Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9thnnDHzKXZbreeuxbNeRUWnluM.roa
File:                     9thnnDHzKXZbreeuxbNeRUWnluM.roa (raw, json)
Hash identifier:          m+s9ONxVUDt4bGtUAUd+CAm0vRFdkTLrgjqL791gGxQ=
Subject key identifier:   F6:D8:67:9C:31:F3:29:76:5B:AD:E7:AE:C5:B3:5E:45:45:A7:96:E3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197F5792E63AF1CFED0BB0F40B8158F12A7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9thnnDHzKXZbreeuxbNeRUWnluM.roa
Signing time:             Thu 10 Jul 2025 17:54:08 +0000
ROA not before:           Thu 10 Jul 2025 17:54:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142382
IP address blocks:        31.56.74.0/24 maxlen: 24
                          31.56.121.0/24 maxlen: 24
                          31.56.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 19:04:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:79:2e:63:af:1c:fe:d0:bb:0f:40:b8:15:8f:12:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 10 17:54:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6d8679c31f329765bade7aec5b35e4545a796e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4d:64:8e:10:e6:24:d5:0d:4b:c3:eb:32:01:
                    1d:d2:75:eb:98:62:3c:43:ad:c0:ff:36:72:7c:eb:
                    3c:c3:48:23:72:e6:74:20:8f:25:2c:36:d9:e8:5e:
                    17:05:d6:19:46:a6:39:aa:4d:d3:be:e0:f3:66:4a:
                    11:cc:43:c1:af:7b:49:be:9a:95:c9:91:94:f7:9c:
                    4f:35:d4:ca:e9:85:88:bb:19:45:a9:4a:0a:64:c3:
                    25:d6:00:c7:95:86:20:cc:c5:f2:2d:58:35:ac:8a:
                    99:35:f3:82:67:e5:67:11:cf:b4:40:e6:36:d9:41:
                    75:ab:97:1d:58:81:40:c6:75:b2:09:49:e3:a8:33:
                    d5:0d:86:a4:43:6b:2f:64:0b:dc:f3:ef:c6:dc:bc:
                    4c:ec:24:0a:1a:c5:d9:11:27:92:d6:2a:ba:6e:cc:
                    30:6f:8e:ba:6b:52:df:31:eb:e9:43:8c:c1:d6:b8:
                    f3:e1:31:e2:4f:96:12:47:92:14:65:a6:bb:cb:17:
                    d8:25:df:b8:14:9b:2e:a6:ab:40:ca:ed:77:03:8f:
                    9e:9b:41:6f:ab:7b:29:39:8d:5a:3d:d4:7e:17:e4:
                    33:03:33:24:8b:af:47:19:c4:85:19:ba:e3:c0:f0:
                    ea:6c:8a:79:a5:e2:49:e4:34:32:8c:4c:1a:99:22:
                    23:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D8:67:9C:31:F3:29:76:5B:AD:E7:AE:C5:B3:5E:45:45:A7:96:E3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9thnnDHzKXZbreeuxbNeRUWnluM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.74.0/24
                  31.56.121.0/24
                  31.56.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:78:29:10:99:4e:3c:7e:af:0e:34:21:44:a5:a0:ab:94:31:
         dc:53:02:89:1f:8f:f5:74:f9:5a:5b:9e:3c:f6:78:31:53:dd:
         fb:db:7e:7f:7c:31:fd:cd:c0:0c:11:4c:62:a6:f7:47:77:7b:
         f6:06:1f:aa:b1:55:89:f6:18:f0:f9:9f:ca:a4:fa:d7:20:85:
         43:3b:87:1e:4e:0e:20:02:f0:16:d4:98:b4:49:31:fe:9e:1b:
         59:53:5a:d1:f8:87:59:08:28:45:ea:81:9f:8c:e5:34:47:c4:
         d5:4a:0b:41:f1:53:e8:98:d6:88:42:01:38:a3:48:48:7d:e9:
         95:3a:69:f0:4c:73:57:85:47:1f:d7:36:ff:10:de:dc:2f:6e:
         ba:1d:a5:af:5d:60:6e:a7:4b:72:90:70:c2:c9:4a:f3:6a:1b:
         23:f5:0a:ba:ec:4f:1f:58:f3:cc:9a:8e:32:a3:94:6c:f8:97:
         11:17:7b:f9:92:7b:23:c6:56:af:08:26:d8:a3:d9:31:21:99:
         38:fe:cf:80:48:70:be:21:44:c7:ff:dd:0d:7f:26:01:0a:84:
         e8:42:56:f8:2e:71:01:c2:9a:fe:0d:55:91:c2:8f:db:b0:e7:
         66:08:4a:e7:95:81:0c:00:fc:cd:dd:74:bb:03:8f:86:a3:35:
         02:19:f7:21
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf1eS5jrxz+0LsPQLgVjxKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzEwMTc1NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQ4Njc5YzMxZjMyOTc2NWJhZGU3YWVjNWIzNWU0NTQ1YTc5NmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlE1kjhDmJNUNS8PrMgEd0nXrmGI8
Q63A/zZyfOs8w0gjcuZ0II8lLDbZ6F4XBdYZRqY5qk3TvuDzZkoRzEPBr3tJvpqV
yZGU95xPNdTK6YWIuxlFqUoKZMMl1gDHlYYgzMXyLVg1rIqZNfOCZ+VnEc+0QOY2
2UF1q5cdWIFAxnWyCUnjqDPVDYakQ2svZAvc8+/G3LxM7CQKGsXZESeS1iq6bsww
b466a1LfMevpQ4zB1rjz4THiT5YSR5IUZaa7yxfYJd+4FJsupqtAyu13A4+em0Fv
q3spOY1aPdR+F+QzAzMki69HGcSFGbrjwPDqbIp5peJJ5DQyjEwamSIjIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPbYZ5wx8yl2W63nrsWzXkVFp5bjMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOXRobm5ESHpLWFpicmVldXhiTmVSVVdubHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzhKAwQA
Hzh5AwQAHzjHMA0GCSqGSIb3DQEBCwUAA4IBAQCweCkQmU48fq8ONCFEpaCrlDHc
UwKJH4/1dPlaW5489ngxU937235/fDH9zcAMEUxipvdHd3v2Bh+qsVWJ9hjw+Z/K
pPrXIIVDO4ceTg4gAvAW1Ji0STH+nhtZU1rR+IdZCChF6oGfjOU0R8TVSgtB8VPo
mNaIQgE4o0hIfemVOmnwTHNXhUcf1zb/EN7cL266HaWvXWBup0tykHDCyUrzahsj
9Qq67E8fWPPMmo4yo5Rs+JcRF3v5knsjxlavCCbYo9kxIZk4/s+ASHC+IUTH/90N
fyYBCoToQlb4LnEBwpr+DVWRwo/bsOdmCErnlYEMAPzN3XS7A4+GozUCGfch
-----END CERTIFICATE-----