Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5ZaXNfU4mdunRIfvPBGN6COJANY.roa
File:                     5ZaXNfU4mdunRIfvPBGN6COJANY.roa (raw, json)
Hash identifier:          GOYxCP3AAUjkY3DP9I4k0zvvdQsVJsRdpglnEHmQA50=
Subject key identifier:   E5:96:97:35:F5:38:99:DB:A7:44:87:EF:3C:11:8D:E8:23:89:00:D6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199BE121E70C9C064CB644E3D9E0CD4F1EF
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5ZaXNfU4mdunRIfvPBGN6COJANY.roa
Signing time:             Tue 07 Oct 2025 09:48:02 +0000
ROA not before:           Tue 07 Oct 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        31.58.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 23:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:12:1e:70:c9:c0:64:cb:64:4e:3d:9e:0c:d4:f1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  7 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5969735f53899dba74487ef3c118de8238900d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0e:b4:0c:31:3d:39:ee:4c:2b:a3:1c:2c:28:
                    45:b5:e6:80:51:97:5b:fc:a5:9f:5d:e0:0f:e2:2f:
                    ce:81:8f:af:99:6b:77:4c:0a:3e:3c:62:b2:e8:4c:
                    82:09:29:37:45:58:51:78:5a:68:51:b5:8e:82:eb:
                    ac:b5:05:88:41:99:c7:a7:22:79:75:c0:2e:6e:6d:
                    02:12:e8:e6:e7:60:ac:0c:1d:50:7e:5d:07:c2:08:
                    25:79:9d:14:4c:3b:a4:a7:5e:4d:74:21:46:7a:04:
                    19:2c:23:35:25:6a:ed:c5:2a:54:90:be:bd:2f:50:
                    1f:9a:dc:f9:2b:36:65:1f:af:1b:ee:f8:ac:64:a1:
                    42:b1:c7:b4:92:f6:c6:28:8d:1d:7a:5f:71:79:b3:
                    a9:fd:c3:6e:a2:a6:2f:5a:e7:52:f4:87:d0:3a:c3:
                    f1:7e:20:4c:54:9c:79:29:a8:cc:13:9c:99:83:59:
                    d7:b7:85:c5:01:80:75:36:4f:9c:96:a9:bf:91:86:
                    95:ab:11:61:b2:f4:3c:eb:5a:f8:a7:97:cd:25:4a:
                    22:87:ab:db:3c:37:6a:6b:32:e4:f6:2c:46:ae:0b:
                    5c:24:ba:5a:78:42:af:25:d2:3f:2d:54:f9:be:ed:
                    cc:1d:24:6b:fe:fb:3a:4d:37:48:0e:d1:88:a1:40:
                    2e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:96:97:35:F5:38:99:DB:A7:44:87:EF:3C:11:8D:E8:23:89:00:D6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5ZaXNfU4mdunRIfvPBGN6COJANY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a4:31:35:69:45:c8:2f:93:63:76:55:4e:b9:71:7c:e2:e9:
         48:71:c7:ad:f4:57:18:98:1a:27:b0:bc:ad:50:bf:ae:84:c3:
         32:04:d6:c9:b6:c6:6c:b8:02:84:a0:13:d2:e6:be:ca:dd:37:
         8f:99:a6:8b:4f:b9:de:6c:c4:91:84:c2:a9:8d:82:76:0b:b4:
         b4:45:c2:a3:9c:a7:a4:10:2d:a7:ee:f0:b7:5f:a5:f0:0f:ec:
         52:d1:a7:ca:fa:68:f8:a7:ac:9e:36:ee:7a:87:46:c7:e9:b9:
         3a:78:6b:69:b4:ce:25:41:1f:5c:d7:a9:0b:50:8c:78:4f:44:
         ec:76:d8:26:ec:2a:76:d1:c3:28:ed:ae:5f:98:4b:10:a8:30:
         5c:61:78:8a:52:04:77:5d:42:17:10:49:58:d9:c1:77:a6:1b:
         51:66:60:28:8e:d5:61:8b:2b:ea:8a:18:0a:45:60:10:5c:27:
         3c:82:35:22:8d:3d:71:ab:78:e4:93:0f:54:29:18:c9:5f:85:
         f1:60:d9:9d:1d:21:b1:be:ed:08:d2:3a:28:a3:4a:15:d6:70:
         a6:13:d2:32:8e:2f:6d:56:bb:49:0d:38:62:e9:28:f5:12:b5:
         9f:58:4f:9e:ea:0c:1f:a3:2b:ee:65:e0:f3:fa:5d:09:76:bf:
         6e:64:01:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm+Eh5wycBky2ROPZ4M1PHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDA3MDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTk2OTczNWY1Mzg5OWRiYTc0NDg3ZWYzYzExOGRlODIzODkwMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5g60DDE9Oe5MK6McLChFteaAUZdb
/KWfXeAP4i/OgY+vmWt3TAo+PGKy6EyCCSk3RVhReFpoUbWOguustQWIQZnHpyJ5
dcAubm0CEujm52CsDB1Qfl0HwggleZ0UTDukp15NdCFGegQZLCM1JWrtxSpUkL69
L1Afmtz5KzZlH68b7visZKFCsce0kvbGKI0del9xebOp/cNuoqYvWudS9IfQOsPx
fiBMVJx5KajME5yZg1nXt4XFAYB1Nk+clqm/kYaVqxFhsvQ861r4p5fNJUoih6vb
PDdqazLk9ixGrgtcJLpaeEKvJdI/LVT5vu3MHSRr/vs6TTdIDtGIoUAurwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWWlzX1OJnbp0SH7zwRjegjiQDWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNVphWE5mVTRtZHVuUklmdlBCR042Q09KQU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzo2MA0G
CSqGSIb3DQEBCwUAA4IBAQBppDE1aUXIL5NjdlVOuXF84ulIccet9FcYmBonsLyt
UL+uhMMyBNbJtsZsuAKEoBPS5r7K3TePmaaLT7nebMSRhMKpjYJ2C7S0RcKjnKek
EC2n7vC3X6XwD+xS0afK+mj4p6yeNu56h0bH6bk6eGtptM4lQR9c16kLUIx4T0Ts
dtgm7Cp20cMo7a5fmEsQqDBcYXiKUgR3XUIXEElY2cF3phtRZmAojtVhiyvqihgK
RWAQXCc8gjUijT1xq3jkkw9UKRjJX4XxYNmdHSGxvu0I0jooo0oV1nCmE9Iyji9t
VrtJDThi6Sj1ErWfWE+e6gwfoyvuZeDz+l0Jdr9uZAEI
-----END CERTIFICATE-----