Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/05_XOx3e4YrvUUJyTLqA7law0LM.roa
File:                     05_XOx3e4YrvUUJyTLqA7law0LM.roa (raw, json)
Hash identifier:          jd1TFggfGA9RjjBQElcTbckqMWxQlL/tC9ITmBh3+00=
Subject key identifier:   D3:9F:D7:3B:1D:DE:E1:8A:EF:51:42:72:4C:BA:80:EE:56:B0:D0:B3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196FEA3463702D0FBB0B07C896039AE4A76
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/05_XOx3e4YrvUUJyTLqA7law0LM.roa
Signing time:             Fri 23 May 2025 19:33:55 +0000
ROA not before:           Fri 23 May 2025 19:33:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139358
IP address blocks:        31.56.66.0/24 maxlen: 24
                          31.57.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fe:a3:46:37:02:d0:fb:b0:b0:7c:89:60:39:ae:4a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 23 19:33:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d39fd73b1ddee18aef5142724cba80ee56b0d0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:bf:2b:76:b0:dc:18:54:76:11:0e:98:43:03:
                    ba:05:47:f5:a3:79:4a:f9:cd:32:6c:f0:50:45:32:
                    a4:0f:b0:3e:9d:7a:e0:48:87:f6:34:8d:b6:3a:e3:
                    cf:5c:5f:4a:88:d5:ed:f3:42:db:9b:27:87:80:e6:
                    06:e5:29:9a:6b:de:e9:16:f7:98:40:42:39:72:99:
                    16:c9:22:7a:f7:6f:fc:48:28:44:23:db:16:ca:83:
                    bd:ca:c3:69:df:01:da:24:3b:ec:b1:df:70:e8:b7:
                    ec:25:ef:b3:30:71:27:6d:8c:2a:ef:e1:96:ce:df:
                    72:eb:ab:1e:04:17:5a:10:c0:c2:79:98:5e:92:be:
                    f9:53:78:75:b1:84:14:9f:2c:ad:a9:84:dc:95:2f:
                    19:66:53:37:87:da:62:03:7b:a1:78:fc:d9:a4:e8:
                    b6:02:2e:cb:f1:6a:47:21:60:0f:e8:f0:2d:5a:45:
                    83:90:1c:ef:51:bf:1a:65:49:82:15:e9:fd:22:4d:
                    48:c8:d8:75:b0:79:c9:09:e5:23:22:67:02:42:7f:
                    d9:12:6d:0e:3f:6f:16:66:39:44:79:3a:a9:00:8a:
                    f2:f5:1d:53:6f:d5:1c:9e:95:80:47:c5:d4:d6:23:
                    64:48:7a:4c:37:c1:0f:32:6f:83:42:aa:f6:c8:65:
                    47:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:9F:D7:3B:1D:DE:E1:8A:EF:51:42:72:4C:BA:80:EE:56:B0:D0:B3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/05_XOx3e4YrvUUJyTLqA7law0LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.66.0/24
                  31.57.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:83:68:4c:c1:a0:6a:f1:0e:a6:77:32:5a:90:0a:f6:ef:ca:
         a7:36:d6:c0:34:eb:41:8e:96:b1:81:be:4f:c0:f5:62:8f:01:
         b6:1d:dc:58:cd:46:ec:2e:d2:13:59:f6:18:e2:35:4a:fd:a3:
         a0:07:4f:bd:6f:56:8a:28:b1:57:02:79:2b:1b:36:12:61:a2:
         c4:16:bf:eb:34:70:00:41:7e:34:5e:10:15:17:fe:9c:7e:a4:
         17:ac:f3:56:17:61:49:e9:3b:c0:36:ca:a9:c4:80:7a:f8:8a:
         82:1f:a7:50:74:c1:a9:18:12:da:27:cb:2a:92:1c:eb:84:50:
         aa:ee:78:ae:81:6e:2d:ad:90:59:3c:13:f2:f8:56:a6:3a:51:
         be:58:e8:c7:1e:62:d9:73:07:a3:1d:eb:51:09:89:a8:a8:b4:
         ec:b5:88:78:9b:1b:c3:00:a8:74:31:67:7a:86:a8:5e:f0:a9:
         48:40:1d:b4:a1:e5:cd:c9:6d:14:2d:5b:35:eb:a4:b4:4d:1b:
         65:52:b6:f3:1f:94:c3:da:50:67:a8:59:5f:5e:0a:3a:d6:3b:
         8d:ef:6d:74:dd:d8:bd:5f:26:3b:4a:56:b3:17:8a:a0:ae:18:
         6a:e8:8b:37:23:80:ee:8d:ec:1f:90:07:d8:6d:85:c8:c9:80:
         93:98:c0:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb+o0Y3AtD7sLB8iWA5rkp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTIzMTkzMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzlmZDczYjFkZGVlMThhZWY1MTQyNzI0Y2JhODBlZTU2YjBkMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7L8rdrDcGFR2EQ6YQwO6BUf1o3lK
+c0ybPBQRTKkD7A+nXrgSIf2NI22OuPPXF9KiNXt80LbmyeHgOYG5Smaa97pFveY
QEI5cpkWySJ692/8SChEI9sWyoO9ysNp3wHaJDvssd9w6LfsJe+zMHEnbYwq7+GW
zt9y66seBBdaEMDCeZhekr75U3h1sYQUnyytqYTclS8ZZlM3h9piA3uhePzZpOi2
Ai7L8WpHIWAP6PAtWkWDkBzvUb8aZUmCFen9Ik1IyNh1sHnJCeUjImcCQn/ZEm0O
P28WZjlEeTqpAIry9R1Tb9UcnpWAR8XU1iNkSHpMN8EPMm+DQqr2yGVH6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNOf1zsd3uGK71FCcky6gO5WsNCzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMDVfWE94M2U0WXJ2VVVKeVRMcUE3bGF3MExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhCAwQA
Hzn4MA0GCSqGSIb3DQEBCwUAA4IBAQA+g2hMwaBq8Q6mdzJakAr278qnNtbANOtB
jpaxgb5PwPVijwG2HdxYzUbsLtITWfYY4jVK/aOgB0+9b1aKKLFXAnkrGzYSYaLE
Fr/rNHAAQX40XhAVF/6cfqQXrPNWF2FJ6TvANsqpxIB6+IqCH6dQdMGpGBLaJ8sq
khzrhFCq7niugW4trZBZPBPy+FamOlG+WOjHHmLZcwejHetRCYmoqLTstYh4mxvD
AKh0MWd6hqhe8KlIQB20oeXNyW0ULVs166S0TRtlUrbzH5TD2lBnqFlfXgo61juN
72103di9XyY7SlazF4qgrhhq6Is3I4DujewfkAfYbYXIyYCTmMDg
-----END CERTIFICATE-----