Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BXR4Sa0QflXfPIExnogwciz-574.roa
File:                     BXR4Sa0QflXfPIExnogwciz-574.roa (raw, json)
Hash identifier:          GU40XhnI77bK8MT2thB13nm5KrqWjsDeF3uONf8diDM=
Subject key identifier:   05:74:78:49:AD:10:7E:55:DF:3C:81:31:9E:88:30:72:2C:FE:E7:BE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198406F7F950B60926824266BAC56BE8814
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BXR4Sa0QflXfPIExnogwciz-574.roa
Signing time:             Fri 25 Jul 2025 07:15:05 +0000
ROA not before:           Fri 25 Jul 2025 07:15:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150249
IP address blocks:        31.56.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:6f:7f:95:0b:60:92:68:24:26:6b:ac:56:be:88:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 25 07:15:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05747849ad107e55df3c81319e8830722cfee7be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b6:28:bb:78:d0:fc:33:4f:77:44:3b:2e:90:
                    af:55:3a:c6:d7:74:0c:86:de:27:6d:17:c6:9f:88:
                    1a:61:e9:be:c1:21:bc:c3:2a:37:a6:18:2e:5d:5f:
                    04:71:a9:ff:d1:b0:17:45:6b:9e:46:8e:06:44:b6:
                    0c:df:d4:a7:bb:d3:31:3d:8a:95:0b:e7:df:0f:0d:
                    86:16:f4:82:bb:69:78:a1:5b:09:de:30:46:fb:d1:
                    40:88:cb:77:67:c1:c0:66:4f:80:c6:6a:f7:e2:bd:
                    7b:96:20:69:a3:f3:83:74:fb:b8:51:aa:8b:a8:68:
                    0c:03:02:3f:dc:b1:8a:f2:08:99:33:3a:f7:af:8f:
                    12:d7:2f:5a:7f:d9:9b:0b:89:cc:7f:20:16:82:c9:
                    52:ea:fe:fd:47:ad:e6:06:ad:f6:72:ee:99:36:cd:
                    8b:30:a6:99:73:e8:09:15:d9:48:b5:09:14:35:d6:
                    e6:33:55:ea:c6:dc:5a:80:77:d6:c4:95:43:1b:cf:
                    e7:d1:25:6f:22:2b:d3:4c:bb:cf:87:bd:d5:c2:b2:
                    c8:d5:df:a6:59:2b:a3:88:55:c1:eb:62:e1:21:84:
                    32:ef:10:58:e3:5f:0b:7a:ee:14:4b:7b:40:c1:bb:
                    85:ca:a0:ce:73:a0:2a:0e:ee:65:ab:07:9f:b8:b3:
                    28:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:74:78:49:AD:10:7E:55:DF:3C:81:31:9E:88:30:72:2C:FE:E7:BE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BXR4Sa0QflXfPIExnogwciz-574.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:80:67:54:b1:3e:57:60:cc:75:68:cd:14:d4:7c:97:6f:f8:
         90:24:16:4e:ae:f4:ef:4a:a7:5e:18:ef:ef:b9:6a:2d:3c:2a:
         29:8f:00:4b:56:ee:91:02:15:5d:4e:3b:c9:5c:5e:18:10:72:
         f0:f5:10:18:26:ce:a7:14:8d:8d:1c:1c:5c:4b:3d:97:26:0e:
         58:96:20:5c:3f:0d:d9:fc:62:96:f2:f1:c1:58:f6:90:20:8e:
         37:b4:66:dd:3b:d4:80:19:e8:d9:91:3f:55:43:b4:8c:96:d3:
         36:99:95:fc:c8:09:db:c6:c3:73:85:a4:6d:01:ed:c9:49:74:
         83:be:a3:cc:8e:cf:3c:bb:45:9f:cd:59:32:8e:ef:60:bf:a8:
         59:b4:07:54:70:e5:d0:bf:d4:c3:d6:c5:34:bd:35:db:cb:83:
         2c:d6:3a:e6:ba:a1:55:e1:1d:d8:d9:1f:e2:93:88:f6:b5:f6:
         e1:0e:60:5a:ab:1d:7f:a2:1e:e4:8a:98:0e:b6:71:dc:49:a9:
         a1:4c:3f:c6:82:1f:f4:2d:4a:ed:83:11:d7:d8:c1:30:0c:d0:
         2c:0d:c7:90:e0:e5:8f:96:80:63:3b:eb:52:cd:21:10:9a:b2:
         c3:4e:6a:6f:79:34:a9:22:aa:87:7c:05:ff:f6:b2:37:4c:ab:
         75:e3:20:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhAb3+VC2CSaCQma6xWvogUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI1MDcxNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTc0Nzg0OWFkMTA3ZTU1ZGYzYzgxMzE5ZTg4MzA3MjJjZmVlN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7You3jQ/DNPd0Q7LpCvVTrG13QM
ht4nbRfGn4gaYem+wSG8wyo3phguXV8Ecan/0bAXRWueRo4GRLYM39Snu9MxPYqV
C+ffDw2GFvSCu2l4oVsJ3jBG+9FAiMt3Z8HAZk+Axmr34r17liBpo/ODdPu4UaqL
qGgMAwI/3LGK8giZMzr3r48S1y9af9mbC4nMfyAWgslS6v79R63mBq32cu6ZNs2L
MKaZc+gJFdlItQkUNdbmM1XqxtxagHfWxJVDG8/n0SVvIivTTLvPh73VwrLI1d+m
WSujiFXB62LhIYQy7xBY418Leu4US3tAwbuFyqDOc6AqDu5lqwefuLMolQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAV0eEmtEH5V3zyBMZ6IMHIs/ue+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQlhSNFNhMFFmbFhmUElFeG5vZ3djaXotNTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgeMA0G
CSqGSIb3DQEBCwUAA4IBAQAWgGdUsT5XYMx1aM0U1HyXb/iQJBZOrvTvSqdeGO/v
uWotPCopjwBLVu6RAhVdTjvJXF4YEHLw9RAYJs6nFI2NHBxcSz2XJg5YliBcPw3Z
/GKW8vHBWPaQII43tGbdO9SAGejZkT9VQ7SMltM2mZX8yAnbxsNzhaRtAe3JSXSD
vqPMjs88u0WfzVkyju9gv6hZtAdUcOXQv9TD1sU0vTXby4Ms1jrmuqFV4R3Y2R/i
k4j2tfbhDmBaqx1/oh7kipgOtnHcSamhTD/Ggh/0LUrtgxHX2MEwDNAsDceQ4OWP
loBjO+tSzSEQmrLDTmpveTSpIqqHfAX/9rI3TKt14yAo
-----END CERTIFICATE-----