Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ovmEoJQxw-bIdZo5LacdPH-KtHY.roa
File:                     ovmEoJQxw-bIdZo5LacdPH-KtHY.roa (raw, json)
Hash identifier:          V1o3R/AKi3bmssvvgbm3MwjiOvAwDImdd2Ixchg4Px8=
Subject key identifier:   A2:F9:84:A0:94:31:C3:E6:C8:75:9A:39:2D:A7:1D:3C:7F:8A:B4:76
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198C60B98E23A54843FC5E7CA121EAA4120
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ovmEoJQxw-bIdZo5LacdPH-KtHY.roa
Signing time:             Wed 20 Aug 2025 05:55:05 +0000
ROA not before:           Wed 20 Aug 2025 05:55:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        31.57.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:0b:98:e2:3a:54:84:3f:c5:e7:ca:12:1e:aa:41:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 20 05:55:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2f984a09431c3e6c8759a392da71d3c7f8ab476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e7:10:ef:da:6e:ac:47:80:f9:cc:82:df:16:
                    aa:38:dc:04:f9:13:68:06:4c:1e:42:5f:23:42:46:
                    b8:a9:77:80:fe:31:5b:29:2b:dd:4b:92:26:fc:fd:
                    46:eb:78:0a:5e:a3:03:96:cc:b8:9d:1f:31:4c:ac:
                    4e:c9:2d:f2:0c:87:99:b2:b7:50:e0:1c:c4:ff:3c:
                    fe:53:4d:bd:a1:8b:56:f4:ec:56:2b:f6:73:9b:50:
                    29:98:5b:8a:bf:c1:4e:32:b0:3b:bd:08:08:ff:a3:
                    49:ec:00:1c:8b:d8:6a:ee:e5:df:05:d7:80:32:0f:
                    b6:ef:73:cf:46:0d:77:1e:81:7a:68:b7:3b:d1:ef:
                    1e:89:d2:ca:52:92:f7:42:c9:50:94:0e:91:dd:94:
                    2b:fd:49:08:ad:79:65:69:92:b3:3b:0e:6f:ea:5d:
                    69:f3:45:b4:06:e8:f0:0d:c6:58:77:c2:e7:2d:57:
                    95:11:9e:88:fa:43:b7:23:67:42:3a:ff:48:88:09:
                    1a:c2:90:54:69:13:8d:44:69:11:1f:b7:84:e2:2d:
                    5e:ca:c1:29:bd:d7:f3:31:e3:61:94:fb:b3:0b:a5:
                    36:91:8a:1f:dc:b6:90:49:a5:49:12:bc:7e:98:b9:
                    1d:bc:df:4e:85:bd:54:21:b7:57:cf:95:97:00:45:
                    cf:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F9:84:A0:94:31:C3:E6:C8:75:9A:39:2D:A7:1D:3C:7F:8A:B4:76
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ovmEoJQxw-bIdZo5LacdPH-KtHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:13:cc:fb:c3:4d:37:87:e5:c8:0e:e2:1f:d9:95:7d:81:69:
         a8:70:95:3c:21:36:e2:00:78:f4:2c:52:4c:3b:81:28:b6:38:
         ef:50:26:8c:42:fd:d5:cc:96:2d:fd:d0:2f:13:57:a2:de:32:
         3a:1a:7c:9e:96:8f:41:c4:28:54:06:7a:4f:7e:3d:e2:7c:25:
         be:0e:58:02:b4:25:07:02:09:28:d0:f7:23:e5:39:7d:5c:d6:
         35:35:62:b5:be:9b:4f:40:7f:b7:60:f7:db:b6:21:79:b9:32:
         ed:c1:cc:e4:9d:e4:76:d3:d9:6e:41:1a:ea:a4:5d:bf:12:86:
         cb:47:9f:40:db:67:7d:e5:68:82:cf:35:1d:b5:ff:5a:95:50:
         55:51:99:ea:9e:0a:63:d3:3f:36:f8:32:c7:ce:ab:36:7b:9d:
         5f:14:62:8e:60:02:bd:c6:ae:9c:2b:75:94:f2:49:19:14:7e:
         f2:b2:25:15:ac:6b:16:fc:1b:1d:e4:61:c8:78:f2:d8:1a:0a:
         d1:95:13:70:7b:a0:8a:bb:90:8a:3e:e9:3a:76:29:e7:e3:e3:
         ec:bc:94:3d:20:44:1b:13:5b:f7:75:61:a1:4f:17:5b:b8:0e:
         06:10:e3:4a:6e:5f:ba:8f:b2:cd:cd:c4:b0:79:a4:c0:16:da:
         12:89:23:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGC5jiOlSEP8XnyhIeqkEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODIwMDU1NTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmY5ODRhMDk0MzFjM2U2Yzg3NTlhMzkyZGE3MWQzYzdmOGFiNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOcQ79purEeA+cyC3xaqONwE+RNo
BkweQl8jQka4qXeA/jFbKSvdS5Im/P1G63gKXqMDlsy4nR8xTKxOyS3yDIeZsrdQ
4BzE/zz+U029oYtW9OxWK/Zzm1ApmFuKv8FOMrA7vQgI/6NJ7AAci9hq7uXfBdeA
Mg+273PPRg13HoF6aLc70e8eidLKUpL3QslQlA6R3ZQr/UkIrXllaZKzOw5v6l1p
80W0BujwDcZYd8LnLVeVEZ6I+kO3I2dCOv9IiAkawpBUaRONRGkRH7eE4i1eysEp
vdfzMeNhlPuzC6U2kYof3LaQSaVJErx+mLkdvN9Ohb1UIbdXz5WXAEXPWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKL5hKCUMcPmyHWaOS2nHTx/irR2MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb3ZtRW9KUXh3LWJJZFpvNUxhY2RQSC1LdEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmHMA0G
CSqGSIb3DQEBCwUAA4IBAQA3E8z7w003h+XIDuIf2ZV9gWmocJU8ITbiAHj0LFJM
O4EotjjvUCaMQv3VzJYt/dAvE1ei3jI6Gnyelo9BxChUBnpPfj3ifCW+DlgCtCUH
Agko0Pcj5Tl9XNY1NWK1vptPQH+3YPfbtiF5uTLtwczkneR209luQRrqpF2/EobL
R59A22d95WiCzzUdtf9alVBVUZnqngpj0z82+DLHzqs2e51fFGKOYAK9xq6cK3WU
8kkZFH7ysiUVrGsW/Bsd5GHIePLYGgrRlRNwe6CKu5CKPuk6dinn4+PsvJQ9IEQb
E1v3dWGhTxdbuA4GEONKbl+6j7LNzcSweaTAFtoSiSMb
-----END CERTIFICATE-----