Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z3K3DsQZW8u3WPR5GSX67t5fYys.roa
File:                     z3K3DsQZW8u3WPR5GSX67t5fYys.roa (raw, json)
Hash identifier:          WJrT+3tvZQeKy5AiAD8iVPDopIrdPSxgblzkDlwFPoE=
Subject key identifier:   CF:72:B7:0E:C4:19:5B:CB:B7:58:F4:79:19:25:FA:EE:DE:5F:63:2B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196599F3F9D1D06ECDBA8B6A7A3199618CD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z3K3DsQZW8u3WPR5GSX67t5fYys.roa
Signing time:             Mon 21 Apr 2025 18:32:10 +0000
ROA not before:           Mon 21 Apr 2025 18:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        31.57.186.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:59:9f:3f:9d:1d:06:ec:db:a8:b6:a7:a3:19:96:18:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 21 18:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf72b70ec4195bcbb758f4791925faeede5f632b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f2:28:23:25:d7:0e:30:76:20:a0:f4:fd:8c:
                    81:95:60:19:e4:df:16:bb:24:4e:ca:88:17:a7:0e:
                    05:14:4f:9c:dd:3f:2c:67:43:90:4c:2e:13:38:51:
                    90:e1:9e:0a:d5:f9:3f:73:c8:73:85:bf:81:e6:7a:
                    7e:77:53:09:f1:7c:b2:7d:c9:d0:53:f8:c1:ba:d2:
                    ea:3c:28:17:e0:67:61:52:01:fe:8a:47:f0:86:b4:
                    72:48:de:7c:cd:5b:e6:64:f4:bc:75:25:04:8a:23:
                    2b:07:9d:26:90:60:8d:22:76:6a:11:32:4d:92:a0:
                    c0:bd:a7:f9:8d:2c:cc:7b:cf:41:a2:c0:4d:6d:23:
                    68:8e:1f:bb:92:9d:51:fe:20:0a:6b:e3:a9:f0:62:
                    7d:8e:b4:2e:88:4d:50:53:c0:41:e3:5f:b5:52:b3:
                    d3:44:c7:76:b8:97:28:9e:dc:d0:f9:6e:46:d2:36:
                    6c:86:c1:55:3c:61:5b:c3:5d:b9:41:ad:e6:9e:1f:
                    0e:e1:ba:5b:a7:84:c0:1c:ea:ef:76:17:af:dd:f1:
                    9d:5a:e2:bf:89:0b:30:3c:ef:f5:54:45:9e:98:c7:
                    f5:11:5e:ca:cd:ba:b8:15:e6:27:21:14:42:8a:96:
                    3a:8b:81:bc:d3:31:5f:39:f6:95:44:d2:5c:ea:33:
                    de:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:72:B7:0E:C4:19:5B:CB:B7:58:F4:79:19:25:FA:EE:DE:5F:63:2B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z3K3DsQZW8u3WPR5GSX67t5fYys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:dd:85:42:9b:9a:3d:cc:a8:07:13:b5:94:5b:49:b6:e6:4c:
         83:32:81:66:8e:e0:65:70:47:1d:30:76:06:1c:fb:a8:c0:7d:
         1a:5e:6c:84:ca:34:de:58:d7:ce:47:ff:00:43:bb:a9:e0:aa:
         9e:00:17:55:8f:95:5b:9d:f0:05:7e:e7:1d:3f:d8:7f:67:cc:
         95:da:a9:bd:13:b1:8c:bd:ea:ca:17:4e:e1:04:3e:3e:eb:31:
         5c:49:f6:71:17:47:56:0f:1f:48:36:7e:e8:3f:0a:08:4f:22:
         ca:b3:57:35:7e:80:f3:18:ea:8a:4d:5b:cd:c6:6f:72:31:7b:
         7d:c5:35:46:bb:c2:29:63:14:af:8c:39:f7:dc:25:26:53:cc:
         ca:76:96:30:63:2c:a2:54:8b:3a:fc:95:b0:ac:e7:a9:29:e3:
         3d:e6:66:9d:49:9e:0e:fb:af:56:1a:1a:6f:f5:67:d2:db:d1:
         05:2a:9b:ea:74:68:dd:e9:9b:29:8e:da:e7:67:ad:9c:3e:95:
         97:d7:0a:d6:2b:18:dc:dc:e1:3d:7b:62:1f:da:98:fd:84:23:
         37:dd:95:a1:3f:24:05:97:f9:ac:94:1d:17:b9:26:0e:5c:7e:
         8a:e5:7d:54:28:09:b2:84:87:9f:d1:b1:d7:90:ff:87:18:d8:
         f5:c8:17:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZZnz+dHQbs26i2p6MZlhjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDIxMTgzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcyYjcwZWM0MTk1YmNiYjc1OGY0NzkxOTI1ZmFlZWRlNWY2MzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vIoIyXXDjB2IKD0/YyBlWAZ5N8W
uyROyogXpw4FFE+c3T8sZ0OQTC4TOFGQ4Z4K1fk/c8hzhb+B5np+d1MJ8XyyfcnQ
U/jButLqPCgX4GdhUgH+ikfwhrRySN58zVvmZPS8dSUEiiMrB50mkGCNInZqETJN
kqDAvaf5jSzMe89BosBNbSNojh+7kp1R/iAKa+Op8GJ9jrQuiE1QU8BB41+1UrPT
RMd2uJcontzQ+W5G0jZshsFVPGFbw125Qa3mnh8O4bpbp4TAHOrvdhev3fGdWuK/
iQswPO/1VEWemMf1EV7Kzbq4FeYnIRRCipY6i4G80zFfOfaVRNJc6jPe4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9ytw7EGVvLt1j0eRkl+u7eX2MrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvejNLM0RzUVpXOHUzV1BSNUdTWDY3dDVmWXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzm6MA0G
CSqGSIb3DQEBCwUAA4IBAQCA3YVCm5o9zKgHE7WUW0m25kyDMoFmjuBlcEcdMHYG
HPuowH0aXmyEyjTeWNfOR/8AQ7up4KqeABdVj5VbnfAFfucdP9h/Z8yV2qm9E7GM
verKF07hBD4+6zFcSfZxF0dWDx9INn7oPwoITyLKs1c1foDzGOqKTVvNxm9yMXt9
xTVGu8IpYxSvjDn33CUmU8zKdpYwYyyiVIs6/JWwrOepKeM95madSZ4O+69WGhpv
9WfS29EFKpvqdGjd6ZspjtrnZ62cPpWX1wrWKxjc3OE9e2If2pj9hCM33ZWhPyQF
l/mslB0XuSYOXH6K5X1UKAmyhIef0bHXkP+HGNj1yBfu
-----END CERTIFICATE-----