Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8aNRWp3vb-3ThGKwCXtAF58YhoU.roa
File:                     8aNRWp3vb-3ThGKwCXtAF58YhoU.roa (raw, json)
Hash identifier:          /UuN/z4Ez6N2p1yjIf7VK6eT4q/TOXDmex8iqMj1HuQ=
Subject key identifier:   F1:A3:51:5A:9D:EF:6F:ED:D3:84:62:B0:09:7B:40:17:9F:18:86:85
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A5DA83CAF51A1300D4B08A6F982204DB5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8aNRWp3vb-3ThGKwCXtAF58YhoU.roa
Signing time:             Fri 07 Nov 2025 09:31:37 +0000
ROA not before:           Fri 07 Nov 2025 09:31:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152586
IP address blocks:        31.59.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Nov 2025 15:11:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5d:a8:3c:af:51:a1:30:0d:4b:08:a6:f9:82:20:4d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  7 09:31:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1a3515a9def6fedd38462b0097b40179f188685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:66:f0:31:02:eb:a3:d5:d1:fe:81:84:2a:f3:
                    68:d6:44:b7:58:e1:dc:44:ae:33:22:fb:b2:b7:f9:
                    69:dd:36:92:a2:f4:ea:15:6f:8e:ab:27:a1:ff:5f:
                    d5:f1:d4:3a:b1:11:28:80:b4:9f:f0:06:3b:dd:59:
                    33:08:39:12:70:be:fa:cc:39:40:36:9e:72:71:72:
                    76:1c:f6:29:bc:a1:77:d9:23:c5:f1:7a:57:e3:ca:
                    da:0d:62:f9:73:ba:8c:46:32:6a:2e:43:3c:77:56:
                    72:8d:b5:3c:86:c6:3b:42:08:0c:ec:40:0a:7d:9b:
                    81:c9:09:9f:8e:52:21:d1:98:5c:44:8c:ca:82:f6:
                    46:ca:7b:8f:30:f5:3f:98:8a:c4:87:cc:5b:a6:ce:
                    bf:30:39:8b:35:99:b4:3d:81:d1:78:90:6e:86:cb:
                    aa:4e:b4:0f:94:fa:17:52:b8:30:07:06:12:e9:82:
                    3f:66:7e:91:78:ef:dd:4d:71:52:38:80:d8:33:85:
                    8d:34:0d:e7:a0:f3:e2:23:e3:bb:c8:d5:46:d9:20:
                    77:65:01:e8:fd:b1:db:b5:82:84:f3:15:d0:3a:31:
                    b9:ea:40:21:9c:d0:d4:8c:c1:77:0a:d5:4e:12:dc:
                    31:0f:cf:d6:eb:b3:fb:64:05:37:c9:bd:84:f6:69:
                    38:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A3:51:5A:9D:EF:6F:ED:D3:84:62:B0:09:7B:40:17:9F:18:86:85
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8aNRWp3vb-3ThGKwCXtAF58YhoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:83:ca:8a:17:f4:55:eb:cb:2d:e3:53:f8:7f:62:6d:ca:c2:
         5f:64:a0:b0:09:90:96:0f:e0:65:70:62:58:fb:8e:83:c6:3c:
         ff:54:81:4e:89:05:3d:92:ad:a4:c4:56:41:4b:15:64:0b:c9:
         db:01:08:44:65:21:30:fe:9b:0e:d6:ed:df:fe:46:ea:ee:6f:
         e3:c4:3c:52:88:5c:4e:0d:10:dd:e0:d5:93:5e:91:dd:f1:a5:
         1e:95:22:0e:91:f9:f8:a1:2d:c4:37:e8:5d:38:e7:3c:66:ed:
         d7:a2:d8:e7:bb:80:54:d4:e8:0f:25:de:7b:fb:cf:39:89:ab:
         6c:f1:b7:13:58:d1:3c:a3:17:8a:69:1e:87:86:1c:52:27:7a:
         7a:03:bd:12:88:82:dc:7e:5d:52:bd:a8:95:df:a2:d5:5a:af:
         39:ad:fe:d4:db:98:56:84:ba:5e:11:26:44:bb:80:cc:74:9e:
         89:ea:63:55:2b:43:c7:83:6f:67:42:6a:9e:18:95:cf:44:20:
         40:5a:c4:bf:88:d0:17:41:72:ac:eb:39:88:db:b9:0d:df:7c:
         90:f6:1d:b1:c5:40:63:f4:60:78:56:f4:78:87:70:a8:f6:60:
         7a:c9:f3:c6:ba:55:d5:17:73:0f:25:67:d5:f6:a1:68:f5:c3:
         7b:c9:58:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpdqDyvUaEwDUsIpvmCIE21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTA3MDkzMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWEzNTE1YTlkZWY2ZmVkZDM4NDYyYjAwOTdiNDAxNzlmMTg4Njg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2bwMQLro9XR/oGEKvNo1kS3WOHc
RK4zIvuyt/lp3TaSovTqFW+Oqyeh/1/V8dQ6sREogLSf8AY73VkzCDkScL76zDlA
Np5ycXJ2HPYpvKF32SPF8XpX48raDWL5c7qMRjJqLkM8d1ZyjbU8hsY7QggM7EAK
fZuByQmfjlIh0ZhcRIzKgvZGynuPMPU/mIrEh8xbps6/MDmLNZm0PYHReJBuhsuq
TrQPlPoXUrgwBwYS6YI/Zn6ReO/dTXFSOIDYM4WNNA3noPPiI+O7yNVG2SB3ZQHo
/bHbtYKE8xXQOjG56kAhnNDUjMF3CtVOEtwxD8/W67P7ZAU3yb2E9mk4RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGjUVqd72/t04RisAl7QBefGIaFMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOGFOUldwM3ZiLTNUaEdLd0NYdEFGNThZaG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzt2MA0G
CSqGSIb3DQEBCwUAA4IBAQBjg8qKF/RV68st41P4f2JtysJfZKCwCZCWD+BlcGJY
+46Dxjz/VIFOiQU9kq2kxFZBSxVkC8nbAQhEZSEw/psO1u3f/kbq7m/jxDxSiFxO
DRDd4NWTXpHd8aUelSIOkfn4oS3EN+hdOOc8Zu3Xotjnu4BU1OgPJd57+885iats
8bcTWNE8oxeKaR6HhhxSJ3p6A70SiILcfl1SvaiV36LVWq85rf7U25hWhLpeESZE
u4DMdJ6J6mNVK0PHg29nQmqeGJXPRCBAWsS/iNAXQXKs6zmI27kN33yQ9h2xxUBj
9GB4VvR4h3Co9mB6yfPGulXVF3MPJWfV9qFo9cN7yVht
-----END CERTIFICATE-----