Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XApNG62NfwRhw1vIFAnmyiAHZQ4.roa
File:                     XApNG62NfwRhw1vIFAnmyiAHZQ4.roa (raw, json)
Hash identifier:          GEq7qD4bStDm/i5LACoIfIlx5H3b/7uZOYU5GHYBQmI=
Subject key identifier:   5C:0A:4D:1B:AD:8D:7F:04:61:C3:5B:C8:14:09:E6:CA:20:07:65:0E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01988916BFDFD14EA999C4D9CA48DF450F99
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XApNG62NfwRhw1vIFAnmyiAHZQ4.roa
Signing time:             Fri 08 Aug 2025 09:50:26 +0000
ROA not before:           Fri 08 Aug 2025 09:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        31.56.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:16:bf:df:d1:4e:a9:99:c4:d9:ca:48:df:45:0f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  8 09:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c0a4d1bad8d7f0461c35bc81409e6ca2007650e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:36:36:9a:17:7b:4e:cf:51:c6:2b:09:11:b7:
                    67:45:11:85:35:d8:27:d4:d4:d0:b6:6b:f7:2c:40:
                    da:02:36:fd:80:ca:82:61:64:17:a3:bf:b9:39:f5:
                    27:44:8b:e4:fb:fb:1a:c4:05:22:26:5a:23:a9:2a:
                    2c:25:c6:d9:14:8f:b3:30:a7:18:3d:6f:a9:12:90:
                    d3:f0:76:54:00:6f:ab:8b:87:30:b4:83:f8:12:da:
                    78:5b:22:31:20:b9:e3:a4:eb:c0:0d:a4:4a:0e:7e:
                    e0:ef:7c:e4:04:3b:4a:b8:f8:f1:4f:37:c2:64:fd:
                    ff:3e:5b:4a:7f:40:14:79:f6:de:e2:b0:26:24:89:
                    77:d4:7a:94:ef:f4:3e:70:4e:cf:fb:d9:dd:fa:52:
                    eb:85:e1:84:ef:8a:a4:20:1c:78:31:65:a1:d9:19:
                    52:35:24:e6:76:69:04:cf:dc:5f:c5:d9:70:36:c9:
                    cc:f1:16:28:46:bd:b2:96:01:9d:02:d4:a7:a3:2b:
                    de:a6:f1:39:9f:4f:fc:33:db:12:d1:ea:de:3c:4e:
                    72:e0:6d:aa:27:8d:8f:fa:52:00:d7:32:01:25:00:
                    7b:98:26:d8:68:15:74:5d:bd:ef:6f:33:97:7e:23:
                    ca:85:6d:d9:73:28:3f:fa:2a:a2:45:82:de:e4:3c:
                    9d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0A:4D:1B:AD:8D:7F:04:61:C3:5B:C8:14:09:E6:CA:20:07:65:0E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XApNG62NfwRhw1vIFAnmyiAHZQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:37:d7:fb:c4:d7:15:f8:c1:dc:e3:d6:2d:e3:8b:29:43:f7:
         59:f1:f0:01:6d:67:20:d6:67:b8:7e:d3:95:ac:32:8c:2c:11:
         04:03:2e:a8:e7:70:11:29:98:5f:66:8b:4b:be:45:81:d8:43:
         38:c8:da:7a:20:d0:6a:c1:c8:ff:ca:6a:9a:48:3a:4e:ce:29:
         04:87:73:87:54:1a:39:f3:06:c5:1c:cb:28:af:c7:81:c3:3f:
         8e:94:0d:9e:61:73:91:41:f1:5d:f0:fd:2a:57:29:6b:18:8a:
         58:a1:09:05:f3:42:b8:7d:8c:4a:b7:cd:68:bc:ec:8c:54:8f:
         16:46:64:8b:9f:ba:d3:23:8b:c3:ef:ef:7e:f5:11:46:42:d8:
         86:d9:8d:2d:ad:9f:32:1f:54:86:a8:d9:f6:98:bc:98:7f:1e:
         56:90:a7:43:fe:7b:e6:e4:e2:5a:fe:15:dd:a5:92:16:19:14:
         a3:48:78:7c:5b:42:ee:b5:c9:75:58:90:03:0d:4f:b1:62:13:
         63:53:78:7f:cb:35:af:b3:f8:8e:ba:3b:39:b1:45:a7:53:1d:
         a8:6a:a6:0d:af:b1:fc:89:76:e8:c0:05:ba:63:4c:ba:1b:12:
         bd:66:0b:a4:45:b8:92:03:ac:ca:4d:66:9a:64:f9:b4:5b:90:
         0d:33:f5:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiJFr/f0U6pmcTZykjfRQ+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODA4MDk1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBhNGQxYmFkOGQ3ZjA0NjFjMzViYzgxNDA5ZTZjYTIwMDc2NTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjY2mhd7Ts9RxisJEbdnRRGFNdgn
1NTQtmv3LEDaAjb9gMqCYWQXo7+5OfUnRIvk+/saxAUiJlojqSosJcbZFI+zMKcY
PW+pEpDT8HZUAG+ri4cwtIP4Etp4WyIxILnjpOvADaRKDn7g73zkBDtKuPjxTzfC
ZP3/PltKf0AUefbe4rAmJIl31HqU7/Q+cE7P+9nd+lLrheGE74qkIBx4MWWh2RlS
NSTmdmkEz9xfxdlwNsnM8RYoRr2ylgGdAtSnoyvepvE5n0/8M9sS0erePE5y4G2q
J42P+lIA1zIBJQB7mCbYaBV0Xb3vbzOXfiPKhW3Zcyg/+iqiRYLe5DydaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwKTRutjX8EYcNbyBQJ5sogB2UOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWEFwTkc2Mk5md1JodzF2SUZBbm15aUFIWlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCN9f7xNcV+MHc49Yt44spQ/dZ8fABbWcg1me4ftOV
rDKMLBEEAy6o53ARKZhfZotLvkWB2EM4yNp6INBqwcj/ymqaSDpOzikEh3OHVBo5
8wbFHMsor8eBwz+OlA2eYXORQfFd8P0qVylrGIpYoQkF80K4fYxKt81ovOyMVI8W
RmSLn7rTI4vD7+9+9RFGQtiG2Y0trZ8yH1SGqNn2mLyYfx5WkKdD/nvm5OJa/hXd
pZIWGRSjSHh8W0Lutcl1WJADDU+xYhNjU3h/yzWvs/iOujs5sUWnUx2oaqYNr7H8
iXbowAW6Y0y6GxK9ZgukRbiSA6zKTWaaZPm0W5ANM/W3
-----END CERTIFICATE-----