Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cKVPufnlHG-x2vNSMI38TID8Tzk.roa
File:                     cKVPufnlHG-x2vNSMI38TID8Tzk.roa (raw, json)
Hash identifier:          3JAJKjaJn4QkwXSm2Jq4HOs3ASD53L+7VFyljjjWd5M=
Subject key identifier:   70:A5:4F:B9:F9:E5:1C:6F:B1:DA:F3:52:30:8D:FC:4C:80:FC:4F:39
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01999A554308027E43F8CBA8EBC2BE7E46B3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cKVPufnlHG-x2vNSMI38TID8Tzk.roa
Signing time:             Tue 30 Sep 2025 11:15:02 +0000
ROA not before:           Tue 30 Sep 2025 11:15:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        31.56.230.0/24 maxlen: 24
                          31.58.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:55:43:08:02:7e:43:f8:cb:a8:eb:c2:be:7e:46:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 30 11:15:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70a54fb9f9e51c6fb1daf352308dfc4c80fc4f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:93:20:f3:0a:b3:90:45:64:6d:53:aa:52:c5:
                    8d:d5:35:a0:5e:19:c9:93:c8:a6:0a:bd:66:31:03:
                    28:48:fa:ca:f3:0b:a9:7c:5a:cd:01:07:8a:07:7a:
                    3c:70:d9:09:68:82:c6:53:9e:ff:3e:aa:90:f9:7b:
                    25:43:06:34:cc:16:21:0a:61:7e:66:67:88:f7:00:
                    8f:30:8f:bd:df:32:1a:a1:82:1f:15:1e:b0:c2:44:
                    fd:2d:de:8e:7b:9b:ee:b5:bf:8c:2f:ab:7e:3c:00:
                    c6:49:ec:c2:d5:61:87:b2:d5:9e:19:df:76:c8:b6:
                    ea:d2:83:9e:4c:30:14:c2:b2:79:ee:15:8f:6f:de:
                    8d:db:4c:04:2f:85:ff:d0:b1:38:6d:a3:82:1f:4f:
                    5e:8a:30:be:1d:ab:8b:27:1a:e6:4b:7b:0e:66:03:
                    2b:1e:88:a0:33:8a:b7:77:36:50:ec:f9:3a:22:9e:
                    a7:54:f2:ca:3c:b3:89:3e:ca:9e:96:04:c5:7b:43:
                    0e:9d:75:70:fd:d6:1a:9e:40:46:4d:ea:32:d8:e6:
                    93:6d:c0:36:47:66:8d:b9:fc:42:db:bc:3c:28:f8:
                    66:39:1d:34:32:aa:09:1f:e0:75:84:2b:33:df:49:
                    69:3f:ff:bc:26:c8:16:87:df:e8:39:3a:3e:41:d3:
                    47:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A5:4F:B9:F9:E5:1C:6F:B1:DA:F3:52:30:8D:FC:4C:80:FC:4F:39
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cKVPufnlHG-x2vNSMI38TID8Tzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.230.0/24
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:55:04:b3:42:61:25:7e:ee:34:b2:52:79:f7:11:70:0b:0f:
         f8:45:00:b9:16:79:3c:cc:e0:32:6b:9f:01:a1:94:da:d6:3f:
         c7:9e:f7:1e:c1:ac:84:ab:59:98:6b:7f:ca:57:32:5e:aa:72:
         83:85:6f:77:69:94:6d:b1:e2:8f:b3:22:67:20:03:4e:52:86:
         de:10:4b:ea:1c:d4:1a:9f:60:4a:a8:0d:36:d8:8c:d9:7f:b3:
         e8:b2:25:d4:d4:78:ab:48:8f:0f:3a:83:85:03:43:6d:f2:4d:
         62:77:7e:a4:8c:25:d9:f3:13:76:64:d3:cf:cc:bd:34:e5:41:
         da:31:88:39:8d:33:33:67:1f:4a:ea:49:9e:af:3e:a8:12:1a:
         0b:fa:23:79:1f:4e:14:b3:93:fd:5b:d2:8e:b4:9c:38:72:02:
         69:46:fb:0e:c8:5a:5a:09:cc:ea:87:8d:1b:70:66:e8:d4:c7:
         9b:c7:31:70:8e:af:46:94:45:ee:98:99:53:af:b7:1b:fb:4a:
         a8:e8:a9:4f:96:c2:41:33:ba:ee:68:b0:f1:12:fe:b4:60:6f:
         5a:75:86:99:2b:49:a7:73:6d:3a:27:18:8e:f5:86:ad:f8:53:
         87:d3:f1:09:b7:50:45:17:71:dc:44:31:77:d1:1c:ca:a6:b0:
         0e:0c:d1:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmaVUMIAn5D+Muo68K+fkazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTMwMTExNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE1NGZiOWY5ZTUxYzZmYjFkYWYzNTIzMDhkZmM0YzgwZmM0ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJMg8wqzkEVkbVOqUsWN1TWgXhnJ
k8imCr1mMQMoSPrK8wupfFrNAQeKB3o8cNkJaILGU57/PqqQ+XslQwY0zBYhCmF+
ZmeI9wCPMI+93zIaoYIfFR6wwkT9Ld6Oe5vutb+ML6t+PADGSezC1WGHstWeGd92
yLbq0oOeTDAUwrJ57hWPb96N20wEL4X/0LE4baOCH09eijC+HauLJxrmS3sOZgMr
HoigM4q3dzZQ7Pk6Ip6nVPLKPLOJPsqelgTFe0MOnXVw/dYankBGTeoy2OaTbcA2
R2aNufxC27w8KPhmOR00MqoJH+B1hCsz30lpP/+8JsgWh9/oOTo+QdNH9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHClT7n55RxvsdrzUjCN/EyA/E85MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY0tWUHVmbmxIRy14MnZOU01JMzhUSUQ4VHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjmAwQA
HzqCMA0GCSqGSIb3DQEBCwUAA4IBAQBpVQSzQmElfu40slJ59xFwCw/4RQC5Fnk8
zOAya58BoZTa1j/HnvcewayEq1mYa3/KVzJeqnKDhW93aZRtseKPsyJnIANOUobe
EEvqHNQan2BKqA022IzZf7PosiXU1HirSI8POoOFA0Nt8k1id36kjCXZ8xN2ZNPP
zL005UHaMYg5jTMzZx9K6kmerz6oEhoL+iN5H04Us5P9W9KOtJw4cgJpRvsOyFpa
Cczqh40bcGbo1MebxzFwjq9GlEXumJlTr7cb+0qo6KlPlsJBM7ruaLDxEv60YG9a
dYaZK0mnc206JxiO9Yat+FOH0/EJt1BFF3HcRDF30RzKprAODNGK
-----END CERTIFICATE-----