Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-O5HXsgYkgPQs7Lz81Ibtfn6Wsw.roa
File:                     1-O5HXsgYkgPQs7Lz81Ibtfn6Wsw.roa (raw, json)
Hash identifier:          r4qeuA9Y30RyS7aLtMWpvrgAkndkVq7cVXMHVy7PHv0=
Subject key identifier:   F8:EE:47:5E:C8:18:92:03:D0:B3:B2:F3:F3:52:1B:B5:F9:FA:5A:CC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01981CDA505B513B71BC9284B0D0582FA204
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-O5HXsgYkgPQs7Lz81Ibtfn6Wsw.roa
Signing time:             Fri 18 Jul 2025 09:25:26 +0000
ROA not before:           Fri 18 Jul 2025 09:25:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213404
IP address blocks:        31.57.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:da:50:5b:51:3b:71:bc:92:84:b0:d0:58:2f:a2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 18 09:25:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8ee475ec8189203d0b3b2f3f3521bb5f9fa5acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:b9:3b:28:e3:2e:81:b8:3c:8d:43:ac:67:
                    b9:f8:c3:7c:2f:7c:c1:f7:75:f3:b7:d5:fd:51:92:
                    30:f3:d5:bc:41:2f:f7:ed:a5:34:c7:4f:fe:9e:d2:
                    0b:bb:4c:41:3f:17:18:4b:63:77:c5:2b:e4:8d:c3:
                    bf:d9:d4:fb:31:1f:b0:c6:69:46:de:e2:c2:be:23:
                    2c:f9:fb:f6:5a:e2:3c:84:b1:72:6b:c0:27:98:26:
                    4a:96:df:50:81:2b:ce:0d:30:ef:32:10:a9:39:28:
                    90:0d:8c:ca:3b:7b:99:2f:b5:a0:fc:ca:9c:b4:c8:
                    6a:1b:ec:df:aa:0b:ff:4c:2b:09:94:9d:ca:a8:80:
                    01:12:38:49:a0:0c:e3:b5:d8:2a:df:9a:68:02:66:
                    ea:7a:65:80:93:cc:b5:7c:00:87:c0:fa:5d:df:97:
                    13:5a:86:3e:0a:ad:60:bf:8e:6c:ce:12:94:96:54:
                    b7:6f:8b:0b:cc:51:11:2d:b7:81:b7:b7:d2:ad:f9:
                    d9:ed:61:0f:61:8d:c5:de:b3:5f:b8:da:af:f0:7c:
                    0b:e0:b1:bc:be:61:ff:b0:c2:c0:78:f3:e3:7a:2b:
                    c2:f1:ac:43:e0:01:08:54:2c:89:c7:ba:16:28:12:
                    b0:f5:a1:d3:7a:10:70:13:72:ef:49:c9:3e:4b:d6:
                    ec:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:EE:47:5E:C8:18:92:03:D0:B3:B2:F3:F3:52:1B:B5:F9:FA:5A:CC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-O5HXsgYkgPQs7Lz81Ibtfn6Wsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:2c:cd:fb:4f:63:2e:c6:36:7d:dd:2c:82:62:f0:42:03:0e:
         9e:6b:a2:2b:37:72:0b:4b:b7:9b:2e:92:1d:69:31:0f:eb:4b:
         22:66:72:bd:02:29:89:73:0c:d2:15:67:62:6e:6a:e1:83:38:
         5b:ae:95:4c:b3:f7:49:81:86:40:d8:cd:85:4b:98:52:6e:0c:
         9d:f2:ee:27:80:b1:e8:f2:16:ea:ef:8b:2d:6c:e2:3b:5a:c3:
         d7:a2:45:41:87:22:39:22:18:4c:fd:00:56:aa:5c:17:8d:6e:
         77:e2:2b:f1:72:ce:6c:fd:67:91:31:d5:75:ce:fc:52:a8:3d:
         b8:df:d9:f4:92:03:44:23:6a:c4:91:54:70:ad:1a:c8:55:71:
         9b:bd:17:7b:27:99:a6:2a:5c:33:78:e5:6f:80:69:e7:4e:69:
         5c:25:90:3c:48:8d:92:89:f4:cb:3e:43:38:d6:6f:3f:a3:8c:
         b1:46:c9:02:a1:7f:84:19:81:df:99:f9:7c:3c:3c:1d:96:cb:
         75:da:ed:bf:59:8e:90:18:6f:63:81:b4:99:68:94:19:c6:1c:
         42:17:61:e6:12:cb:e9:0c:4b:a9:18:bd:6b:ad:8e:16:00:07:
         6e:0b:b9:60:0a:24:03:6a:ab:4f:6b:19:9e:70:dc:2f:de:a9:
         39:2a:68:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgc2lBbUTtxvJKEsNBYL6IEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzE4MDkyNTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGVlNDc1ZWM4MTg5MjAzZDBiM2IyZjNmMzUyMWJiNWY5ZmE1YWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiO5OyjjLoG4PI1DrGe5+MN8L3zB
93Xzt9X9UZIw89W8QS/37aU0x0/+ntILu0xBPxcYS2N3xSvkjcO/2dT7MR+wxmlG
3uLCviMs+fv2WuI8hLFya8AnmCZKlt9QgSvODTDvMhCpOSiQDYzKO3uZL7Wg/Mqc
tMhqG+zfqgv/TCsJlJ3KqIABEjhJoAzjtdgq35poAmbqemWAk8y1fACHwPpd35cT
WoY+Cq1gv45szhKUllS3b4sLzFERLbeBt7fSrfnZ7WEPYY3F3rNfuNqv8HwL4LG8
vmH/sMLAePPjeivC8axD4AEIVCyJx7oWKBKw9aHTehBwE3LvSck+S9bsFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjuR17IGJID0LOy8/NSG7X5+lrMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS1PNUhYc2dZa2dQUXM3THo4MUlidGZuNldzdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB85CjAN
BgkqhkiG9w0BAQsFAAOCAQEAWizN+09jLsY2fd0sgmLwQgMOnmuiKzdyC0u3my6S
HWkxD+tLImZyvQIpiXMM0hVnYm5q4YM4W66VTLP3SYGGQNjNhUuYUm4MnfLuJ4Cx
6PIW6u+LLWziO1rD16JFQYciOSIYTP0AVqpcF41ud+Ir8XLObP1nkTHVdc78Uqg9
uN/Z9JIDRCNqxJFUcK0ayFVxm70XeyeZpipcM3jlb4Bp505pXCWQPEiNkon0yz5D
ONZvP6OMsUbJAqF/hBmB35n5fDw8HZbLddrtv1mOkBhvY4G0mWiUGcYcQhdh5hLL
6QxLqRi9a62OFgAHbgu5YAokA2qrT2sZnnDcL96pOSpo+w==
-----END CERTIFICATE-----