Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/voQ9pm1p-7z5QmI8M4Tpaz19zfw.roa
File:                     voQ9pm1p-7z5QmI8M4Tpaz19zfw.roa (raw, json)
Hash identifier:          AOm5kzWcws2ZC9lklPMekxWE2KK5/deKZzMY6g3KoJ8=
Subject key identifier:   BE:84:3D:A6:6D:69:FB:BC:F9:42:62:3C:33:84:E9:6B:3D:7D:CD:FC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01999E39150E3CDB2B9654B37578C89451BE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/voQ9pm1p-7z5QmI8M4Tpaz19zfw.roa
Signing time:             Wed 01 Oct 2025 05:22:45 +0000
ROA not before:           Wed 01 Oct 2025 05:22:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        31.56.61.0/24 maxlen: 24
                          31.57.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 14:36:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:39:15:0e:3c:db:2b:96:54:b3:75:78:c8:94:51:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  1 05:22:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be843da66d69fbbcf942623c3384e96b3d7dcdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3a:49:8f:f6:20:eb:0c:4c:0a:4f:cb:05:e4:
                    aa:fc:80:13:34:fb:6a:af:61:ee:a1:e2:f0:22:dd:
                    9c:fd:71:24:45:93:ae:2b:50:8a:42:7c:1b:eb:af:
                    e2:9c:04:0f:5f:db:84:d9:7f:b0:31:8e:cf:9a:d7:
                    00:a4:53:33:1b:1b:c3:46:ca:79:3e:fe:de:f4:9b:
                    17:29:b8:f6:57:db:e9:0e:4d:08:c9:80:5a:cb:d6:
                    be:24:8c:d3:9e:b4:65:49:1c:e8:c7:c6:7f:ab:f1:
                    0d:2f:06:d3:7c:a4:4c:1b:b4:75:6d:69:c1:ec:b2:
                    9c:a5:b1:af:89:b7:b1:b2:ef:f3:c0:d7:92:e4:d6:
                    c0:b1:ac:49:3f:e7:85:22:42:30:2f:17:75:1e:b7:
                    eb:f6:79:a2:60:94:8d:68:5b:42:a8:a6:94:7f:0e:
                    69:85:89:f0:44:73:00:c5:d4:22:b9:67:cb:28:9b:
                    53:5c:f6:b8:c2:97:06:ae:b6:ce:e8:b0:08:af:57:
                    93:a9:36:43:7b:6d:75:98:32:75:36:06:b5:40:ef:
                    bc:1b:16:64:c8:3a:71:7d:69:12:2e:8c:cd:6c:f2:
                    2b:dd:a0:8b:38:d7:ca:0d:90:33:20:16:6e:82:1f:
                    90:5a:7e:66:1c:a6:2e:92:c1:88:c7:c1:10:77:54:
                    64:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:84:3D:A6:6D:69:FB:BC:F9:42:62:3C:33:84:E9:6B:3D:7D:CD:FC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/voQ9pm1p-7z5QmI8M4Tpaz19zfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.61.0/24
                  31.57.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:7a:4b:30:95:c9:6c:ed:7d:82:2e:20:8f:a9:48:5f:f8:ab:
         0e:a0:8a:ad:c7:db:83:95:de:7e:8b:ae:ab:0c:b6:60:da:47:
         6f:f4:f3:1d:c6:e2:97:d4:a6:e3:e4:1d:7d:6f:ac:70:eb:80:
         15:b4:e8:58:c9:e1:05:50:f5:36:ac:c8:73:6b:53:7b:4c:58:
         40:23:0b:74:80:f2:7e:ef:40:24:9e:fa:ec:91:cc:7a:ad:39:
         52:e0:4c:cd:f8:e1:86:5c:64:6a:92:25:27:08:dd:3b:c5:71:
         ce:df:8b:f9:fe:35:a4:38:55:bc:42:30:7a:2b:ff:a2:52:f9:
         9c:7a:0c:6d:ee:19:50:55:1c:fa:70:f1:93:c3:e4:d4:0d:a7:
         cb:03:0f:e6:5d:34:3d:06:f8:8a:fa:09:c4:1f:85:ea:7c:0a:
         7f:4d:8f:25:cc:61:8d:af:fa:91:78:44:84:30:38:41:76:32:
         f2:e3:d7:70:c7:aa:cf:38:b3:13:f6:b1:5e:30:7f:43:e4:ed:
         a1:0a:4e:98:90:60:ce:03:db:fb:91:c5:b8:2b:da:bb:d3:28:
         58:99:73:8e:83:37:ab:d7:e6:90:cc:d6:88:d0:8d:ad:5f:ec:
         12:a9:ff:1d:22:23:91:6b:f7:57:d3:ea:9a:48:ad:81:d6:37:
         cd:14:e2:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmeORUOPNsrllSzdXjIlFG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDAxMDUyMjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg0M2RhNjZkNjlmYmJjZjk0MjYyM2MzMzg0ZTk2YjNkN2RjZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjpJj/Yg6wxMCk/LBeSq/IATNPtq
r2HuoeLwIt2c/XEkRZOuK1CKQnwb66/inAQPX9uE2X+wMY7PmtcApFMzGxvDRsp5
Pv7e9JsXKbj2V9vpDk0IyYBay9a+JIzTnrRlSRzox8Z/q/ENLwbTfKRMG7R1bWnB
7LKcpbGvibexsu/zwNeS5NbAsaxJP+eFIkIwLxd1Hrfr9nmiYJSNaFtCqKaUfw5p
hYnwRHMAxdQiuWfLKJtTXPa4wpcGrrbO6LAIr1eTqTZDe211mDJ1Nga1QO+8GxZk
yDpxfWkSLozNbPIr3aCLONfKDZAzIBZugh+QWn5mHKYuksGIx8EQd1RkUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL6EPaZtafu8+UJiPDOE6Ws9fc38MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdm9ROXBtMXAtN3o1UW1JOE00VHBhejE5emZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzg9AwQA
HzniMA0GCSqGSIb3DQEBCwUAA4IBAQA2ekswlcls7X2CLiCPqUhf+KsOoIqtx9uD
ld5+i66rDLZg2kdv9PMdxuKX1Kbj5B19b6xw64AVtOhYyeEFUPU2rMhza1N7TFhA
Iwt0gPJ+70Aknvrskcx6rTlS4EzN+OGGXGRqkiUnCN07xXHO34v5/jWkOFW8QjB6
K/+iUvmcegxt7hlQVRz6cPGTw+TUDafLAw/mXTQ9BviK+gnEH4XqfAp/TY8lzGGN
r/qReESEMDhBdjLy49dwx6rPOLMT9rFeMH9D5O2hCk6YkGDOA9v7kcW4K9q70yhY
mXOOgzer1+aQzNaI0I2tX+wSqf8dIiORa/dX0+qaSK2B1jfNFOJE
-----END CERTIFICATE-----