Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/X8IB7cU2KY631qaqfFQkPB2xNf8.roa
File:                     X8IB7cU2KY631qaqfFQkPB2xNf8.roa (raw, json)
Hash identifier:          kQDnYna4E+zkZiAjfmGNSG/Owt5iaPQHWzvMZyajB/s=
Subject key identifier:   5F:C2:01:ED:C5:36:29:8E:B7:D6:A6:AA:7C:54:24:3C:1D:B1:35:FF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199BAC5FC0A864F7BACAE58D594A6EAF90F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/X8IB7cU2KY631qaqfFQkPB2xNf8.roa
Signing time:             Mon 06 Oct 2025 18:26:01 +0000
ROA not before:           Mon 06 Oct 2025 18:26:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214987
IP address blocks:        31.57.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ba:c5:fc:0a:86:4f:7b:ac:ae:58:d5:94:a6:ea:f9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  6 18:26:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc201edc536298eb7d6a6aa7c54243c1db135ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b0:a7:b9:35:97:8e:87:26:42:7f:41:3f:b1:
                    10:4b:4b:84:8b:3f:b7:dd:d4:f8:03:6f:59:ac:a0:
                    28:a0:b2:f1:72:bf:83:6c:a0:c3:78:d8:d5:3b:91:
                    2c:ca:39:4e:85:af:a3:d3:3b:0e:61:7f:48:43:ee:
                    08:60:34:8c:b1:7e:9e:3e:d8:e2:1b:be:46:a6:80:
                    7c:87:ce:96:a6:bd:fd:34:15:c8:b5:8a:fc:73:02:
                    87:68:86:e1:10:c8:bc:b4:64:21:2d:ca:ab:b2:31:
                    ba:5a:f9:0e:53:2a:6d:d9:57:62:7c:f7:26:f3:c9:
                    e4:2f:13:bb:5c:c6:58:f1:18:73:76:14:20:01:f3:
                    14:e9:ec:67:d0:56:1a:b1:e2:f8:cc:d8:df:b3:48:
                    ad:25:45:ee:5f:07:94:8e:71:fe:ce:d9:c3:3c:88:
                    90:67:48:8a:e6:a6:d8:a4:f1:a2:57:b9:59:9b:c9:
                    6d:28:14:cc:6f:b2:df:08:f2:70:20:f7:5e:55:6c:
                    96:5e:96:25:29:26:eb:49:e9:a7:92:dc:4d:af:a1:
                    fc:b0:3b:b3:27:df:07:18:a0:c2:7c:16:24:45:0c:
                    89:7c:e7:7f:5e:cb:b0:a9:71:cc:b1:95:b9:db:c1:
                    6b:94:e1:a4:c0:50:d2:8e:99:94:36:63:e5:61:56:
                    ea:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C2:01:ED:C5:36:29:8E:B7:D6:A6:AA:7C:54:24:3C:1D:B1:35:FF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/X8IB7cU2KY631qaqfFQkPB2xNf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:37:be:e0:fe:f2:ed:01:76:df:83:db:09:68:54:1c:ee:cd:
         7c:65:25:00:1d:5d:b7:d4:31:f0:96:72:11:68:0b:35:58:73:
         86:6c:bf:2f:95:32:05:d5:80:05:3e:13:38:fe:59:64:88:2c:
         30:a7:34:89:34:d2:cd:f9:51:02:3e:50:58:7f:5f:87:4a:7d:
         b2:74:f1:75:80:b0:05:d5:f9:29:47:08:73:d2:c8:9b:26:3f:
         b1:af:fa:31:b7:18:dc:ab:17:97:c8:44:3d:7f:a3:f7:86:0b:
         e0:f7:d9:16:91:a3:8b:16:3b:f1:4c:51:ae:3e:4f:12:d9:c1:
         23:fe:28:5b:d0:c5:8b:ce:a9:72:9b:c8:e0:46:94:2a:79:24:
         47:52:ec:56:95:bd:63:6d:56:fd:3f:10:c1:6a:6e:38:b1:ee:
         50:c5:17:0d:3f:fe:17:9d:e6:1d:5f:e4:aa:75:ee:10:e6:02:
         5a:14:48:5d:55:b1:5b:03:82:13:78:dd:49:28:b0:f7:33:17:
         95:50:8b:f2:96:a2:32:2e:86:91:8f:c7:f5:d9:d8:37:6a:c7:
         65:70:9a:b3:59:d4:f9:9d:3b:5d:f5:a8:b9:ee:26:7b:0d:ce:
         e8:8a:7c:f3:fc:63:0d:e9:c9:6d:8e:9f:78:d5:80:cf:86:9d:
         8a:28:eb:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm6xfwKhk97rK5Y1ZSm6vkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDA2MTgyNjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMyMDFlZGM1MzYyOThlYjdkNmE2YWE3YzU0MjQzYzFkYjEzNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7CnuTWXjocmQn9BP7EQS0uEiz+3
3dT4A29ZrKAooLLxcr+DbKDDeNjVO5EsyjlOha+j0zsOYX9IQ+4IYDSMsX6ePtji
G75GpoB8h86Wpr39NBXItYr8cwKHaIbhEMi8tGQhLcqrsjG6WvkOUypt2VdifPcm
88nkLxO7XMZY8RhzdhQgAfMU6exn0FYaseL4zNjfs0itJUXuXweUjnH+ztnDPIiQ
Z0iK5qbYpPGiV7lZm8ltKBTMb7LfCPJwIPdeVWyWXpYlKSbrSemnktxNr6H8sDuz
J98HGKDCfBYkRQyJfOd/XsuwqXHMsZW528FrlOGkwFDSjpmUNmPlYVbqLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/CAe3FNimOt9amqnxUJDwdsTX/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWDhJQjdjVTJLWTYzMXFhcWZGUWtQQjJ4TmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznwMA0G
CSqGSIb3DQEBCwUAA4IBAQBmN77g/vLtAXbfg9sJaFQc7s18ZSUAHV231DHwlnIR
aAs1WHOGbL8vlTIF1YAFPhM4/llkiCwwpzSJNNLN+VECPlBYf1+HSn2ydPF1gLAF
1fkpRwhz0sibJj+xr/oxtxjcqxeXyEQ9f6P3hgvg99kWkaOLFjvxTFGuPk8S2cEj
/ihb0MWLzqlym8jgRpQqeSRHUuxWlb1jbVb9PxDBam44se5QxRcNP/4XneYdX+Sq
de4Q5gJaFEhdVbFbA4ITeN1JKLD3MxeVUIvylqIyLoaRj8f12dg3asdlcJqzWdT5
nTtd9ai57iZ7Dc7oinzz/GMN6cltjp941YDPhp2KKOuc
-----END CERTIFICATE-----