Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YJ82vybUS0Wffdy-g7iVS9O6Uhg.roa
File:                     YJ82vybUS0Wffdy-g7iVS9O6Uhg.roa (raw, json)
Hash identifier:          tcF8lPVynZBcVCjEhg6lxkRzrlu0Wsm/Aq5sd2V6s98=
Subject key identifier:   60:9F:36:BF:26:D4:4B:45:9F:7D:DC:BE:83:B8:95:4B:D3:BA:52:18
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019972AD4D45AC94141213ACC5FA8CD8B8AB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YJ82vybUS0Wffdy-g7iVS9O6Uhg.roa
Signing time:             Mon 22 Sep 2025 18:26:24 +0000
ROA not before:           Mon 22 Sep 2025 18:26:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        31.56.84.0/24 maxlen: 24
                          31.58.88.0/24 maxlen: 24
                          31.58.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:ad:4d:45:ac:94:14:12:13:ac:c5:fa:8c:d8:b8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 22 18:26:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=609f36bf26d44b459f7ddcbe83b8954bd3ba5218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:57:70:c9:27:4b:fd:35:7a:55:db:26:fb:94:
                    f9:57:54:99:82:4c:d8:0b:e8:3e:f9:c4:4a:ff:d8:
                    3f:76:40:32:db:75:e5:18:1f:6e:65:13:39:6c:ee:
                    a6:89:7d:84:57:14:c8:c9:00:42:83:24:8e:25:42:
                    e0:82:fe:2e:b2:fc:5c:01:5e:8d:7b:1d:19:b0:ea:
                    83:21:fe:0b:84:e3:ec:c9:95:e4:81:12:4a:48:be:
                    21:c0:9c:60:05:10:50:f8:7d:d8:b6:bb:0b:4a:37:
                    09:3e:99:b5:81:95:29:5c:cb:66:e0:4b:80:8d:16:
                    81:cd:8e:51:da:18:d8:65:60:b1:07:f5:42:0d:d3:
                    f7:9f:96:92:a5:a6:f0:28:dc:a7:ed:ff:51:f2:1d:
                    19:15:61:d4:3b:63:1b:28:d1:bd:50:68:2f:76:b9:
                    79:51:7d:ef:05:ce:d2:ad:dd:05:1e:1c:ee:da:bf:
                    1f:ea:6e:de:e4:74:92:ee:4a:c5:e7:68:9f:35:c3:
                    4d:4e:78:f9:3f:68:f4:8f:bf:ed:77:a9:70:08:dc:
                    ee:e9:59:d7:a6:a1:f5:dd:d2:b0:fe:f7:5b:17:23:
                    c2:cb:ab:98:c7:1b:3c:5f:b9:c4:89:01:27:7f:d7:
                    b5:3b:be:64:cb:79:2e:31:ee:9a:70:ed:c1:c3:57:
                    b0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9F:36:BF:26:D4:4B:45:9F:7D:DC:BE:83:B8:95:4B:D3:BA:52:18
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YJ82vybUS0Wffdy-g7iVS9O6Uhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.84.0/24
                  31.58.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:0a:22:26:07:47:3c:98:36:1e:d5:b4:71:f8:2d:b1:aa:78:
         56:16:ba:cc:d0:d2:77:ac:65:9a:d4:f1:f5:c0:17:99:e2:a4:
         07:a2:cd:1b:ca:4f:50:90:f4:c1:98:04:1f:f6:ed:cd:da:c7:
         07:4e:ac:27:bd:b3:89:be:fc:09:9f:1e:8f:87:74:16:49:f1:
         2a:8f:77:79:68:0c:b0:4d:88:e5:71:50:43:f6:fa:bd:44:90:
         78:d6:6f:06:0f:1e:ca:35:70:5d:94:e1:6d:1c:e8:b1:5c:88:
         4d:f7:e9:fe:e2:ee:90:a4:45:16:d3:dc:3c:d6:6a:07:3a:f2:
         1d:ab:00:33:93:dc:48:b6:70:e2:94:46:49:7c:e6:73:10:85:
         3e:1e:55:cb:3c:63:86:cb:62:1e:95:9e:09:64:39:65:e0:26:
         b4:bf:30:a3:77:09:ec:1c:fb:e4:37:58:56:16:aa:05:d9:65:
         37:38:c6:e0:fd:4e:16:de:e9:a0:6f:0f:e8:06:9b:f6:17:9b:
         7e:1a:6d:e2:8d:dc:8a:b8:61:9f:7a:83:62:4e:c9:ed:2d:6f:
         50:4d:f9:21:6c:89:ab:ea:ed:21:81:b2:7a:43:4c:97:18:2f:
         80:1c:4b:b0:ed:3b:98:9d:34:0b:8f:af:c1:1c:8f:9f:4a:2b:
         6b:fd:20:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlyrU1FrJQUEhOsxfqM2LirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTIyMTgyNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlmMzZiZjI2ZDQ0YjQ1OWY3ZGRjYmU4M2I4OTU0YmQzYmE1MjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVdwySdL/TV6Vdsm+5T5V1SZgkzY
C+g++cRK/9g/dkAy23XlGB9uZRM5bO6miX2EVxTIyQBCgySOJULggv4usvxcAV6N
ex0ZsOqDIf4LhOPsyZXkgRJKSL4hwJxgBRBQ+H3YtrsLSjcJPpm1gZUpXMtm4EuA
jRaBzY5R2hjYZWCxB/VCDdP3n5aSpabwKNyn7f9R8h0ZFWHUO2MbKNG9UGgvdrl5
UX3vBc7Srd0FHhzu2r8f6m7e5HSS7krF52ifNcNNTnj5P2j0j7/td6lwCNzu6VnX
pqH13dKw/vdbFyPCy6uYxxs8X7nEiQEnf9e1O75ky3kuMe6acO3Bw1ewjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGCfNr8m1EtFn33cvoO4lUvTulIYMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWUo4MnZ5YlVTMFdmZmR5LWc3aVZTOU82VWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhUAwQB
HzpYMA0GCSqGSIb3DQEBCwUAA4IBAQBKCiImB0c8mDYe1bRx+C2xqnhWFrrM0NJ3
rGWa1PH1wBeZ4qQHos0byk9QkPTBmAQf9u3N2scHTqwnvbOJvvwJnx6Ph3QWSfEq
j3d5aAywTYjlcVBD9vq9RJB41m8GDx7KNXBdlOFtHOixXIhN9+n+4u6QpEUW09w8
1moHOvIdqwAzk9xItnDilEZJfOZzEIU+HlXLPGOGy2IelZ4JZDll4Ca0vzCjdwns
HPvkN1hWFqoF2WU3OMbg/U4W3umgbw/oBpv2F5t+Gm3ijdyKuGGfeoNiTsntLW9Q
TfkhbImr6u0hgbJ6Q0yXGC+AHEuw7TuYnTQLj6/BHI+fSitr/SA5
-----END CERTIFICATE-----