Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dzJl2WWfIYKG3a8FDD3W3kSioG4.roa
File:                     dzJl2WWfIYKG3a8FDD3W3kSioG4.roa (raw, json)
Hash identifier:          lgZL0WW/V50ZGAM4ENwCPV81ukFZ2DsnmG8jQG5q/z0=
Subject key identifier:   77:32:65:D9:65:9F:21:82:86:DD:AF:05:0C:3D:D6:DE:44:A2:A0:6E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198D57CD8CC5CE6843B5B715A1E04EF0D25
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dzJl2WWfIYKG3a8FDD3W3kSioG4.roa
Signing time:             Sat 23 Aug 2025 05:53:05 +0000
ROA not before:           Sat 23 Aug 2025 05:53:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203758
IP address blocks:        31.59.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:7c:d8:cc:5c:e6:84:3b:5b:71:5a:1e:04:ef:0d:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 23 05:53:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=773265d9659f218286ddaf050c3dd6de44a2a06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:00:d8:45:f9:64:d2:ec:c6:50:9a:f5:67:44:
                    6c:f0:af:91:07:4e:9d:1b:d2:60:1f:04:a9:12:cc:
                    36:46:21:59:16:7b:44:7e:8e:14:b9:9a:c0:59:2b:
                    df:fb:89:a4:9d:16:f4:83:62:0b:9d:07:d3:fa:a6:
                    3b:f3:20:c8:bf:90:48:7b:b6:7a:8f:7d:82:8e:b4:
                    3c:4c:7a:c9:61:a6:c1:28:91:96:88:a7:26:e5:c3:
                    30:7b:ae:c3:dc:3f:35:72:25:5d:24:23:48:d9:5d:
                    ce:f0:45:26:54:08:30:6b:a0:68:db:2f:82:f8:18:
                    4f:85:c7:9b:cc:d9:08:14:3a:f9:2f:1c:b7:e1:57:
                    79:9f:88:22:91:b4:cc:39:4e:37:07:53:77:05:dd:
                    be:fa:30:bf:34:62:75:2e:6e:93:0e:cd:04:30:c4:
                    40:ae:58:32:d8:bc:f8:bb:2e:5c:54:88:e6:32:bc:
                    1d:2e:92:c5:77:f2:36:40:21:4b:b2:9e:fe:af:b1:
                    19:2f:a5:71:40:80:f0:99:18:56:7e:c2:fa:a6:7b:
                    5b:ee:4b:38:4a:75:d5:24:fb:11:97:c7:77:79:98:
                    29:35:50:42:b7:dd:52:a7:d4:3c:b8:c2:7e:8c:c7:
                    5b:56:76:5c:8e:c2:9b:2b:d3:70:09:c0:19:28:4b:
                    d4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:32:65:D9:65:9F:21:82:86:DD:AF:05:0C:3D:D6:DE:44:A2:A0:6E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dzJl2WWfIYKG3a8FDD3W3kSioG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c5:d3:33:61:47:78:1b:da:d0:98:67:ea:02:16:d2:20:4c:
         7d:cf:a3:76:b4:04:05:bf:5e:e4:92:f9:10:a2:80:81:de:e5:
         44:1f:1e:4e:4f:9c:00:82:12:ae:04:c9:82:24:e2:e9:eb:4b:
         72:14:c6:ec:ef:9b:85:7f:5b:c3:f8:c0:fb:99:1f:3b:e9:ec:
         e4:18:4d:88:aa:64:84:1f:10:3a:bb:ca:ac:5b:a8:b4:2b:c6:
         ae:d5:b9:eb:25:fa:36:cc:97:b8:ed:46:d9:ab:ab:14:42:99:
         a5:f8:c9:14:f4:a7:9b:a9:85:a2:4d:52:d7:0f:0c:db:73:4e:
         2e:f2:2e:79:90:51:47:87:74:34:08:03:96:25:71:02:34:9a:
         52:f7:74:5c:84:18:6e:53:44:b7:45:e7:2d:87:69:ce:7c:d2:
         09:17:05:b7:7e:ab:ac:23:b5:19:f0:83:1f:16:9d:ea:ee:44:
         2b:78:eb:b7:bd:14:da:1d:bf:84:d6:a5:d3:85:ca:4e:39:64:
         bf:40:99:0f:c1:47:ce:41:9f:30:21:4e:b5:f9:3e:d8:10:83:
         49:32:0e:54:7f:5d:27:f2:ae:f8:cc:62:01:81:00:1b:ff:dc:
         b5:30:1f:c6:f7:33:b3:39:76:3a:cb:ae:40:22:47:85:16:49:
         22:d2:3d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjVfNjMXOaEO1txWh4E7w0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODIzMDU1MzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzMyNjVkOTY1OWYyMTgyODZkZGFmMDUwYzNkZDZkZTQ0YTJhMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgDYRflk0uzGUJr1Z0Rs8K+RB06d
G9JgHwSpEsw2RiFZFntEfo4UuZrAWSvf+4mknRb0g2ILnQfT+qY78yDIv5BIe7Z6
j32CjrQ8THrJYabBKJGWiKcm5cMwe67D3D81ciVdJCNI2V3O8EUmVAgwa6Bo2y+C
+BhPhcebzNkIFDr5Lxy34Vd5n4gikbTMOU43B1N3Bd2++jC/NGJ1Lm6TDs0EMMRA
rlgy2Lz4uy5cVIjmMrwdLpLFd/I2QCFLsp7+r7EZL6VxQIDwmRhWfsL6pntb7ks4
SnXVJPsRl8d3eZgpNVBCt91Sp9Q8uMJ+jMdbVnZcjsKbK9NwCcAZKEvURQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcyZdllnyGCht2vBQw91t5EoqBuMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZHpKbDJXV2ZJWUtHM2E4RkREM1cza1Npb0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzt6MA0G
CSqGSIb3DQEBCwUAA4IBAQBGxdMzYUd4G9rQmGfqAhbSIEx9z6N2tAQFv17kkvkQ
ooCB3uVEHx5OT5wAghKuBMmCJOLp60tyFMbs75uFf1vD+MD7mR876ezkGE2IqmSE
HxA6u8qsW6i0K8au1bnrJfo2zJe47UbZq6sUQpml+MkU9KebqYWiTVLXDwzbc04u
8i55kFFHh3Q0CAOWJXECNJpS93RchBhuU0S3Recth2nOfNIJFwW3fqusI7UZ8IMf
Fp3q7kQreOu3vRTaHb+E1qXThcpOOWS/QJkPwUfOQZ8wIU61+T7YEINJMg5Uf10n
8q74zGIBgQAb/9y1MB/G9zOzOXY6y65AIkeFFkki0j19
-----END CERTIFICATE-----