Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9S8zv4Mid4ZRkO6Nd4XdKldVhBc.roa
File:                     9S8zv4Mid4ZRkO6Nd4XdKldVhBc.roa (raw, json)
Hash identifier:          QIp9YzAj6HMDdZQdXd/GVhAr4FwS9FdwlIdKHbN6GOg=
Subject key identifier:   F5:2F:33:BF:83:22:77:86:51:90:EE:8D:77:85:DD:2A:57:55:84:17
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197F9FD7E540EA0EAB05DBF5457557F90D7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9S8zv4Mid4ZRkO6Nd4XdKldVhBc.roa
Signing time:             Fri 11 Jul 2025 14:57:09 +0000
ROA not before:           Fri 11 Jul 2025 14:57:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36137
IP address blocks:        31.57.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:fd:7e:54:0e:a0:ea:b0:5d:bf:54:57:55:7f:90:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 11 14:57:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f52f33bf832277865190ee8d7785dd2a57558417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:76:9f:c4:7d:0c:de:e9:97:9f:ca:28:48:30:
                    75:e6:55:a9:b4:35:39:c1:ac:47:5e:1a:28:24:25:
                    77:8e:5d:31:04:20:ce:c3:b3:ac:e5:82:74:9e:df:
                    a7:3a:0e:8e:0d:f1:d2:89:e4:92:6e:19:d2:f5:a4:
                    2f:53:5c:67:b0:53:4e:a3:b6:3e:c5:63:c1:7c:71:
                    23:87:a5:55:3e:b6:43:8a:1f:3b:25:a0:62:d3:94:
                    e2:4e:b0:e1:90:ce:67:e5:d4:39:15:aa:0d:3f:f2:
                    55:a5:5a:ca:e3:d9:c6:da:51:7f:a3:1b:1d:b9:29:
                    ee:6d:a5:43:5f:f8:1f:f2:7b:10:3b:6b:4c:bf:ba:
                    1e:bf:2b:9d:9a:ab:b2:a3:9a:f9:48:93:62:65:fe:
                    3b:d6:cc:84:24:a0:b6:28:85:70:a8:db:54:5c:31:
                    8d:19:d9:58:92:bb:e2:05:6a:28:f8:23:30:72:18:
                    9e:d1:bb:e8:ff:e8:52:c7:2e:00:c7:a2:1a:9e:56:
                    e7:b9:36:bc:63:23:3d:21:e5:54:71:95:de:c4:8f:
                    be:95:2f:9c:f2:64:0b:cc:ad:40:e5:d2:38:24:be:
                    6f:33:cd:ec:82:48:76:f7:73:ad:f8:37:05:83:5f:
                    a0:4a:0a:ca:d4:d4:14:bf:55:f5:52:8b:c5:62:d0:
                    39:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2F:33:BF:83:22:77:86:51:90:EE:8D:77:85:DD:2A:57:55:84:17
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9S8zv4Mid4ZRkO6Nd4XdKldVhBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ce:03:ec:d8:b1:f0:53:e3:3a:aa:fa:66:06:d0:ce:4a:7e:
         4b:8f:58:e1:7b:a6:c2:4d:0b:e4:07:4c:b9:46:4e:db:61:be:
         b7:50:c8:1f:57:89:b7:04:3d:c3:58:30:e3:06:c2:e4:76:5c:
         b0:7e:c4:92:0a:df:04:d5:e1:24:a6:e0:43:46:48:20:42:ac:
         02:6c:51:af:3f:23:a8:7a:24:55:cd:36:f9:5c:9c:cc:e6:17:
         c4:20:9e:2b:c9:4a:13:9f:86:cb:f5:66:74:fe:60:1c:9f:e4:
         d6:be:8f:38:e1:ec:4f:b1:34:7e:0f:e8:23:ad:e7:53:11:b7:
         f5:3e:2e:0c:b7:50:47:f0:03:74:bb:f4:70:89:ec:50:84:5e:
         3a:f6:e8:63:d5:88:1f:e5:3e:a5:0c:7c:47:e2:37:f9:10:60:
         a9:35:c1:20:5b:c7:a9:eb:69:b0:2f:a3:64:c9:15:8b:da:59:
         37:8d:b2:4e:71:e3:8c:75:5c:6e:81:92:1a:01:50:6c:71:da:
         d0:f2:db:43:18:cb:4c:f1:11:a7:98:4e:fd:df:87:a7:b4:13:
         7b:b6:55:bf:27:6e:35:94:fd:83:ad:a1:4f:43:08:fb:21:9c:
         38:c1:d0:4e:22:7c:f1:06:5c:db:71:ed:ee:e8:9d:7c:63:13:
         57:f4:51:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5/X5UDqDqsF2/VFdVf5DXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzExMTQ1NzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJmMzNiZjgzMjI3Nzg2NTE5MGVlOGQ3Nzg1ZGQyYTU3NTU4NDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHafxH0M3umXn8ooSDB15lWptDU5
waxHXhooJCV3jl0xBCDOw7Os5YJ0nt+nOg6ODfHSieSSbhnS9aQvU1xnsFNOo7Y+
xWPBfHEjh6VVPrZDih87JaBi05TiTrDhkM5n5dQ5FaoNP/JVpVrK49nG2lF/oxsd
uSnubaVDX/gf8nsQO2tMv7oevyudmquyo5r5SJNiZf471syEJKC2KIVwqNtUXDGN
GdlYkrviBWoo+CMwchie0bvo/+hSxy4Ax6IanlbnuTa8YyM9IeVUcZXexI++lS+c
8mQLzK1A5dI4JL5vM83sgkh293Ot+DcFg1+gSgrK1NQUv1X1UovFYtA5yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUvM7+DIneGUZDujXeF3SpXVYQXMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOVM4enY0TWlkNFpSa082TmQ0WGRLbGRWaEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzk3MA0G
CSqGSIb3DQEBCwUAA4IBAQCEzgPs2LHwU+M6qvpmBtDOSn5Lj1jhe6bCTQvkB0y5
Rk7bYb63UMgfV4m3BD3DWDDjBsLkdlywfsSSCt8E1eEkpuBDRkggQqwCbFGvPyOo
eiRVzTb5XJzM5hfEIJ4ryUoTn4bL9WZ0/mAcn+TWvo844exPsTR+D+gjredTEbf1
Pi4Mt1BH8AN0u/RwiexQhF469uhj1Ygf5T6lDHxH4jf5EGCpNcEgW8ep62mwL6Nk
yRWL2lk3jbJOceOMdVxugZIaAVBscdrQ8ttDGMtM8RGnmE7934entBN7tlW/J241
lP2DraFPQwj7IZw4wdBOInzxBlzbce3u6J18YxNX9FHP
-----END CERTIFICATE-----