Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fkAXIUdN_wONFYOM-q3TG2Sz-X4.roa
File:                     fkAXIUdN_wONFYOM-q3TG2Sz-X4.roa (raw, json)
Hash identifier:          ZDw3Sr43kw0k2egPx9602sgFxSGlDT4X0jjH9axQbjk=
Subject key identifier:   7E:40:17:21:47:4D:FF:03:8D:15:83:8C:FA:AD:D3:1B:64:B3:F9:7E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019817795B8E6997ACE431707AD950E8C647
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fkAXIUdN_wONFYOM-q3TG2Sz-X4.roa
Signing time:             Thu 17 Jul 2025 08:21:25 +0000
ROA not before:           Thu 17 Jul 2025 08:21:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56655
IP address blocks:        31.57.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:79:5b:8e:69:97:ac:e4:31:70:7a:d9:50:e8:c6:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 17 08:21:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e401721474dff038d15838cfaadd31b64b3f97e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a3:8f:61:4e:38:8c:0c:e9:69:43:d1:c1:8b:
                    22:70:c0:46:56:83:26:c2:71:4c:c6:07:a4:4f:93:
                    e7:54:ee:3b:fc:66:ff:bd:34:5d:3f:e0:7f:87:09:
                    16:ea:3a:3b:33:c0:4c:7c:91:fd:21:8a:4f:d0:4e:
                    0d:5f:5d:13:7d:b7:7c:36:20:09:16:c3:5b:6b:69:
                    b6:76:bc:7d:83:1d:3a:b1:17:56:da:c6:e3:21:fb:
                    ae:6c:ca:9d:66:e8:fb:57:58:48:c6:ce:9c:a9:a6:
                    42:c3:32:35:32:a1:43:41:ac:14:88:7c:a5:f7:31:
                    3f:83:a6:50:04:73:e2:5e:61:1f:a6:c7:d1:66:ca:
                    11:5a:0a:b8:40:c4:fa:2b:94:5e:f4:72:9a:d1:6f:
                    e0:dd:1c:c4:94:fe:1e:05:d7:72:b8:d0:36:d1:8e:
                    36:64:2b:62:cf:35:42:14:2b:ab:8c:49:5f:38:08:
                    91:59:c7:c3:28:9b:fe:4b:f8:dd:43:42:a4:73:c3:
                    77:04:02:72:9c:97:66:62:70:bc:4e:04:ee:06:32:
                    5a:60:b7:83:a4:09:42:2e:33:66:f9:78:63:8d:c3:
                    2d:23:de:1f:2c:c2:44:d8:b4:fa:55:67:62:3b:5d:
                    66:74:7b:e0:6f:59:af:97:04:be:bb:4d:17:8e:6c:
                    5c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:40:17:21:47:4D:FF:03:8D:15:83:8C:FA:AD:D3:1B:64:B3:F9:7E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fkAXIUdN_wONFYOM-q3TG2Sz-X4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:60:ca:44:b5:b9:88:46:4b:8f:14:63:ed:d9:3e:e6:cb:bc:
         b5:a3:e1:09:2c:14:4d:28:6e:57:9d:ed:a9:f6:4c:7d:1c:ad:
         c7:7a:67:02:bd:1c:c5:12:d9:01:f3:c9:3b:8e:4d:25:da:21:
         fd:3b:90:dd:a2:6f:f2:d3:22:59:5d:56:53:7c:01:18:e1:35:
         a4:ce:fd:fd:01:9f:81:6a:a2:78:fb:2b:fe:b7:5a:a0:35:5b:
         4f:85:69:3e:b9:30:3b:ec:b5:71:7f:15:4c:3e:2c:ac:c3:a8:
         63:12:0e:e5:7a:4b:27:83:b1:8b:64:2c:2e:da:a2:c0:94:67:
         4f:fe:1e:02:2b:8a:1d:87:68:68:75:b7:ce:34:7b:b9:df:82:
         c6:75:d4:80:ce:6a:63:94:bf:05:27:40:38:f8:8b:75:a3:4b:
         e3:32:8e:5f:37:29:66:f0:2c:85:98:c6:e8:1e:b5:4b:3e:eb:
         d3:f6:37:c9:b8:ae:82:b6:80:d4:2a:f5:66:33:cb:b8:e6:44:
         61:b0:15:cf:a9:a5:c8:93:a2:8e:9a:9b:e0:a8:7a:a3:87:0f:
         b4:c3:6a:3c:8a:36:74:fe:cc:d1:e5:e2:c8:99:92:a9:0f:23:
         3a:e3:bb:39:e5:3c:f8:40:7e:77:e0:7d:f9:22:55:21:3e:c3:
         26:09:5d:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXeVuOaZes5DFwetlQ6MZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzE3MDgyMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQwMTcyMTQ3NGRmZjAzOGQxNTgzOGNmYWFkZDMxYjY0YjNmOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKOPYU44jAzpaUPRwYsicMBGVoMm
wnFMxgekT5PnVO47/Gb/vTRdP+B/hwkW6jo7M8BMfJH9IYpP0E4NX10Tfbd8NiAJ
FsNba2m2drx9gx06sRdW2sbjIfuubMqdZuj7V1hIxs6cqaZCwzI1MqFDQawUiHyl
9zE/g6ZQBHPiXmEfpsfRZsoRWgq4QMT6K5Re9HKa0W/g3RzElP4eBddyuNA20Y42
ZCtizzVCFCurjElfOAiRWcfDKJv+S/jdQ0Kkc8N3BAJynJdmYnC8TgTuBjJaYLeD
pAlCLjNm+XhjjcMtI94fLMJE2LT6VWdiO11mdHvgb1mvlwS+u00XjmxcHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5AFyFHTf8DjRWDjPqt0xtks/l+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZmtBWElVZE5fd09ORllPTS1xM1RHMlN6LVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkPMA0G
CSqGSIb3DQEBCwUAA4IBAQB1YMpEtbmIRkuPFGPt2T7my7y1o+EJLBRNKG5Xne2p
9kx9HK3HemcCvRzFEtkB88k7jk0l2iH9O5Ddom/y0yJZXVZTfAEY4TWkzv39AZ+B
aqJ4+yv+t1qgNVtPhWk+uTA77LVxfxVMPiysw6hjEg7leksng7GLZCwu2qLAlGdP
/h4CK4odh2hodbfONHu534LGddSAzmpjlL8FJ0A4+It1o0vjMo5fNylm8CyFmMbo
HrVLPuvT9jfJuK6CtoDUKvVmM8u45kRhsBXPqaXIk6KOmpvgqHqjhw+0w2o8ijZ0
/szR5eLImZKpDyM647s55Tz4QH534H35IlUhPsMmCV3x
-----END CERTIFICATE-----