Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h9UscUHW0sDBOCc5FUu8IJ2dqxY.roa
File:                     h9UscUHW0sDBOCc5FUu8IJ2dqxY.roa (raw, json)
Hash identifier:          maCC/8Dm2Lp+m4MvSexELLDQQcOHpyk1OqI8ZBe8Res=
Subject key identifier:   87:D5:2C:71:41:D6:D2:C0:C1:38:27:39:15:4B:BC:20:9D:9D:AB:16
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198406F7ED03C133E05FC8F5D6BA565F441
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h9UscUHW0sDBOCc5FUu8IJ2dqxY.roa
Signing time:             Fri 25 Jul 2025 07:15:05 +0000
ROA not before:           Fri 25 Jul 2025 07:15:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     843
IP address blocks:        31.56.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:6f:7e:d0:3c:13:3e:05:fc:8f:5d:6b:a5:65:f4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 25 07:15:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87d52c7141d6d2c0c1382739154bbc209d9dab16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f9:75:90:30:1f:60:65:c1:6f:fd:51:e7:9d:
                    d7:d8:a7:b0:fb:08:b8:58:6e:5b:01:0b:97:4b:d2:
                    c9:38:1a:bc:b7:26:82:a2:99:e1:74:6c:26:34:64:
                    9c:20:17:62:77:18:86:25:a1:95:5c:d6:9a:f6:c7:
                    1d:94:74:31:9d:74:61:df:2a:23:d1:b0:a9:da:9d:
                    84:ce:76:98:8e:85:9b:19:c7:91:6e:b7:8e:10:96:
                    a7:0c:7a:38:c8:bc:96:93:2d:81:be:36:d0:83:2a:
                    98:01:ea:bf:e2:e5:28:9b:83:b4:30:01:f5:21:06:
                    c0:ef:20:42:b6:7c:41:55:9d:3b:01:1a:11:b0:ac:
                    51:44:99:39:8e:aa:2c:d0:e4:88:f3:45:bf:7f:b2:
                    e3:f4:f7:73:db:f0:d7:88:d4:41:5f:d9:7a:2f:0e:
                    ba:0b:b4:66:c1:8b:63:37:1e:0e:61:96:34:bf:71:
                    f7:99:cf:97:1e:21:f2:d2:0f:23:00:2b:e0:91:d2:
                    50:ce:ad:09:bc:cb:18:c7:b8:52:38:bd:66:60:66:
                    b4:ea:31:b9:97:c2:fc:12:05:e4:a0:46:ba:57:b1:
                    ae:59:ca:b5:92:b1:62:bb:81:ef:bd:5f:b5:73:8b:
                    14:f0:28:05:c0:7b:62:09:1a:48:49:b7:a9:0d:65:
                    41:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D5:2C:71:41:D6:D2:C0:C1:38:27:39:15:4B:BC:20:9D:9D:AB:16
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h9UscUHW0sDBOCc5FUu8IJ2dqxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:fe:00:00:39:c8:49:be:8b:8d:6e:96:6a:ab:d5:5c:1a:6f:
         76:02:30:9f:87:6d:3e:c9:17:7b:80:c8:57:dd:f2:fe:90:b4:
         34:64:9f:99:71:4d:52:5b:6a:76:7b:9e:7c:41:72:fe:40:ec:
         40:ce:b1:e1:31:41:19:02:b5:5e:39:1f:0e:5f:33:87:5b:08:
         a6:f6:51:ee:a3:bf:64:59:50:9c:0a:d3:dd:30:f0:a0:85:9e:
         58:2b:fa:d3:42:a8:af:41:63:60:ff:a6:51:9c:04:d8:70:b1:
         b2:0b:6a:60:80:81:a4:cc:87:89:fa:e1:a2:3e:fa:f9:12:21:
         14:54:70:db:57:1c:92:35:f2:d9:2f:44:1c:52:56:dc:6f:17:
         aa:a6:a0:8c:35:52:6e:bb:3f:46:69:f3:c7:8e:97:ed:63:21:
         ab:fa:7d:57:69:69:26:a7:0f:49:7a:6d:4b:d8:00:8d:e3:37:
         b5:94:45:48:86:76:8b:a6:9c:0c:85:41:ff:9d:a1:e1:1e:86:
         5a:bf:01:59:c3:ea:2d:97:05:b2:92:68:31:3e:5c:48:3e:e1:
         a4:e4:ec:a1:bd:f2:85:f7:04:84:78:f4:42:2d:dd:a3:59:79:
         44:99:81:e7:92:74:cf:fe:bd:58:41:b5:f2:9d:6a:57:79:90:
         0c:8b:de:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhAb37QPBM+BfyPXWulZfRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI1MDcxNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q1MmM3MTQxZDZkMmMwYzEzODI3MzkxNTRiYmMyMDlkOWRhYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/l1kDAfYGXBb/1R553X2Kew+wi4
WG5bAQuXS9LJOBq8tyaCopnhdGwmNGScIBdidxiGJaGVXNaa9scdlHQxnXRh3yoj
0bCp2p2EznaYjoWbGceRbreOEJanDHo4yLyWky2BvjbQgyqYAeq/4uUom4O0MAH1
IQbA7yBCtnxBVZ07ARoRsKxRRJk5jqos0OSI80W/f7Lj9Pdz2/DXiNRBX9l6Lw66
C7RmwYtjNx4OYZY0v3H3mc+XHiHy0g8jACvgkdJQzq0JvMsYx7hSOL1mYGa06jG5
l8L8EgXkoEa6V7GuWcq1krFiu4HvvV+1c4sU8CgFwHtiCRpISbepDWVBrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfVLHFB1tLAwTgnORVLvCCdnasWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaDlVc2NVSFcwc0RCT0NjNUZVdThJSjJkcXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzgqMA0G
CSqGSIb3DQEBCwUAA4IBAQBV/gAAOchJvouNbpZqq9VcGm92AjCfh20+yRd7gMhX
3fL+kLQ0ZJ+ZcU1SW2p2e558QXL+QOxAzrHhMUEZArVeOR8OXzOHWwim9lHuo79k
WVCcCtPdMPCghZ5YK/rTQqivQWNg/6ZRnATYcLGyC2pggIGkzIeJ+uGiPvr5EiEU
VHDbVxySNfLZL0QcUlbcbxeqpqCMNVJuuz9GafPHjpftYyGr+n1XaWkmpw9Jem1L
2ACN4ze1lEVIhnaLppwMhUH/naHhHoZavwFZw+otlwWykmgxPlxIPuGk5OyhvfKF
9wSEePRCLd2jWXlEmYHnknTP/r1YQbXynWpXeZAMi97j
-----END CERTIFICATE-----