Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ggmiiNoXwRMjIKg6rbdCmtSi2Tg.roa
File:                     ggmiiNoXwRMjIKg6rbdCmtSi2Tg.roa (raw, json)
Hash identifier:          ZTbuLdLUEOdNGgeKSfCaTQog5Qyd83j4R5xubeiN1yM=
Subject key identifier:   82:09:A2:88:DA:17:C1:13:23:20:A8:3A:AD:B7:42:9A:D4:A2:D9:38
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197F9A01BCA319BE5C6F6403253891568CA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ggmiiNoXwRMjIKg6rbdCmtSi2Tg.roa
Signing time:             Fri 11 Jul 2025 13:15:09 +0000
ROA not before:           Fri 11 Jul 2025 13:15:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23507
IP address blocks:        31.57.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:a0:1b:ca:31:9b:e5:c6:f6:40:32:53:89:15:68:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 11 13:15:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8209a288da17c1132320a83aadb7429ad4a2d938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:93:76:04:8f:b5:c5:02:fc:d3:54:cd:b3:6a:
                    c1:c1:3f:56:96:b2:58:f5:82:76:19:ba:1f:21:48:
                    b5:17:ad:18:f4:73:31:7d:49:07:fa:f3:01:f8:fc:
                    82:64:0a:34:72:5b:ef:c8:e7:c0:3d:9e:2b:22:99:
                    c8:8d:4f:d1:7a:8e:88:24:7e:65:5f:0b:98:0f:b5:
                    74:34:fd:10:25:6b:c8:68:45:7e:f2:3a:19:c4:d7:
                    44:0d:8f:dc:f9:9d:33:4f:9c:7b:b9:a2:3f:8a:2a:
                    36:03:ca:17:9b:32:db:f2:9a:d3:ec:52:b2:a6:55:
                    cf:8b:e5:6c:c5:81:51:44:78:58:1c:59:64:cf:eb:
                    3d:12:9c:bc:a3:db:01:74:30:13:65:25:ff:d7:3f:
                    d4:0b:46:37:27:57:48:db:d7:ba:ab:c8:c5:eb:cd:
                    75:79:82:ac:73:b6:d6:2c:d5:ce:87:49:fd:b8:38:
                    77:97:df:02:81:a4:66:a9:cb:a8:99:1e:06:42:49:
                    21:46:dd:4c:08:dd:0e:f4:98:0a:be:55:a9:37:f9:
                    d5:db:7d:95:70:02:44:2e:e2:d9:66:77:f8:b2:c2:
                    e0:3b:35:04:66:bf:34:e3:9e:e9:9f:84:f7:7c:8f:
                    82:a7:80:16:41:58:84:96:b0:66:95:b7:fe:04:a7:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:09:A2:88:DA:17:C1:13:23:20:A8:3A:AD:B7:42:9A:D4:A2:D9:38
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ggmiiNoXwRMjIKg6rbdCmtSi2Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:60:3c:28:31:59:fd:e3:ac:a8:56:f2:14:4a:d6:dc:a4:d1:
         f6:23:4e:ba:94:49:be:a0:70:79:95:1f:cc:bf:50:2b:cf:36:
         2c:67:90:9f:3e:4c:83:8b:91:d1:27:4d:f1:da:65:44:98:e5:
         94:e7:08:05:83:a0:cb:32:d8:05:2c:c1:b8:5f:64:02:2f:fa:
         75:5c:e2:cb:d0:f7:8c:12:c5:6b:33:fa:f9:3e:ba:76:2b:76:
         dc:d6:16:e2:44:c7:44:cd:bf:54:7d:39:67:56:20:fd:f0:75:
         1a:55:a1:29:5b:e0:5d:49:b6:b2:7f:3e:ec:e3:81:95:67:1c:
         b1:4d:db:b1:71:8e:60:e5:a9:a0:fb:6c:9b:9f:26:37:d8:c8:
         ce:7b:e0:8f:89:9a:9e:d7:25:eb:4a:6f:7e:f7:b9:c2:5a:45:
         0f:f3:96:49:6e:5f:f0:a3:b4:c5:d0:17:dd:c0:53:e9:73:a3:
         16:6d:f6:51:fd:bf:51:8f:65:d8:1c:13:0f:12:90:a9:12:bb:
         4e:0c:0a:ad:4f:d8:e5:db:28:a2:6d:da:c8:74:71:06:ad:be:
         86:4e:cc:08:e3:a9:8b:0c:25:ca:dd:08:eb:61:41:43:63:53:
         08:10:bd:a5:f3:ad:d3:95:d3:3b:d5:b3:47:df:02:86:70:63:
         97:e0:1d:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5oBvKMZvlxvZAMlOJFWjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzExMTMxNTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjA5YTI4OGRhMTdjMTEzMjMyMGE4M2FhZGI3NDI5YWQ0YTJkOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pN2BI+1xQL801TNs2rBwT9WlrJY
9YJ2GbofIUi1F60Y9HMxfUkH+vMB+PyCZAo0clvvyOfAPZ4rIpnIjU/Reo6IJH5l
XwuYD7V0NP0QJWvIaEV+8joZxNdEDY/c+Z0zT5x7uaI/iio2A8oXmzLb8prT7FKy
plXPi+VsxYFRRHhYHFlkz+s9Epy8o9sBdDATZSX/1z/UC0Y3J1dI29e6q8jF6811
eYKsc7bWLNXOh0n9uDh3l98CgaRmqcuomR4GQkkhRt1MCN0O9JgKvlWpN/nV232V
cAJELuLZZnf4ssLgOzUEZr80457pn4T3fI+Cp4AWQViElrBmlbf+BKdy4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIJoojaF8ETIyCoOq23QprUotk4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ2dtaWlOb1h3Uk1qSUtnNnJiZENtdFNpMlRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzk4MA0G
CSqGSIb3DQEBCwUAA4IBAQBBYDwoMVn946yoVvIUStbcpNH2I066lEm+oHB5lR/M
v1ArzzYsZ5CfPkyDi5HRJ03x2mVEmOWU5wgFg6DLMtgFLMG4X2QCL/p1XOLL0PeM
EsVrM/r5Prp2K3bc1hbiRMdEzb9UfTlnViD98HUaVaEpW+BdSbayfz7s44GVZxyx
TduxcY5g5amg+2ybnyY32MjOe+CPiZqe1yXrSm9+97nCWkUP85ZJbl/wo7TF0Bfd
wFPpc6MWbfZR/b9Rj2XYHBMPEpCpErtODAqtT9jl2yiibdrIdHEGrb6GTswI46mL
DCXK3QjrYUFDY1MIEL2l863TldM71bNH3wKGcGOX4B0e
-----END CERTIFICATE-----