Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ajca6YSra98GjS_ZkC-ztaqmsFk.roa
File:                     Ajca6YSra98GjS_ZkC-ztaqmsFk.roa (raw, json)
Hash identifier:          VnQQ2S7SlKTTimbagWj4mc8vqsWSD2uTlrOIsg1XeuA=
Subject key identifier:   02:37:1A:E9:84:AB:6B:DF:06:8D:2F:D9:90:2F:B3:B5:AA:A6:B0:59
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019808CD9B0F809E96AAEF8C039AB131ED01
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ajca6YSra98GjS_ZkC-ztaqmsFk.roa
Signing time:             Mon 14 Jul 2025 11:59:08 +0000
ROA not before:           Mon 14 Jul 2025 11:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        31.56.191.0/24 maxlen: 24
                          31.57.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:cd:9b:0f:80:9e:96:aa:ef:8c:03:9a:b1:31:ed:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 14 11:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02371ae984ab6bdf068d2fd9902fb3b5aaa6b059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:85:da:89:14:7d:e3:62:5d:51:7d:10:f5:5e:
                    a3:74:5b:06:7b:ca:ce:de:7f:f2:d7:85:9c:77:20:
                    7f:d9:fe:c1:e0:7e:04:7b:a9:d8:7f:c2:76:08:f4:
                    96:50:4b:c4:4b:03:a2:90:3f:02:08:51:c7:4f:7b:
                    22:8c:75:bb:f8:05:f2:de:51:99:13:a7:35:39:82:
                    e5:bc:6f:77:7f:9c:76:23:ac:17:ef:46:64:4e:8a:
                    19:e3:ff:93:21:f1:94:02:1b:51:61:42:3a:15:0c:
                    51:e9:47:ff:85:d9:d5:47:52:6d:ed:43:73:79:46:
                    fe:30:b5:19:7e:f4:bf:04:9d:01:92:1d:82:cd:01:
                    61:54:f8:e2:f8:a3:57:98:81:6c:51:cf:64:2d:7d:
                    1b:7e:bf:0d:5f:c1:9c:7c:04:8b:d5:f0:f1:76:d7:
                    a0:07:04:a8:69:4a:04:4c:a3:b1:cc:85:f8:f0:46:
                    85:db:27:34:19:eb:b5:17:d1:07:19:93:68:da:11:
                    c6:8a:d6:f0:8d:9c:29:77:2d:42:00:b5:ed:18:ce:
                    63:33:aa:92:7b:89:9d:d7:4c:92:4f:b0:ea:fb:77:
                    e0:96:61:32:be:20:12:bc:c8:99:5e:d5:a3:83:37:
                    63:4c:d4:d3:91:3d:4e:db:46:25:6e:c5:ba:82:2b:
                    6a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:37:1A:E9:84:AB:6B:DF:06:8D:2F:D9:90:2F:B3:B5:AA:A6:B0:59
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ajca6YSra98GjS_ZkC-ztaqmsFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.191.0/24
                  31.57.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3c:d5:b3:10:02:e0:c2:b7:25:e9:f5:ed:1f:c8:f4:cd:0a:
         89:93:00:60:7e:dc:20:de:a9:e0:50:de:4d:bc:5c:0b:ae:e2:
         41:72:90:e0:b4:27:6a:01:22:29:a9:a0:62:63:6f:c5:41:33:
         ae:f0:0a:d2:1c:b4:d8:9b:cf:51:e4:19:e2:a3:d4:2c:16:dd:
         b9:d2:ce:c8:ea:2a:1f:65:b1:f9:ce:4b:61:8c:8f:15:8c:13:
         55:a9:b8:99:37:4f:4a:50:8b:4d:bb:ce:13:8d:7c:8d:70:38:
         1e:b5:96:89:92:9e:21:ab:f1:ed:2d:41:c5:54:d1:35:4e:69:
         e3:81:5c:d0:1f:0a:59:a9:d2:09:c0:87:3b:ed:05:43:c2:f0:
         7b:4b:eb:33:50:f8:18:be:e3:8b:13:d6:20:9c:6b:eb:f1:24:
         2c:12:e1:ff:b2:cf:22:3e:28:10:2c:9b:91:12:c7:09:8c:8b:
         cc:ab:a9:11:0a:f1:a8:6f:02:1a:68:9f:19:11:8b:c7:54:10:
         8b:23:d6:cb:8c:e0:4c:2e:28:65:ee:b3:dc:5e:91:93:12:bf:
         b8:a0:b6:d3:da:48:10:42:78:53:29:00:7f:67:b4:0d:29:72:
         4d:36:80:04:02:0a:b2:88:86:c1:44:40:d0:db:de:8d:f9:9e:
         5c:75:fd:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgIzZsPgJ6Wqu+MA5qxMe0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzE0MTE1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjM3MWFlOTg0YWI2YmRmMDY4ZDJmZDk5MDJmYjNiNWFhYTZiMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4XaiRR942JdUX0Q9V6jdFsGe8rO
3n/y14WcdyB/2f7B4H4Ee6nYf8J2CPSWUEvESwOikD8CCFHHT3sijHW7+AXy3lGZ
E6c1OYLlvG93f5x2I6wX70ZkTooZ4/+TIfGUAhtRYUI6FQxR6Uf/hdnVR1Jt7UNz
eUb+MLUZfvS/BJ0Bkh2CzQFhVPji+KNXmIFsUc9kLX0bfr8NX8GcfASL1fDxdteg
BwSoaUoETKOxzIX48EaF2yc0Geu1F9EHGZNo2hHGitbwjZwpdy1CALXtGM5jM6qS
e4md10yST7Dq+3fglmEyviASvMiZXtWjgzdjTNTTkT1O20YlbsW6gitqkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAI3GumEq2vfBo0v2ZAvs7WqprBZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWpjYTZZU3JhOThHalNfWmtDLXp0YXFtc0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzi/AwQA
Hzm2MA0GCSqGSIb3DQEBCwUAA4IBAQB0PNWzEALgwrcl6fXtH8j0zQqJkwBgftwg
3qngUN5NvFwLruJBcpDgtCdqASIpqaBiY2/FQTOu8ArSHLTYm89R5Bnio9QsFt25
0s7I6iofZbH5zkthjI8VjBNVqbiZN09KUItNu84TjXyNcDgetZaJkp4hq/HtLUHF
VNE1TmnjgVzQHwpZqdIJwIc77QVDwvB7S+szUPgYvuOLE9YgnGvr8SQsEuH/ss8i
PigQLJuREscJjIvMq6kRCvGobwIaaJ8ZEYvHVBCLI9bLjOBMLihl7rPcXpGTEr+4
oLbT2kgQQnhTKQB/Z7QNKXJNNoAEAgqyiIbBREDQ296N+Z5cdf0V
-----END CERTIFICATE-----