Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gNoxQwggrXMhiwbzIYGvuWco-ns.roa
File:                     gNoxQwggrXMhiwbzIYGvuWco-ns.roa (raw, json)
Hash identifier:          9lS0eEyU2aavsiCShRSuKYH7EMOLX/g+Gvh/Dy5L4hQ=
Subject key identifier:   80:DA:31:43:08:20:AD:73:21:8B:06:F3:21:81:AF:B9:67:28:FA:7B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01999BAAC1C97565FE92F0283F88D43309F6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gNoxQwggrXMhiwbzIYGvuWco-ns.roa
Signing time:             Tue 30 Sep 2025 17:28:03 +0000
ROA not before:           Tue 30 Sep 2025 17:28:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        31.58.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:aa:c1:c9:75:65:fe:92:f0:28:3f:88:d4:33:09:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 30 17:28:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80da31430820ad73218b06f32181afb96728fa7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8d:8d:37:06:fe:6d:9d:c2:53:c0:ea:7f:23:
                    b5:08:bf:bb:82:85:c1:aa:bb:f5:1a:96:04:1e:3b:
                    ef:7b:89:53:77:0f:a8:e4:16:7b:f3:87:cf:f5:90:
                    b4:61:ad:56:bc:f6:52:d6:6b:32:7a:2c:6a:ed:9c:
                    15:5e:b2:e4:24:73:ce:cf:f6:e7:90:ee:ba:de:4c:
                    f1:1f:8d:30:67:09:54:3a:11:db:62:c0:53:93:7d:
                    c6:fb:33:86:5b:6a:85:f7:5c:ff:37:da:3e:71:7a:
                    28:73:a2:72:83:f6:a3:c9:a8:3a:23:95:4a:af:e7:
                    7a:58:ce:a3:45:39:24:7d:f4:70:04:1c:64:15:55:
                    72:46:16:c3:b7:d4:2e:d4:ba:4a:12:4b:c5:18:d7:
                    ee:8b:9d:79:46:e7:54:50:90:dc:38:f4:fb:ed:ab:
                    12:93:71:35:64:b2:9b:3d:89:ca:47:09:e9:e0:c6:
                    1f:d6:d4:16:55:ac:1e:07:af:a3:fb:1f:56:5c:95:
                    29:74:ec:23:43:f6:96:ae:f6:7a:14:18:1d:38:81:
                    8a:bf:77:c6:aa:7d:49:c3:dd:c1:b7:d4:f3:b8:35:
                    2f:6e:1b:2c:81:62:91:82:50:a3:59:f9:c0:26:e0:
                    a0:6f:66:65:7b:5e:dc:fc:40:19:3b:09:e3:aa:dc:
                    b6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:DA:31:43:08:20:AD:73:21:8B:06:F3:21:81:AF:B9:67:28:FA:7B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gNoxQwggrXMhiwbzIYGvuWco-ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:52:8a:78:ae:4b:b1:75:2a:db:27:88:5c:1d:ba:d6:f7:91:
         62:dd:de:40:1b:b9:59:89:b2:5e:c8:f3:6f:bc:13:25:a1:5b:
         bc:e3:40:e6:9b:41:70:7d:d5:9c:91:06:6a:04:68:5b:88:34:
         1b:2e:26:7c:41:a2:19:63:a5:96:5b:93:b0:b1:9b:6e:c8:5c:
         2d:74:ec:f9:0d:8d:8e:70:e1:af:15:d5:04:58:d2:f5:ff:9a:
         bf:e8:46:c8:58:13:34:c8:45:6a:78:52:f1:3c:41:d6:9b:b2:
         28:2a:e6:a5:7a:2c:32:b3:6f:15:11:9f:4f:08:ea:11:ea:4f:
         92:74:c1:75:06:4b:7a:e1:40:49:f8:4d:c6:4a:6e:9a:64:e5:
         8f:a8:99:76:c0:49:20:ec:f5:09:dd:9d:0e:19:a5:a8:99:ed:
         76:78:ab:15:e4:45:a4:48:b0:f3:7d:af:55:5a:2a:3b:a1:31:
         98:c9:ec:7a:39:a2:f5:c5:12:3a:fd:7a:6e:c6:87:96:ec:3b:
         ce:ef:4e:40:65:e8:7f:28:74:24:3d:eb:be:25:ef:23:5e:ed:
         06:1c:aa:4d:d6:47:fc:38:94:4e:17:09:3a:67:3f:a1:1f:c9:
         0c:80:8f:be:84:52:2f:5d:b0:a2:e7:6b:bb:01:e2:01:5b:bf:
         79:0b:d2:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbqsHJdWX+kvAoP4jUMwn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTMwMTcyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGRhMzE0MzA4MjBhZDczMjE4YjA2ZjMyMTgxYWZiOTY3MjhmYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo2NNwb+bZ3CU8DqfyO1CL+7goXB
qrv1GpYEHjvve4lTdw+o5BZ784fP9ZC0Ya1WvPZS1msyeixq7ZwVXrLkJHPOz/bn
kO663kzxH40wZwlUOhHbYsBTk33G+zOGW2qF91z/N9o+cXooc6Jyg/ajyag6I5VK
r+d6WM6jRTkkffRwBBxkFVVyRhbDt9Qu1LpKEkvFGNfui515RudUUJDcOPT77asS
k3E1ZLKbPYnKRwnp4MYf1tQWVaweB6+j+x9WXJUpdOwjQ/aWrvZ6FBgdOIGKv3fG
qn1Jw93Bt9TzuDUvbhssgWKRglCjWfnAJuCgb2Zle17c/EAZOwnjqty2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDaMUMIIK1zIYsG8yGBr7lnKPp7MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ05veFF3Z2dyWE1oaXdieklZR3Z1V2NvLW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzo3MA0G
CSqGSIb3DQEBCwUAA4IBAQCpUop4rkuxdSrbJ4hcHbrW95Fi3d5AG7lZibJeyPNv
vBMloVu840Dmm0FwfdWckQZqBGhbiDQbLiZ8QaIZY6WWW5OwsZtuyFwtdOz5DY2O
cOGvFdUEWNL1/5q/6EbIWBM0yEVqeFLxPEHWm7IoKualeiwys28VEZ9PCOoR6k+S
dMF1Bkt64UBJ+E3GSm6aZOWPqJl2wEkg7PUJ3Z0OGaWome12eKsV5EWkSLDzfa9V
Wio7oTGYyex6OaL1xRI6/XpuxoeW7DvO705AZeh/KHQkPeu+Je8jXu0GHKpN1kf8
OJROFwk6Zz+hH8kMgI++hFIvXbCi52u7AeIBW795C9I+
-----END CERTIFICATE-----