yINkPF4NtS0s0y7X0
02qh9HG8UFVJ+GuDME21aaqwJI4uYkUJL7RutctlXLODZxGTcOfdD86VhLDuWpzX
OuFFnSl+Txia4R/UAV6rklDrL/XAaZcp1RbyWygGYW+7atc2zTmDG+9zKmStOgiz
yzlXTMxCvI7ucd57SVVgW43T1bpI5jg5sd5yctHxmyr6Qc5mqKOBY33fd1HHV9vj
Lhd+uXoatOHVjuFMuyzyTKfjAtNzVcREos/V+PwhMh0BLuYZRx8LlNLiz2m9Y3eE
+4eQDw3Wlr3JbwTGz/pnIzSunIL7LzDkZ4DS0VDlLTfu69WHYL3ZgJ0XswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+ycvraj9p+p1m0gNVHPFz2Y1rOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVDdKeS10cVAybjZuV2JTQTFVYzhYUFpqV3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqfMA0G
CSqGSIb3DQEBCwUAA4IBAQCan/Wp/EUFkyPrVeMp1NOQZoMedCsX5k7fsNnTNsqg
kjn/7a8UAy1jIIQosrh7SyUd/Viz7uBD6e2RiuMVw9NL5rWmMHTfF1oZdvxl8DLX
RWOibn6KPxj3VPpIRf6Z6dP0Cf2a8Xfi04LFxRgrnaSvUtjeoqDmlJKBUdEwxTAf
HuZsdBf1i8E8QKhGpuwzjuEo/vS/7bOzXQ0vAEr59YWSlVmPRBSg2n1XF0LCHMh1
r4xc7GWxJVHMJdZGhIxDbMGsHBzj9RdsYNP/rwcnvJ/SuxAf0sDLDv1WrkI/EVtN
zrhUGek7YIeDtrG+zL+FbqbVI5anBf+ZD//jLs+YoL1B
-----END CERTIFICATE-----