Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8rGlSRd2zfiIXrSt66LOWHLCBmA.roa
File:                     8rGlSRd2zfiIXrSt66LOWHLCBmA.roa (raw, json)
Hash identifier:          fNduSz5iih26OWmiqf1GyLRFfEMDCNoeNVJLf9v4SY4=
Subject key identifier:   F2:B1:A5:49:17:76:CD:F8:88:5E:B4:AD:EB:A2:CE:58:72:C2:06:60
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A81407ADBA9ACFFD3BBFDE49EF9B2678E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8rGlSRd2zfiIXrSt66LOWHLCBmA.roa
Signing time:             Fri 14 Nov 2025 07:24:37 +0000
ROA not before:           Fri 14 Nov 2025 07:24:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210464
IP address blocks:        31.57.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Nov 2025 15:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:81:40:7a:db:a9:ac:ff:d3:bb:fd:e4:9e:f9:b2:67:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 14 07:24:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2b1a5491776cdf8885eb4adeba2ce5872c20660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:12:1c:2c:ec:69:c7:3f:99:28:27:94:9f:28:
                    d0:e8:ae:f6:72:27:6f:96:41:bd:b9:67:e8:5c:35:
                    b4:f2:31:0a:1a:41:a0:89:71:58:93:76:38:eb:81:
                    ee:c6:e1:c0:08:57:97:d9:17:1e:e8:06:41:f6:9a:
                    06:34:0c:43:4a:bd:da:12:7c:c0:b7:a9:2c:59:90:
                    d7:a1:1f:45:ae:5e:ce:83:77:41:9e:9b:f7:59:c0:
                    de:a3:cd:79:25:86:2b:fd:9f:84:72:fb:90:50:f4:
                    6b:f8:b0:87:50:06:df:3f:57:e0:1f:70:1a:49:6e:
                    57:70:ec:3b:5b:4e:5a:98:67:14:20:af:68:c7:39:
                    3c:f9:22:4f:71:f2:60:56:7a:15:d6:03:26:e5:e8:
                    ac:56:f6:21:39:e7:f3:e1:b3:fe:64:a6:b9:f9:1b:
                    f4:bb:ac:6f:bb:0c:a9:a6:53:e5:6c:78:93:43:cb:
                    97:6a:ee:65:04:d9:04:49:53:87:44:b0:7b:15:e9:
                    ce:50:33:e5:9f:fe:ee:8d:3b:4f:df:33:29:d0:8a:
                    e8:de:35:c3:6e:18:9e:cc:23:b0:c7:f8:3d:08:f4:
                    9f:c6:5f:3b:6b:dc:c5:73:4c:fc:02:34:08:10:62:
                    2c:97:e8:52:a2:41:14:7e:60:7e:d4:74:56:00:0a:
                    c5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B1:A5:49:17:76:CD:F8:88:5E:B4:AD:EB:A2:CE:58:72:C2:06:60
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8rGlSRd2zfiIXrSt66LOWHLCBmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:57:7b:31:e7:e9:cc:3d:b2:c4:11:8f:93:62:d7:e8:89:0e:
         ce:05:12:4f:2b:ce:a9:7f:5d:c1:f4:35:2a:df:de:b8:21:90:
         3d:50:b6:cd:d0:2b:01:5a:56:60:35:14:5b:46:58:0a:53:78:
         db:82:3d:4f:f0:33:65:15:20:96:59:90:36:47:de:fe:ea:88:
         c4:7c:65:94:0d:75:72:aa:b8:6b:e6:24:75:50:20:8d:5f:49:
         b1:4a:07:9e:93:7a:e4:58:07:dc:8c:51:85:c8:62:0c:df:5b:
         70:fe:02:d1:7c:7d:ab:f2:ea:27:88:d6:6e:3f:94:a0:44:92:
         3f:3d:9a:d2:3d:41:3f:32:35:78:62:9e:bc:30:38:c9:09:1b:
         12:4b:64:e9:bd:86:5c:66:6e:c3:ed:0a:f2:f2:8b:bf:90:9c:
         96:9e:3e:d8:48:d5:84:bb:63:a6:c5:3d:6c:fa:4c:3f:da:c6:
         d2:09:b5:27:a2:eb:c7:6d:04:71:e6:00:f1:85:c9:22:9c:cd:
         62:83:33:e9:f8:29:28:ec:0e:1f:83:94:59:c4:bc:ef:b4:ef:
         67:68:48:44:ec:1f:85:22:c0:03:e7:e1:5f:23:9b:34:b2:b1:
         e6:d2:b3:16:bc:87:58:5b:08:79:b3:85:d2:3c:11:34:bc:27:
         08:f7:7c:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqBQHrbqaz/07v95J75smeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTE0MDcyNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIxYTU0OTE3NzZjZGY4ODg1ZWI0YWRlYmEyY2U1ODcyYzIwNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhIcLOxpxz+ZKCeUnyjQ6K72cidv
lkG9uWfoXDW08jEKGkGgiXFYk3Y464HuxuHACFeX2Rce6AZB9poGNAxDSr3aEnzA
t6ksWZDXoR9Frl7Og3dBnpv3WcDeo815JYYr/Z+EcvuQUPRr+LCHUAbfP1fgH3Aa
SW5XcOw7W05amGcUIK9oxzk8+SJPcfJgVnoV1gMm5eisVvYhOefz4bP+ZKa5+Rv0
u6xvuwypplPlbHiTQ8uXau5lBNkESVOHRLB7FenOUDPln/7ujTtP3zMp0Iro3jXD
bhiezCOwx/g9CPSfxl87a9zFc0z8AjQIEGIsl+hSokEUfmB+1HRWAArFbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKxpUkXds34iF60reuizlhywgZgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOHJHbFNSZDJ6ZmlJWHJTdDY2TE9XSExDQm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzk4MA0G
CSqGSIb3DQEBCwUAA4IBAQC0V3sx5+nMPbLEEY+TYtfoiQ7OBRJPK86pf13B9DUq
3964IZA9ULbN0CsBWlZgNRRbRlgKU3jbgj1P8DNlFSCWWZA2R97+6ojEfGWUDXVy
qrhr5iR1UCCNX0mxSgeek3rkWAfcjFGFyGIM31tw/gLRfH2r8uoniNZuP5SgRJI/
PZrSPUE/MjV4Yp68MDjJCRsSS2TpvYZcZm7D7Qry8ou/kJyWnj7YSNWEu2OmxT1s
+kw/2sbSCbUnouvHbQRx5gDxhckinM1igzPp+Cko7A4fg5RZxLzvtO9naEhE7B+F
IsAD5+FfI5s0srHm0rMWvIdYWwh5s4XSPBE0vCcI93wJ
-----END CERTIFICATE-----