Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y-bOz9B-L6PLuL24ipR1xlYL5ok.roa
File:                     Y-bOz9B-L6PLuL24ipR1xlYL5ok.roa (raw, json)
Hash identifier:          FSqymHL+rp5KJpMGVNb8PGgHPmNr4tt14LxZ2WgqN1c=
Subject key identifier:   63:E6:CE:CF:D0:7E:2F:A3:CB:B8:BD:B8:8A:94:75:C6:56:0B:E6:89
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198A4D1BF01BAA2C8CCBD8624FF14A68D00
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y-bOz9B-L6PLuL24ipR1xlYL5ok.roa
Signing time:             Wed 13 Aug 2025 19:04:26 +0000
ROA not before:           Wed 13 Aug 2025 19:04:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        31.56.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:d1:bf:01:ba:a2:c8:cc:bd:86:24:ff:14:a6:8d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 13 19:04:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e6cecfd07e2fa3cbb8bdb88a9475c6560be689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:32:0a:cf:f3:e2:a9:a7:31:4b:2e:10:a6:9c:
                    a5:83:73:6c:6d:4b:bf:04:78:20:02:4a:04:7b:b9:
                    da:9d:48:43:b9:7b:57:eb:7a:cf:74:46:4b:a5:ec:
                    7c:2f:3d:75:5b:69:d4:ea:cf:32:4b:d2:53:0b:43:
                    5e:1a:dd:8d:85:c6:64:a7:61:26:3d:13:54:6d:b6:
                    a9:86:eb:51:a8:7e:e2:b7:52:a1:0e:0a:05:20:c5:
                    6a:dd:a7:1f:44:6a:d4:14:00:aa:86:3f:4c:8a:c0:
                    2a:54:65:81:f1:10:c6:ae:b1:c1:1f:ca:b0:e1:2f:
                    65:16:3b:63:4e:93:c5:b4:28:26:01:2d:b1:32:e9:
                    b8:3f:85:aa:2b:84:ce:64:de:0c:b5:4e:3f:10:d4:
                    0e:59:c4:6a:e6:b4:36:8d:eb:dc:6c:45:d6:0f:ec:
                    90:8a:7b:6c:94:e3:d4:ee:a6:5d:71:8e:60:c7:f2:
                    87:21:bc:7f:5a:a2:17:b0:87:72:04:7e:d5:80:57:
                    20:3b:3b:b5:3b:d3:3e:2d:73:3d:04:1c:90:74:c9:
                    74:87:38:1f:16:be:e0:51:da:79:8a:9d:1a:85:bd:
                    44:a8:a4:b0:38:18:66:4d:77:1e:8c:45:a9:32:52:
                    fe:18:2c:8d:1c:db:9f:ca:8c:3e:4a:5d:8c:00:35:
                    77:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E6:CE:CF:D0:7E:2F:A3:CB:B8:BD:B8:8A:94:75:C6:56:0B:E6:89
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y-bOz9B-L6PLuL24ipR1xlYL5ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:76:92:2b:28:a1:94:7a:de:43:92:56:e6:d1:1b:88:63:f2:
         7e:69:ca:03:36:b4:b0:19:39:6a:89:cf:2c:3c:59:6a:48:98:
         cc:eb:d8:a2:75:56:be:e3:5b:48:d9:0c:c1:ce:b9:2c:8a:89:
         d8:cd:21:8f:18:2d:60:7e:1e:cc:3d:51:3a:8e:d4:c5:a7:fb:
         c2:7f:dd:45:4b:c0:05:02:98:c8:45:d6:ba:1c:31:1e:d6:ce:
         97:33:d2:22:bd:37:af:f6:de:9a:b5:e0:95:8e:df:bc:f3:1f:
         4a:f0:3d:f5:16:95:27:40:bf:8b:4e:05:22:e3:97:4d:2f:a3:
         55:52:c8:68:02:75:fd:c8:11:6e:21:a8:41:a3:c9:a3:8e:7f:
         04:a7:89:6c:34:19:38:09:39:ca:7e:4a:df:23:de:3a:6a:93:
         8c:47:83:99:dd:35:4b:ed:e6:0f:cf:34:32:78:1b:d7:e6:ee:
         cf:71:2b:f6:0f:d3:f6:1b:6a:0b:f4:4c:f0:89:9c:db:3a:cb:
         51:5e:e6:f9:b9:4a:46:f5:06:fd:6f:46:93:9b:00:95:90:98:
         6e:a9:39:3a:0a:2a:6e:bb:72:22:26:47:52:a9:a8:7d:97:64:
         c7:05:07:df:6e:f4:46:c6:50:26:0b:ff:e9:95:1d:80:bd:13:
         e9:b8:60:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZik0b8BuqLIzL2GJP8Upo0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODEzMTkwNDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U2Y2VjZmQwN2UyZmEzY2JiOGJkYjg4YTk0NzVjNjU2MGJlNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTIKz/PiqacxSy4Qppylg3NsbUu/
BHggAkoEe7nanUhDuXtX63rPdEZLpex8Lz11W2nU6s8yS9JTC0NeGt2NhcZkp2Em
PRNUbbaphutRqH7it1KhDgoFIMVq3acfRGrUFACqhj9MisAqVGWB8RDGrrHBH8qw
4S9lFjtjTpPFtCgmAS2xMum4P4WqK4TOZN4MtU4/ENQOWcRq5rQ2jevcbEXWD+yQ
intslOPU7qZdcY5gx/KHIbx/WqIXsIdyBH7VgFcgOzu1O9M+LXM9BByQdMl0hzgf
Fr7gUdp5ip0ahb1EqKSwOBhmTXcejEWpMlL+GCyNHNufyow+Sl2MADV3BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPmzs/Qfi+jy7i9uIqUdcZWC+aJMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWS1iT3o5Qi1MNlBMdUwyNGlwUjF4bFlMNW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjnMA0G
CSqGSIb3DQEBCwUAA4IBAQBcdpIrKKGUet5Dklbm0RuIY/J+acoDNrSwGTlqic8s
PFlqSJjM69iidVa+41tI2QzBzrksionYzSGPGC1gfh7MPVE6jtTFp/vCf91FS8AF
ApjIRda6HDEe1s6XM9IivTev9t6ateCVjt+88x9K8D31FpUnQL+LTgUi45dNL6NV
UshoAnX9yBFuIahBo8mjjn8Ep4lsNBk4CTnKfkrfI946apOMR4OZ3TVL7eYPzzQy
eBvX5u7PcSv2D9P2G2oL9EzwiZzbOstRXub5uUpG9Qb9b0aTmwCVkJhuqTk6Cipu
u3IiJkdSqah9l2THBQffbvRGxlAmC//plR2AvRPpuGCL
-----END CERTIFICATE-----