Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6xNlPzETpsyn8eKtu7ZeX-0kLc4.roa
File:                     6xNlPzETpsyn8eKtu7ZeX-0kLc4.roa (raw, json)
Hash identifier:          yLQBsQ3xlGwTQGQXYN3ioz0wpY1ochetP7cDashsZlM=
Subject key identifier:   EB:13:65:3F:31:13:A6:CC:A7:F1:E2:AD:BB:B6:5E:5F:ED:24:2D:CE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197317370D41700DC47997EE8C81CE183D4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6xNlPzETpsyn8eKtu7ZeX-0kLc4.roa
Signing time:             Mon 02 Jun 2025 16:22:18 +0000
ROA not before:           Mon 02 Jun 2025 16:22:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58678
IP address blocks:        31.56.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:73:70:d4:17:00:dc:47:99:7e:e8:c8:1c:e1:83:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  2 16:22:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb13653f3113a6cca7f1e2adbbb65e5fed242dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e9:49:89:6f:40:ad:a1:6a:83:b1:43:ea:28:
                    55:e5:16:4b:ee:d1:2a:da:b8:b4:b6:a6:2d:8b:e6:
                    5c:32:38:0f:cd:68:af:b5:1c:4a:aa:d2:ee:6c:11:
                    1a:81:fb:82:95:9e:5a:4d:7f:6f:32:48:ba:ec:cd:
                    69:e5:ef:c6:5f:6b:c6:6c:cb:53:f7:7b:42:d9:1e:
                    20:e7:3a:51:59:1f:0e:82:69:13:cf:66:da:da:3c:
                    7b:48:eb:82:3c:20:c9:8b:98:22:ca:b3:ee:b8:93:
                    5e:a9:c0:19:57:4e:70:3f:1c:dc:85:26:ab:ae:2a:
                    36:46:e0:1e:5d:6f:e0:d3:53:71:44:ae:f8:6b:2b:
                    57:6e:2c:93:13:88:63:a6:29:27:16:19:08:47:f0:
                    66:dc:5c:9e:9a:80:2b:ba:01:b8:ce:96:67:d4:66:
                    4a:56:d6:02:06:5d:e3:6b:8d:79:d0:0b:96:c7:aa:
                    a8:96:ee:28:ce:ea:e0:3b:8d:07:d1:2e:82:9d:a3:
                    90:b7:69:9c:29:f6:44:03:82:4a:3e:be:36:b8:5a:
                    c7:ee:41:b8:db:c2:a1:28:01:25:da:01:f6:6e:a9:
                    c7:11:ea:c4:6c:24:a0:78:27:3e:40:4b:63:83:44:
                    50:00:6b:cb:54:2f:21:a3:f0:72:79:1f:56:73:19:
                    ad:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:13:65:3F:31:13:A6:CC:A7:F1:E2:AD:BB:B6:5E:5F:ED:24:2D:CE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6xNlPzETpsyn8eKtu7ZeX-0kLc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:76:3f:a8:48:ba:b0:1c:17:2f:fa:76:e8:cb:fd:52:65:64:
         b7:75:6e:b7:d3:0f:89:3b:ed:bc:49:a7:9c:eb:08:fa:ba:59:
         56:75:38:e4:db:7e:df:9e:96:1b:b1:ff:ae:cc:a1:95:cf:ad:
         01:bc:0d:b8:0d:85:9f:1a:33:5e:f5:ff:20:ce:38:0b:8c:83:
         f2:ac:18:9b:3a:8c:6b:61:a6:94:c7:bf:e9:75:30:c9:e5:44:
         c6:bd:fb:bb:2c:eb:3a:75:e5:e0:80:7c:86:1e:9a:4a:71:db:
         66:c6:e4:ec:de:5b:87:69:7e:f2:75:0c:97:e5:a9:56:a3:87:
         3c:46:a0:9d:da:ea:32:bf:8e:48:08:1b:29:1b:c5:9d:45:20:
         b6:cd:95:e8:0e:c1:3e:4d:4c:3e:1b:fa:e8:44:02:72:2d:ff:
         0f:57:7e:0d:ae:e7:5e:5c:35:e6:c5:99:a8:83:aa:a5:5a:48:
         d2:8e:de:10:78:71:08:2a:6d:ef:82:bd:48:d8:d0:ce:ba:d7:
         9c:ae:4b:8f:45:92:86:b0:ac:46:02:81:46:1d:25:f0:20:17:
         97:14:e3:aa:17:4c:a9:f2:7a:14:35:4e:b9:35:ed:c5:98:d5:
         a6:f0:f1:20:61:e0:9d:17:e6:a7:a5:8f:a0:82:00:ae:72:39:
         8b:3f:1d:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcxc3DUFwDcR5l+6Mgc4YPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjAyMTYyMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjEzNjUzZjMxMTNhNmNjYTdmMWUyYWRiYmI2NWU1ZmVkMjQyZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOlJiW9AraFqg7FD6ihV5RZL7tEq
2ri0tqYti+ZcMjgPzWivtRxKqtLubBEagfuClZ5aTX9vMki67M1p5e/GX2vGbMtT
93tC2R4g5zpRWR8OgmkTz2ba2jx7SOuCPCDJi5giyrPuuJNeqcAZV05wPxzchSar
rio2RuAeXW/g01NxRK74aytXbiyTE4hjpiknFhkIR/Bm3FyemoArugG4zpZn1GZK
VtYCBl3ja4150AuWx6qolu4ozurgO40H0S6CnaOQt2mcKfZEA4JKPr42uFrH7kG4
28KhKAEl2gH2bqnHEerEbCSgeCc+QEtjg0RQAGvLVC8ho/ByeR9WcxmtOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsTZT8xE6bMp/Hirbu2Xl/tJC3OMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNnhObFB6RVRwc3luOGVLdHU3WmVYLTBrTGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzh6MA0G
CSqGSIb3DQEBCwUAA4IBAQC/dj+oSLqwHBcv+nboy/1SZWS3dW630w+JO+28Saec
6wj6ullWdTjk237fnpYbsf+uzKGVz60BvA24DYWfGjNe9f8gzjgLjIPyrBibOoxr
YaaUx7/pdTDJ5UTGvfu7LOs6deXggHyGHppKcdtmxuTs3luHaX7ydQyX5alWo4c8
RqCd2uoyv45ICBspG8WdRSC2zZXoDsE+TUw+G/roRAJyLf8PV34NrudeXDXmxZmo
g6qlWkjSjt4QeHEIKm3vgr1I2NDOutecrkuPRZKGsKxGAoFGHSXwIBeXFOOqF0yp
8noUNU65Ne3FmNWm8PEgYeCdF+anpY+gggCucjmLPx3n
-----END CERTIFICATE-----