Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-89vsU_SLVN0XUR7yKAv_J0Dxrc.roa
File:                     1-89vsU_SLVN0XUR7yKAv_J0Dxrc.roa (raw, json)
Hash identifier:          /lG3zi1BZtLYexDKrzjI8zvkGO1GF86eLVt8rs9kje4=
Subject key identifier:   FB:CF:6F:B1:4F:D2:2D:53:74:5D:44:7B:C8:A0:2F:FC:9D:03:C6:B7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196CEF4C8AB4DF78B10BA0A895DE19FF9E0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-89vsU_SLVN0XUR7yKAv_J0Dxrc.roa
Signing time:             Wed 14 May 2025 13:21:10 +0000
ROA not before:           Wed 14 May 2025 13:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        31.57.186.0/23 maxlen: 23
                          31.58.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:f4:c8:ab:4d:f7:8b:10:ba:0a:89:5d:e1:9f:f9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 14 13:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbcf6fb14fd22d53745d447bc8a02ffc9d03c6b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e5:8e:94:d0:45:69:69:5b:6c:f1:39:97:1f:
                    b7:e4:01:74:60:1c:3e:a6:bf:53:3b:ca:4b:16:e6:
                    30:09:3a:67:4b:d1:dd:25:64:84:32:e1:a5:1a:9c:
                    3e:9f:f2:5e:ef:dd:ae:f0:4d:84:f1:8f:00:c6:0a:
                    86:9d:46:72:21:d3:14:eb:6a:a8:07:b2:47:a4:5a:
                    63:41:38:08:64:db:09:81:a1:7c:d6:53:0b:bb:7f:
                    bf:50:1c:bd:73:2c:49:74:ed:02:bd:0a:f2:3c:98:
                    4b:c2:28:c8:9b:24:7c:dd:95:cb:31:b7:4a:53:44:
                    fd:f9:21:d9:2c:fd:32:ee:40:d9:ec:14:21:f5:cb:
                    16:2b:5f:df:94:b4:07:f3:c4:5e:2e:9d:98:d9:7a:
                    41:a3:fd:88:2a:74:0c:11:17:83:b0:e2:ea:39:2b:
                    2f:b3:e5:3b:06:3e:ff:e9:70:3f:e8:d8:01:8e:c1:
                    7d:b5:ed:8f:e5:f0:9f:ab:78:08:76:f1:55:cd:c2:
                    d8:1a:93:6a:83:2b:24:af:a5:94:b6:7b:99:25:18:
                    2c:45:b1:6f:2d:3c:67:01:96:34:94:2f:07:a7:ff:
                    08:8b:4a:df:db:55:77:a4:eb:c9:5f:fb:4f:81:f4:
                    3e:1e:7d:81:06:1e:6c:1c:ca:93:53:ed:e5:c6:90:
                    89:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:CF:6F:B1:4F:D2:2D:53:74:5D:44:7B:C8:A0:2F:FC:9D:03:C6:B7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-89vsU_SLVN0XUR7yKAv_J0Dxrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.186.0/23
                  31.58.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:9c:0a:c9:de:14:af:dd:01:38:ad:4b:0a:69:9f:22:60:da:
         4c:82:9b:14:64:42:76:ff:f4:fe:80:65:36:da:e1:66:73:eb:
         4e:a1:7f:bf:b6:96:08:53:1e:62:f4:ab:ff:53:07:d1:f6:cd:
         25:12:ac:ed:c4:66:2c:c8:57:df:26:87:c4:40:07:ec:c4:e3:
         93:2c:48:70:8f:44:91:49:6a:d0:58:1b:6d:65:29:93:51:05:
         42:b2:63:fc:a0:08:1b:89:18:1c:e5:60:ba:2f:e9:ac:02:81:
         3d:29:5b:70:82:0c:2d:d7:4d:30:56:cf:cb:5f:71:35:0b:47:
         c7:dd:87:21:ed:13:7b:28:a5:7f:0c:38:93:7d:a7:69:0a:a7:
         81:ed:5b:39:1c:81:df:94:41:e8:ab:2c:8a:a9:63:bf:43:9a:
         46:d7:c8:38:60:9f:6e:c7:10:ef:00:c2:90:38:67:51:f4:3b:
         37:56:94:02:02:4b:13:31:4b:6d:fd:22:a8:62:d9:fe:58:5f:
         16:bd:6a:88:52:fb:09:52:a5:a0:77:73:67:a7:aa:ce:14:be:
         af:58:45:10:8f:99:27:18:e9:64:54:9b:6c:8e:81:ae:7d:33:
         61:d5:61:c8:b1:6d:8b:72:33:12:81:03:2e:83:4e:84:60:88:
         ee:dc:c1:0b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZbO9MirTfeLELoKiV3hn/ngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTE0MTMyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmNmNmZiMTRmZDIyZDUzNzQ1ZDQ0N2JjOGEwMmZmYzlkMDNjNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeWOlNBFaWlbbPE5lx+35AF0YBw+
pr9TO8pLFuYwCTpnS9HdJWSEMuGlGpw+n/Je792u8E2E8Y8AxgqGnUZyIdMU62qo
B7JHpFpjQTgIZNsJgaF81lMLu3+/UBy9cyxJdO0CvQryPJhLwijImyR83ZXLMbdK
U0T9+SHZLP0y7kDZ7BQh9csWK1/flLQH88ReLp2Y2XpBo/2IKnQMEReDsOLqOSsv
s+U7Bj7/6XA/6NgBjsF9te2P5fCfq3gIdvFVzcLYGpNqgyskr6WUtnuZJRgsRbFv
LTxnAZY0lC8Hp/8Ii0rf21V3pOvJX/tPgfQ+Hn2BBh5sHMqTU+3lxpCJhwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPvPb7FP0i1TdF1Ee8igL/ydA8a3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS04OXZzVV9TTFZOMFhVUjd5S0F2X0owRHhyYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAR85ugME
AB86MjANBgkqhkiG9w0BAQsFAAOCAQEAvJwKyd4Ur90BOK1LCmmfImDaTIKbFGRC
dv/0/oBlNtrhZnPrTqF/v7aWCFMeYvSr/1MH0fbNJRKs7cRmLMhX3yaHxEAH7MTj
kyxIcI9EkUlq0FgbbWUpk1EFQrJj/KAIG4kYHOVgui/prAKBPSlbcIIMLddNMFbP
y19xNQtHx92HIe0Teyilfww4k32naQqnge1bORyB35RB6Kssiqljv0OaRtfIOGCf
bscQ7wDCkDhnUfQ7N1aUAgJLEzFLbf0iqGLZ/lhfFr1qiFL7CVKloHdzZ6eqzhS+
r1hFEI+ZJxjpZFSbbI6Brn0zYdVhyLFti3IzEoEDLoNOhGCI7tzBCw==
-----END CERTIFICATE-----