Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o_9jAyMPgJ0loeQVP4s6hwY_jR4.roa
File:                     o_9jAyMPgJ0loeQVP4s6hwY_jR4.roa (raw, json)
Hash identifier:          AugLfM5ZKFmBl346aQaKN4AMuScJtn1omlpbdNmrV8A=
Subject key identifier:   A3:FF:63:03:23:0F:80:9D:25:A1:E4:15:3F:8B:3A:87:06:3F:8D:1E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199A3C299B90CD2D6EAE0CA3B0E96BE8EF9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o_9jAyMPgJ0loeQVP4s6hwY_jR4.roa
Signing time:             Thu 02 Oct 2025 07:11:03 +0000
ROA not before:           Thu 02 Oct 2025 07:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        31.56.195.0/24 maxlen: 24
                          31.57.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:c2:99:b9:0c:d2:d6:ea:e0:ca:3b:0e:96:be:8e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  2 07:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3ff6303230f809d25a1e4153f8b3a87063f8d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:4b:4d:f3:f6:85:07:b2:70:5e:cb:73:34:fa:
                    1d:42:cd:6c:95:ac:f3:95:25:a4:d1:32:82:3e:39:
                    3a:a3:df:45:53:46:9a:5a:af:73:95:2c:28:c6:9d:
                    c7:07:10:fd:81:ed:63:ad:6e:3f:de:ce:f4:0a:4b:
                    b7:c9:27:6c:5f:ec:30:bd:e8:67:7d:3e:e2:1a:be:
                    24:4d:88:bf:c8:15:f2:93:be:50:23:8d:aa:f3:da:
                    e1:d2:ca:86:1a:c5:94:80:65:7a:20:aa:69:b2:25:
                    8f:9b:2d:95:d2:c7:30:78:0c:1c:dd:dc:48:e3:94:
                    9d:0a:3e:80:39:fd:cc:6a:5b:bc:85:c9:5d:14:d3:
                    dc:17:bd:88:26:bf:4f:00:1f:29:fc:0b:55:2d:d5:
                    32:01:40:17:f1:9b:db:af:fd:62:7d:40:9e:81:53:
                    07:7d:45:33:62:28:4e:09:43:b0:44:12:be:51:dc:
                    8a:8b:f9:1a:95:3c:7a:0d:26:3f:bc:0c:df:38:dc:
                    a7:1d:bc:5a:e4:43:a4:64:1b:f2:71:19:73:73:8d:
                    3a:4d:2b:20:d4:b2:42:d1:fc:ad:31:2b:9a:fc:e2:
                    45:8f:16:9b:93:8e:35:bf:45:8e:14:89:5a:c9:06:
                    bb:d5:a7:9d:4c:3b:14:3a:99:97:7e:a1:34:28:99:
                    b6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FF:63:03:23:0F:80:9D:25:A1:E4:15:3F:8B:3A:87:06:3F:8D:1E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o_9jAyMPgJ0loeQVP4s6hwY_jR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.195.0/24
                  31.57.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:72:ff:d2:1d:35:dc:c0:b6:1e:05:35:0f:f2:de:78:0f:f9:
         85:14:90:a9:46:e0:20:a0:f1:f4:22:0d:09:8d:c5:e6:ae:92:
         08:7c:be:ae:65:4c:c7:db:1f:76:d2:6f:de:6b:91:69:12:d9:
         b1:71:f1:cc:db:85:76:e9:35:c4:bb:0c:35:d5:cd:71:e0:f5:
         3e:00:27:c5:3f:15:d4:b2:ca:6d:91:32:07:64:e2:e8:e8:e3:
         b4:59:79:5b:11:6a:dd:aa:09:de:15:b2:be:a6:c8:5d:0d:38:
         da:f3:c2:a9:41:3e:7f:1f:90:bd:0f:5f:a7:2e:60:c6:81:f3:
         f7:d5:38:1b:b0:8c:a2:d7:f2:35:57:30:d6:ba:c8:df:52:14:
         b3:f3:3e:df:2a:24:37:80:cf:30:33:0f:85:90:95:36:c5:4f:
         68:50:e9:a8:ce:b5:e7:d3:91:a2:e2:be:d5:e4:14:3d:7c:ad:
         87:2d:25:0d:fd:ad:b5:7b:8b:e8:91:34:59:db:7e:c2:76:d0:
         e4:72:41:1a:cc:f1:9b:cf:5f:2f:19:72:3f:e0:30:0d:c2:9f:
         93:5f:2e:3b:77:4c:82:89:4e:ef:7b:22:83:2d:40:94:e4:d2:
         9a:52:e0:1b:bc:10:da:24:f4:b8:25:77:e3:9a:dd:e3:48:c1:
         31:00:4a:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmjwpm5DNLW6uDKOw6Wvo75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDAyMDcxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZmNjMwMzIzMGY4MDlkMjVhMWU0MTUzZjhiM2E4NzA2M2Y4ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ktN8/aFB7JwXstzNPodQs1slazz
lSWk0TKCPjk6o99FU0aaWq9zlSwoxp3HBxD9ge1jrW4/3s70Cku3ySdsX+wwvehn
fT7iGr4kTYi/yBXyk75QI42q89rh0sqGGsWUgGV6IKppsiWPmy2V0scweAwc3dxI
45SdCj6AOf3Malu8hcldFNPcF72IJr9PAB8p/AtVLdUyAUAX8Zvbr/1ifUCegVMH
fUUzYihOCUOwRBK+UdyKi/kalTx6DSY/vAzfONynHbxa5EOkZBvycRlzc406TSsg
1LJC0fytMSua/OJFjxabk441v0WOFIlayQa71aedTDsUOpmXfqE0KJm2qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKP/YwMjD4CdJaHkFT+LOocGP40eMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb185akF5TVBnSjBsb2VRVlA0czZod1lfalI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjDAwQA
HzntMA0GCSqGSIb3DQEBCwUAA4IBAQABcv/SHTXcwLYeBTUP8t54D/mFFJCpRuAg
oPH0Ig0JjcXmrpIIfL6uZUzH2x920m/ea5FpEtmxcfHM24V26TXEuww11c1x4PU+
ACfFPxXUssptkTIHZOLo6OO0WXlbEWrdqgneFbK+pshdDTja88KpQT5/H5C9D1+n
LmDGgfP31TgbsIyi1/I1VzDWusjfUhSz8z7fKiQ3gM8wMw+FkJU2xU9oUOmozrXn
05Gi4r7V5BQ9fK2HLSUN/a21e4vokTRZ237CdtDkckEazPGbz18vGXI/4DANwp+T
Xy47d0yCiU7veyKDLUCU5NKaUuAbvBDaJPS4JXfjmt3jSMExAEqT
-----END CERTIFICATE-----