Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/wOeuFKAHEqL_6j2ihtAstGAV6Wk.roa
File:                     wOeuFKAHEqL_6j2ihtAstGAV6Wk.roa (raw, json)
Hash identifier:          R6itUzAQkRIEqqQfKgkMqyXVU9q9UD5wFiZw8Euo/mY=
Subject key identifier:   C0:E7:AE:14:A0:07:12:A2:FF:EA:3D:A2:86:D0:2C:B4:60:15:E9:69
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019972AD4E77A754F4C4DA6A7C9990D0D986
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/wOeuFKAHEqL_6j2ihtAstGAV6Wk.roa
Signing time:             Mon 22 Sep 2025 18:26:24 +0000
ROA not before:           Mon 22 Sep 2025 18:26:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        31.56.84.0/24 maxlen: 24
                          31.57.104.0/24 maxlen: 24
                          31.58.88.0/24 maxlen: 24
                          31.58.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:ad:4e:77:a7:54:f4:c4:da:6a:7c:99:90:d0:d9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 22 18:26:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0e7ae14a00712a2ffea3da286d02cb46015e969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:25:10:d4:d8:5b:55:75:99:c7:3c:26:f7:9e:
                    38:e0:23:22:03:dc:53:3a:1e:fe:08:19:16:3d:cc:
                    e9:e0:a7:ae:0b:d6:95:71:e3:c9:b5:7b:23:cd:46:
                    16:0d:cf:a7:44:d8:cc:06:10:d1:7f:f0:e1:7a:9e:
                    08:88:77:66:42:23:71:ba:7a:bb:d2:df:5f:9a:d6:
                    69:f0:e3:ea:fe:29:f2:f5:a2:8b:5c:fd:23:c5:aa:
                    57:de:a5:3a:60:8e:52:e3:5a:78:86:99:be:06:03:
                    71:bb:e7:72:28:23:a3:aa:d1:97:d1:51:86:f0:27:
                    b6:25:fe:2d:e7:65:1e:36:17:2e:83:66:16:73:2c:
                    49:fd:9d:86:cd:be:f4:e7:d1:19:77:7a:f6:bc:79:
                    e9:7c:09:66:06:ea:a1:24:06:ef:57:96:45:16:1d:
                    87:4e:66:32:e0:d6:a4:d7:88:86:bc:18:8d:45:a4:
                    f8:52:9e:87:fb:e3:d9:72:3b:18:38:99:35:86:b4:
                    ea:6d:2a:0c:47:73:72:f3:84:d7:bf:94:06:67:5d:
                    82:ba:df:4b:63:7b:32:8b:cb:8a:7d:e5:94:82:0f:
                    f6:79:e2:0e:c8:2a:dc:25:3d:0e:b1:ba:5a:67:83:
                    a4:98:de:71:0d:81:67:be:a3:81:40:36:57:ba:d1:
                    f1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E7:AE:14:A0:07:12:A2:FF:EA:3D:A2:86:D0:2C:B4:60:15:E9:69
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/wOeuFKAHEqL_6j2ihtAstGAV6Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.84.0/24
                  31.57.104.0/24
                  31.58.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:47:76:20:7a:e9:6d:02:60:88:74:c9:28:03:f2:be:7f:35:
         5e:c8:88:a7:0c:4c:c0:2c:d2:61:1f:e6:f3:3f:a3:58:9e:ed:
         17:7d:3e:91:7a:0a:d0:ff:3b:34:ad:ae:19:c3:5c:f8:98:c2:
         f5:e0:3e:93:ea:7b:6f:9f:8b:44:05:e2:d8:e2:a4:db:c0:ae:
         d0:e8:fc:b6:e7:15:a6:92:76:7d:4e:bb:27:a4:26:f4:6b:c9:
         bc:56:68:1f:18:78:b7:54:e5:89:6a:c1:e6:95:de:31:0e:65:
         87:ea:e7:bb:56:85:20:2b:37:ed:52:59:b9:d1:44:89:ab:88:
         96:f4:7a:95:bf:4f:80:ff:a8:6a:c6:a0:e4:e6:26:1e:63:e7:
         6e:ec:31:a3:18:40:a2:5d:94:c8:67:85:fb:0f:8a:ef:c4:ec:
         f3:fc:05:48:20:c9:9a:88:46:81:bc:9d:fe:9f:9e:41:23:bd:
         04:70:57:f0:ed:fb:80:45:05:0c:37:53:76:c5:80:a7:ec:29:
         ee:49:18:dc:93:6a:59:5c:a9:fa:d2:12:99:23:28:bf:58:50:
         9c:06:d6:83:7a:fa:16:9c:41:3f:fd:01:2f:c8:fe:56:d6:5b:
         67:76:8d:81:7c:6d:02:41:46:82:5d:e6:0b:e3:70:0b:6a:46:
         78:c6:aa:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlyrU53p1T0xNpqfJmQ0NmGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTIyMTgyNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGU3YWUxNGEwMDcxMmEyZmZlYTNkYTI4NmQwMmNiNDYwMTVlOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiUQ1NhbVXWZxzwm95444CMiA9xT
Oh7+CBkWPczp4KeuC9aVcePJtXsjzUYWDc+nRNjMBhDRf/Dhep4IiHdmQiNxunq7
0t9fmtZp8OPq/iny9aKLXP0jxapX3qU6YI5S41p4hpm+BgNxu+dyKCOjqtGX0VGG
8Ce2Jf4t52UeNhcug2YWcyxJ/Z2Gzb7059EZd3r2vHnpfAlmBuqhJAbvV5ZFFh2H
TmYy4Nak14iGvBiNRaT4Up6H++PZcjsYOJk1hrTqbSoMR3Ny84TXv5QGZ12Cut9L
Y3syi8uKfeWUgg/2eeIOyCrcJT0OsbpaZ4OkmN5xDYFnvqOBQDZXutHx0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMDnrhSgBxKi/+o9oobQLLRgFelpMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvd09ldUZLQUhFcUxfNmoyaWh0QXN0R0FWNldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzhUAwQA
HzloAwQBHzpYMA0GCSqGSIb3DQEBCwUAA4IBAQBRR3YgeultAmCIdMkoA/K+fzVe
yIinDEzALNJhH+bzP6NYnu0XfT6RegrQ/zs0ra4Zw1z4mML14D6T6ntvn4tEBeLY
4qTbwK7Q6Py25xWmknZ9TrsnpCb0a8m8VmgfGHi3VOWJasHmld4xDmWH6ue7VoUg
KzftUlm50USJq4iW9HqVv0+A/6hqxqDk5iYeY+du7DGjGECiXZTIZ4X7D4rvxOzz
/AVIIMmaiEaBvJ3+n55BI70EcFfw7fuARQUMN1N2xYCn7CnuSRjck2pZXKn60hKZ
Iyi/WFCcBtaDevoWnEE//QEvyP5W1ltndo2BfG0CQUaCXeYL43ALakZ4xqqY
-----END CERTIFICATE-----