Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s8vJ6kO6bRN4VdU8AJ64mYBLEgI.roa
File:                     s8vJ6kO6bRN4VdU8AJ64mYBLEgI.roa (raw, json)
Hash identifier:          MSPtaYAtStostz5yQKBs/Ac+iy4O6rl9JxbxozPTZdk=
Subject key identifier:   B3:CB:C9:EA:43:BA:6D:13:78:55:D5:3C:00:9E:B8:99:80:4B:12:02
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019840531DFDB9E85DAC49D2AEBDB8D3282B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s8vJ6kO6bRN4VdU8AJ64mYBLEgI.roa
Signing time:             Fri 25 Jul 2025 06:44:05 +0000
ROA not before:           Fri 25 Jul 2025 06:44:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212615
IP address blocks:        31.59.168.0/24 maxlen: 24
                          2a14:6e40:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:53:1d:fd:b9:e8:5d:ac:49:d2:ae:bd:b8:d3:28:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 25 06:44:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3cbc9ea43ba6d137855d53c009eb899804b1202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9b:21:20:36:cb:55:d2:e0:7a:53:a6:c7:83:
                    cd:a4:67:a3:d3:9f:9b:f5:7a:4f:0a:55:72:98:17:
                    b9:7d:0f:b5:3c:67:37:ae:78:07:d8:3c:48:31:f7:
                    87:b2:de:a0:7f:7d:e1:c5:d5:f4:ce:be:e0:98:65:
                    90:44:a3:e7:9a:88:0c:de:3b:32:08:15:df:87:d8:
                    af:41:cd:3a:eb:bd:5d:0a:39:be:07:ea:cd:2a:78:
                    b8:47:ee:8b:52:c8:95:40:71:c7:03:01:86:04:f6:
                    26:e1:56:71:9d:6c:49:1d:79:56:05:d2:de:50:d7:
                    9f:ba:74:bd:20:46:12:23:62:9d:79:a2:d8:10:72:
                    62:38:d8:f1:aa:c9:8e:b7:70:1b:df:60:0c:1f:cf:
                    51:32:85:0c:3b:97:bc:f4:0b:7a:a8:d2:a5:f2:d4:
                    33:66:27:99:38:5f:e3:62:32:8c:54:03:cd:34:f3:
                    3a:6d:cd:1b:bc:a3:8c:02:0c:91:b1:14:21:b6:d8:
                    5a:d6:22:a4:4b:82:a5:54:01:62:4d:9f:77:34:90:
                    56:63:d6:3b:6e:f1:d0:3a:f0:85:1b:ac:e3:51:48:
                    87:6c:24:50:ea:40:de:39:7a:08:d2:38:fe:7a:22:
                    9e:45:05:ae:5f:7c:70:de:4e:89:7b:f1:79:60:90:
                    77:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CB:C9:EA:43:BA:6D:13:78:55:D5:3C:00:9E:B8:99:80:4B:12:02
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s8vJ6kO6bRN4VdU8AJ64mYBLEgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.168.0/24
                IPv6:
                  2a14:6e40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:db:07:fc:b3:3b:6b:b2:08:20:2d:4f:ec:84:ff:fc:c2:d9:
         83:59:cb:7b:24:1a:a1:4d:a3:01:07:45:e0:a1:89:ec:fd:12:
         c3:65:19:1c:e8:5d:d8:f2:9c:25:fb:02:f5:77:de:6d:74:c9:
         35:d2:c3:f4:9c:69:67:5b:d9:c1:20:da:58:86:d0:57:f9:b1:
         d5:ef:22:59:00:c3:89:81:5c:35:08:d7:df:44:56:3f:04:76:
         b4:49:3c:b4:2a:cd:c2:67:7c:88:b7:32:1f:bc:72:78:cb:47:
         16:dc:53:e2:9f:14:22:1f:ea:6a:2c:66:65:1b:2b:94:9d:93:
         6c:ee:8a:b5:5e:dc:6a:13:bf:f2:cc:2d:9d:cd:92:a0:5e:0e:
         87:8e:8d:38:36:e0:e0:c1:55:28:21:09:0f:00:59:c7:cb:f3:
         52:ac:2a:2e:cd:b7:e7:a3:d6:60:70:42:37:d6:ae:68:33:b4:
         7e:76:47:b6:e5:54:5c:7c:b4:d9:35:12:e8:0e:3a:33:c9:78:
         2a:4a:50:79:00:c1:0e:2f:2a:14:54:b4:d4:e4:d8:d9:a7:ae:
         d0:83:b4:be:81:5a:9b:b3:ba:74:af:77:e7:9f:a9:b0:12:d2:
         30:17:1b:f6:11:49:40:22:d7:46:8d:76:22:89:4c:8d:fb:f0:
         69:71:4e:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhAUx39uehdrEnSrr240ygrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI1MDY0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2NiYzllYTQzYmE2ZDEzNzg1NWQ1M2MwMDllYjg5OTgwNGIxMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJshIDbLVdLgelOmx4PNpGej05+b
9XpPClVymBe5fQ+1PGc3rngH2DxIMfeHst6gf33hxdX0zr7gmGWQRKPnmogM3jsy
CBXfh9ivQc06671dCjm+B+rNKni4R+6LUsiVQHHHAwGGBPYm4VZxnWxJHXlWBdLe
UNefunS9IEYSI2KdeaLYEHJiONjxqsmOt3Ab32AMH89RMoUMO5e89At6qNKl8tQz
ZieZOF/jYjKMVAPNNPM6bc0bvKOMAgyRsRQhttha1iKkS4KlVAFiTZ93NJBWY9Y7
bvHQOvCFG6zjUUiHbCRQ6kDeOXoI0jj+eiKeRQWuX3xw3k6Je/F5YJB31QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLPLyepDum0TeFXVPACeuJmASxICMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvczh2SjZrTzZiUk40VmRVOEFKNjRtWUJMRWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAHzuoMA8E
AgACMAkDBwAqFG5AAAEwDQYJKoZIhvcNAQELBQADggEBAJHbB/yzO2uyCCAtT+yE
//zC2YNZy3skGqFNowEHReChiez9EsNlGRzoXdjynCX7AvV33m10yTXSw/ScaWdb
2cEg2liG0Ff5sdXvIlkAw4mBXDUI199EVj8EdrRJPLQqzcJnfIi3Mh+8cnjLRxbc
U+KfFCIf6mosZmUbK5Sdk2zuirVe3GoTv/LMLZ3NkqBeDoeOjTg24ODBVSghCQ8A
WcfL81KsKi7Nt+ej1mBwQjfWrmgztH52R7blVFx8tNk1EugOOjPJeCpKUHkAwQ4v
KhRUtNTk2NmnrtCDtL6BWpuzunSvd+efqbAS0jAXG/YRSUAi10aNdiKJTI378Glx
Tug=
-----END CERTIFICATE-----