Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2Mecal1qHMyaw-TkVpKGVAv0OuE.roa
File:                     2Mecal1qHMyaw-TkVpKGVAv0OuE.roa (raw, json)
Hash identifier:          f/xkKPa0F7nIQQt44vAVUucNmVQ2eD84tKcJBigeAsg=
Subject key identifier:   D8:C7:9C:6A:5D:6A:1C:CC:9A:C3:E4:E4:56:92:86:54:0B:F4:3A:E1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197F3B6BEAF207F3FE93B31CC3F5FA13336
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2Mecal1qHMyaw-TkVpKGVAv0OuE.roa
Signing time:             Thu 10 Jul 2025 09:42:09 +0000
ROA not before:           Thu 10 Jul 2025 09:42:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25693
IP address blocks:        31.56.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:b6:be:af:20:7f:3f:e9:3b:31:cc:3f:5f:a1:33:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 10 09:42:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8c79c6a5d6a1ccc9ac3e4e4569286540bf43ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a4:ee:d7:25:68:aa:0a:56:41:c4:3c:ba:97:
                    b3:34:05:ff:6e:e8:a5:f2:8e:9e:14:21:f3:0f:9a:
                    db:d6:d3:e2:8a:0d:84:71:02:fa:be:2a:93:c2:c5:
                    35:ae:04:61:89:fa:19:a7:2b:23:92:98:ad:67:f6:
                    bd:b4:50:97:dc:49:42:b0:d2:b0:23:c4:95:82:0c:
                    c2:23:24:b6:61:cc:bd:c0:b1:4d:46:2b:14:29:6a:
                    c2:3d:06:70:2c:24:06:30:f8:c5:86:32:26:4d:b6:
                    b0:64:0b:4b:35:6d:44:f1:f2:9b:95:d4:1f:06:ed:
                    0b:d4:47:e2:84:de:33:0c:f1:d6:9f:95:fc:0b:b8:
                    72:fe:69:95:bd:54:46:35:97:9b:d2:bb:31:54:0f:
                    cc:9e:50:b8:12:2b:c2:1d:58:88:2f:d7:e2:fa:3b:
                    99:21:ca:17:b2:08:3a:93:97:78:04:db:37:8c:a6:
                    c2:1a:86:f1:11:04:8d:d5:c5:e1:d2:ea:09:11:e3:
                    25:40:2d:91:59:6b:72:db:b7:42:6f:32:9a:e3:1f:
                    6e:ab:80:98:2e:cc:76:f3:cd:de:49:76:4b:75:57:
                    88:3b:b9:69:fb:12:b1:67:5d:df:1a:fa:53:73:22:
                    4f:98:42:96:7e:cb:b1:2f:f9:d8:9b:a0:81:da:f7:
                    33:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C7:9C:6A:5D:6A:1C:CC:9A:C3:E4:E4:56:92:86:54:0B:F4:3A:E1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2Mecal1qHMyaw-TkVpKGVAv0OuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:4c:0c:00:e4:6c:95:ec:14:0a:9b:9f:e2:07:27:b8:e4:49:
         ce:19:b5:a3:d4:56:78:66:68:01:5d:77:51:26:5e:0c:1c:b2:
         ab:d7:82:5a:dd:7f:a8:47:b0:c5:d6:e6:01:15:b5:8b:d5:2e:
         c5:4b:b6:2a:0d:41:8b:c0:56:ef:fa:20:97:df:9b:72:3b:90:
         c2:9c:a2:54:74:e2:af:6a:e0:f1:62:e4:f2:da:7f:9a:20:ca:
         83:8b:07:d8:61:79:45:27:d4:ad:2e:a0:17:8f:66:19:30:f1:
         60:d3:af:e8:af:99:52:0d:59:4b:77:53:80:c0:19:d1:72:39:
         99:9f:0e:b8:04:5a:60:51:d3:c0:97:4c:68:e0:f0:58:6e:51:
         da:04:ba:a6:be:94:7e:75:89:20:25:cc:fb:ae:c6:33:8f:e9:
         ac:97:ea:4f:d5:dc:d8:8a:bf:92:46:fc:2f:77:37:97:54:6e:
         0c:51:9c:05:90:53:85:1a:01:45:db:34:36:35:a1:78:01:37:
         14:53:ed:c7:f3:24:9a:11:ac:d3:60:bc:b5:0a:7f:0b:5e:54:
         80:59:e6:51:45:22:b8:ed:f6:24:29:b4:d2:b2:58:8b:4e:60:
         b3:bd:78:3b:46:9c:c4:37:29:4c:e2:03:44:52:12:74:63:d4:
         21:88:0b:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfztr6vIH8/6TsxzD9foTM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzEwMDk0MjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGM3OWM2YTVkNmExY2NjOWFjM2U0ZTQ1NjkyODY1NDBiZjQzYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqTu1yVoqgpWQcQ8upezNAX/buil
8o6eFCHzD5rb1tPiig2EcQL6viqTwsU1rgRhifoZpysjkpitZ/a9tFCX3ElCsNKw
I8SVggzCIyS2Ycy9wLFNRisUKWrCPQZwLCQGMPjFhjImTbawZAtLNW1E8fKbldQf
Bu0L1EfihN4zDPHWn5X8C7hy/mmVvVRGNZeb0rsxVA/MnlC4EivCHViIL9fi+juZ
IcoXsgg6k5d4BNs3jKbCGobxEQSN1cXh0uoJEeMlQC2RWWty27dCbzKa4x9uq4CY
Lsx2883eSXZLdVeIO7lp+xKxZ13fGvpTcyJPmEKWfsuxL/nYm6CB2vczPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjHnGpdahzMmsPk5FaShlQL9DrhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMk1lY2FsMXFITXlhdy1Ua1ZwS0dWQXYwT3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgBMA0G
CSqGSIb3DQEBCwUAA4IBAQBuTAwA5GyV7BQKm5/iBye45EnOGbWj1FZ4ZmgBXXdR
Jl4MHLKr14Ja3X+oR7DF1uYBFbWL1S7FS7YqDUGLwFbv+iCX35tyO5DCnKJUdOKv
auDxYuTy2n+aIMqDiwfYYXlFJ9StLqAXj2YZMPFg06/or5lSDVlLd1OAwBnRcjmZ
nw64BFpgUdPAl0xo4PBYblHaBLqmvpR+dYkgJcz7rsYzj+msl+pP1dzYir+SRvwv
dzeXVG4MUZwFkFOFGgFF2zQ2NaF4ATcUU+3H8ySaEazTYLy1Cn8LXlSAWeZRRSK4
7fYkKbTSsliLTmCzvXg7RpzENylM4gNEUhJ0Y9QhiAuB
-----END CERTIFICATE-----