Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kuLH5aGzW4QaMTzBR-uNAIk4tNs.roa
File:                     kuLH5aGzW4QaMTzBR-uNAIk4tNs.roa (raw, json)
Hash identifier:          pzjhRc7QbpJguJR1OX6T84zkSGGYeM29UfrsZdwclzg=
Subject key identifier:   92:E2:C7:E5:A1:B3:5B:84:1A:31:3C:C1:47:EB:8D:00:89:38:B4:DB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198D786B34F1C2C91B39D4C0AA5CEDACE64
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kuLH5aGzW4QaMTzBR-uNAIk4tNs.roa
Signing time:             Sat 23 Aug 2025 15:23:05 +0000
ROA not before:           Sat 23 Aug 2025 15:23:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153497
IP address blocks:        31.57.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d7:86:b3:4f:1c:2c:91:b3:9d:4c:0a:a5:ce:da:ce:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 23 15:23:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92e2c7e5a1b35b841a313cc147eb8d008938b4db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:7d:1a:ab:07:db:fb:25:28:96:0b:09:c2:
                    c7:a6:86:d3:ed:f7:8a:37:33:e2:fa:02:77:72:78:
                    7c:2b:83:50:c3:99:ab:bc:9d:db:a7:30:5c:66:7f:
                    f2:5d:16:3a:a0:02:19:30:c6:9f:b5:d4:77:3b:4f:
                    ba:39:d2:20:e8:22:03:55:70:2e:82:27:ec:7d:08:
                    df:22:2d:bc:ee:7a:fa:01:1a:26:4b:88:af:50:c7:
                    cf:35:0b:9a:e9:5c:d9:4e:5c:0d:e4:79:c3:86:d4:
                    9f:3c:4b:ad:ec:2a:4f:6b:9f:e8:e5:ff:03:cc:f9:
                    44:a7:01:3d:93:90:ff:25:13:c4:6b:75:c0:2f:2b:
                    32:55:6f:2d:23:26:9e:17:59:64:a5:54:d0:51:db:
                    26:fb:54:35:e3:e3:77:73:aa:ae:4a:6e:fc:82:ff:
                    a9:0c:11:bf:d8:b7:c7:ef:33:78:e9:41:64:35:8f:
                    40:b3:85:ce:52:50:e2:ac:93:ef:81:df:10:ff:b0:
                    08:cc:bd:f7:9c:10:9c:d1:af:4a:b5:70:ac:c2:e7:
                    9a:95:da:db:b4:93:f6:f8:77:85:2c:b9:9d:ba:de:
                    44:b3:e8:d4:45:99:cc:18:09:6c:62:36:02:18:8c:
                    44:28:3e:d5:6d:76:d6:45:cc:aa:e9:6c:7a:ed:0e:
                    87:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E2:C7:E5:A1:B3:5B:84:1A:31:3C:C1:47:EB:8D:00:89:38:B4:DB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kuLH5aGzW4QaMTzBR-uNAIk4tNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:51:a2:04:50:76:f4:f9:c2:49:a9:ff:0a:b7:b7:e0:06:5b:
         a2:84:79:57:ec:6b:23:8f:c2:ff:e4:cd:85:03:1c:02:20:cc:
         d8:0b:40:de:8a:75:08:16:94:46:d3:d8:dd:fb:0e:7c:69:f8:
         55:4b:86:97:3d:41:7a:8b:28:37:76:79:38:be:43:c1:41:90:
         7c:97:2e:84:bb:e2:4a:dc:b3:78:ae:ed:cf:79:01:e9:a2:69:
         91:cb:3c:a4:16:14:3d:d7:93:32:9a:64:58:cc:72:ab:0f:20:
         c6:8b:cc:cc:ca:7d:03:a8:cf:1b:d3:cf:75:08:af:ff:ae:2a:
         5c:fd:73:f1:de:9a:21:b6:d0:a9:fc:8c:cf:33:69:a5:dd:c6:
         d2:dc:0f:2e:77:57:22:5d:54:86:d8:c1:8e:fa:bb:90:ab:5c:
         b0:ad:98:a9:b1:fe:5d:64:86:f6:08:23:42:22:e4:14:e0:08:
         b4:bc:32:8f:cf:f8:bc:a7:69:bf:a4:28:72:0d:a3:1d:38:e5:
         50:4e:79:35:df:fa:f7:16:7f:d7:ec:fe:42:89:1e:73:a6:2c:
         60:6b:fe:cb:74:28:8b:99:ee:b1:12:1e:b2:b3:b9:78:f4:d5:
         d6:09:11:fe:4c:dc:b9:64:55:68:e0:66:03:25:7c:48:6c:62:
         24:b6:19:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjXhrNPHCyRs51MCqXO2s5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODIzMTUyMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmUyYzdlNWExYjM1Yjg0MWEzMTNjYzE0N2ViOGQwMDg5MzhiNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmux9GqsH2/slKJYLCcLHpobT7feK
NzPi+gJ3cnh8K4NQw5mrvJ3bpzBcZn/yXRY6oAIZMMaftdR3O0+6OdIg6CIDVXAu
gifsfQjfIi287nr6ARomS4ivUMfPNQua6VzZTlwN5HnDhtSfPEut7CpPa5/o5f8D
zPlEpwE9k5D/JRPEa3XALysyVW8tIyaeF1lkpVTQUdsm+1Q14+N3c6quSm78gv+p
DBG/2LfH7zN46UFkNY9As4XOUlDirJPvgd8Q/7AIzL33nBCc0a9KtXCswuealdrb
tJP2+HeFLLmdut5Es+jURZnMGAlsYjYCGIxEKD7VbXbWRcyq6Wx67Q6HMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLix+Whs1uEGjE8wUfrjQCJOLTbMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva3VMSDVhR3pXNFFhTVR6QlItdU5BSWs0dE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzn4MA0G
CSqGSIb3DQEBCwUAA4IBAQB2UaIEUHb0+cJJqf8Kt7fgBluihHlX7Gsjj8L/5M2F
AxwCIMzYC0DeinUIFpRG09jd+w58afhVS4aXPUF6iyg3dnk4vkPBQZB8ly6Eu+JK
3LN4ru3PeQHpommRyzykFhQ915MymmRYzHKrDyDGi8zMyn0DqM8b0891CK//ripc
/XPx3pohttCp/IzPM2ml3cbS3A8ud1ciXVSG2MGO+ruQq1ywrZipsf5dZIb2CCNC
IuQU4Ai0vDKPz/i8p2m/pChyDaMdOOVQTnk13/r3Fn/X7P5CiR5zpixga/7LdCiL
me6xEh6ys7l49NXWCRH+TNy5ZFVo4GYDJXxIbGIkthnW
-----END CERTIFICATE-----