Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_Yw_-MXtHZX82PXs81x9Q--zb2M.roa
File:                     _Yw_-MXtHZX82PXs81x9Q--zb2M.roa (raw, json)
Hash identifier:          ObkeLn7xBVP6NVG6hdxEtG5920lItHSYuaES0Vcq7h0=
Subject key identifier:   FD:8C:3F:F8:C5:ED:1D:95:FC:D8:F5:EC:F3:5C:7D:43:EF:B3:6F:63
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199A874AEFF6A04694B51A03737C6037BE4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_Yw_-MXtHZX82PXs81x9Q--zb2M.roa
Signing time:             Fri 03 Oct 2025 05:04:03 +0000
ROA not before:           Fri 03 Oct 2025 05:04:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215531
IP address blocks:        31.58.235.0/24 maxlen: 24
                          31.58.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:74:ae:ff:6a:04:69:4b:51:a0:37:37:c6:03:7b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  3 05:04:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd8c3ff8c5ed1d95fcd8f5ecf35c7d43efb36f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:13:0a:d5:e4:1e:1e:42:4e:9a:c1:60:aa:57:
                    ae:09:1c:c9:00:98:a6:92:55:ee:f8:d2:27:7d:23:
                    82:03:df:ab:3c:af:4e:8c:ea:08:14:5a:fb:f2:33:
                    7e:a8:54:f4:3f:8b:4b:12:8e:65:c3:14:04:1b:22:
                    2e:08:a2:1a:4a:bb:f9:bc:43:cf:5f:7e:74:5c:17:
                    36:5f:29:a9:70:ed:d4:a4:d5:07:4d:4b:ba:dc:20:
                    9d:cb:fa:c9:a7:23:4e:75:a1:41:96:e4:5f:55:8f:
                    b3:fe:e5:be:2f:c6:e2:1d:9e:f7:25:5e:53:7d:73:
                    f0:15:40:94:c0:72:b2:05:e2:ef:e3:a2:73:f6:bf:
                    e2:3f:4f:a7:19:4b:9e:d8:df:14:c2:20:ed:54:ea:
                    3a:67:81:2c:fc:da:61:67:8d:44:87:f9:60:08:b2:
                    dd:91:c7:b3:9c:eb:2d:1d:e9:ab:1a:21:4c:f8:37:
                    61:00:c1:fc:b9:c2:00:2b:89:0f:c4:a1:90:87:3e:
                    74:da:20:d6:ed:bc:4a:d8:6b:af:06:e1:32:cb:96:
                    53:01:e0:f5:12:96:e7:21:50:15:84:c8:3a:7d:d7:
                    29:26:37:9e:86:d9:25:bb:8d:92:d1:51:c7:bc:7e:
                    f5:00:fc:68:97:02:48:df:d6:55:d2:6e:44:3d:1d:
                    8f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:8C:3F:F8:C5:ED:1D:95:FC:D8:F5:EC:F3:5C:7D:43:EF:B3:6F:63
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_Yw_-MXtHZX82PXs81x9Q--zb2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.235.0/24
                  31.58.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:68:0c:bf:9b:29:d7:37:b5:d6:eb:05:d5:dd:d8:62:ec:3b:
         86:08:9a:02:66:5f:c8:b7:ee:8d:23:32:77:6b:a7:15:8f:62:
         f1:70:be:41:74:7a:e7:9e:fa:d2:9c:f5:b2:ea:93:24:3e:48:
         29:a9:d0:da:e1:78:ff:75:c9:29:49:dd:a3:52:17:3f:5f:86:
         3c:df:c6:46:d3:7f:7a:13:85:a5:cf:3a:e4:e5:4f:56:44:09:
         ca:02:7a:10:f6:59:e1:89:58:cf:b4:28:09:49:64:7f:a9:8c:
         ee:c2:87:58:b3:b6:10:86:10:5a:ba:37:e1:6a:f6:06:66:83:
         f2:ac:c0:1a:ce:f6:d3:c9:f4:9b:5f:92:2e:f0:b8:5e:ef:bb:
         d8:d7:f0:8a:d2:bb:76:a1:4d:51:fc:62:06:6a:34:fe:b6:89:
         07:f5:a5:3e:53:b1:c3:e6:fa:5a:fe:cb:f7:35:bd:9d:6a:50:
         9d:86:4e:c3:6c:ef:82:d6:f2:9c:28:71:87:6f:51:22:9c:8f:
         62:23:34:e5:27:d9:a5:19:87:f4:84:29:ad:02:c1:37:50:e4:
         5b:41:f3:16:ed:31:dc:eb:34:99:fe:20:43:57:c4:7d:b1:07:
         b3:e7:e2:d1:b5:40:fe:0d:a7:47:e7:af:fa:d6:49:5e:e9:40:
         a3:95:ac:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmodK7/agRpS1GgNzfGA3vkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDAzMDUwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDhjM2ZmOGM1ZWQxZDk1ZmNkOGY1ZWNmMzVjN2Q0M2VmYjM2ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BMK1eQeHkJOmsFgqleuCRzJAJim
klXu+NInfSOCA9+rPK9OjOoIFFr78jN+qFT0P4tLEo5lwxQEGyIuCKIaSrv5vEPP
X350XBc2XympcO3UpNUHTUu63CCdy/rJpyNOdaFBluRfVY+z/uW+L8biHZ73JV5T
fXPwFUCUwHKyBeLv46Jz9r/iP0+nGUue2N8UwiDtVOo6Z4Es/NphZ41Eh/lgCLLd
kceznOstHemrGiFM+DdhAMH8ucIAK4kPxKGQhz502iDW7bxK2GuvBuEyy5ZTAeD1
EpbnIVAVhMg6fdcpJjeehtklu42S0VHHvH71APxolwJI39ZV0m5EPR2P5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP2MP/jF7R2V/Nj17PNcfUPvs29jMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvX1l3Xy1NWHRIWlg4MlBYczgxeDlRLS16YjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzrrAwQA
Hzr1MA0GCSqGSIb3DQEBCwUAA4IBAQBLaAy/mynXN7XW6wXV3dhi7DuGCJoCZl/I
t+6NIzJ3a6cVj2LxcL5BdHrnnvrSnPWy6pMkPkgpqdDa4Xj/dckpSd2jUhc/X4Y8
38ZG0396E4Wlzzrk5U9WRAnKAnoQ9lnhiVjPtCgJSWR/qYzuwodYs7YQhhBaujfh
avYGZoPyrMAazvbTyfSbX5Iu8Lhe77vY1/CK0rt2oU1R/GIGajT+tokH9aU+U7HD
5vpa/sv3Nb2dalCdhk7DbO+C1vKcKHGHb1EinI9iIzTlJ9mlGYf0hCmtAsE3UORb
QfMW7THc6zSZ/iBDV8R9sQez5+LRtUD+DadH56/61kle6UCjlazn
-----END CERTIFICATE-----