Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Aa2pLOQzNwg04halPwZ7x80T0YE.roa
File:                     Aa2pLOQzNwg04halPwZ7x80T0YE.roa (raw, json)
Hash identifier:          I6CSE4gVLR0noHGrr6L29grXFRPR34JJ29zuU8cGlWg=
Subject key identifier:   01:AD:A9:2C:E4:33:37:08:34:E2:16:A5:3F:06:7B:C7:CD:13:D1:81
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A83F0F5A0B9C8877B176AD0DDF4BF41E8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Aa2pLOQzNwg04halPwZ7x80T0YE.roa
Signing time:             Fri 14 Nov 2025 19:56:38 +0000
ROA not before:           Fri 14 Nov 2025 19:56:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400810
IP address blocks:        31.56.20.0/23 maxlen: 24
                          31.57.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Nov 2025 15:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:83:f0:f5:a0:b9:c8:87:7b:17:6a:d0:dd:f4:bf:41:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 14 19:56:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01ada92ce433370834e216a53f067bc7cd13d181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4f:83:ae:7d:37:27:82:3e:87:45:2c:d5:a8:
                    fa:62:34:bf:e0:9d:64:71:80:17:22:53:10:bd:14:
                    25:e1:b4:e6:b5:e9:2f:7f:0d:f8:a4:e2:23:1b:fa:
                    cd:56:83:44:d2:44:1f:d4:c2:9b:9b:ff:63:ca:a9:
                    b2:a9:d0:3f:2a:ec:72:07:fc:73:b8:8e:0c:ba:05:
                    3c:ee:ed:0f:40:4b:aa:82:ce:04:30:a9:6e:a4:12:
                    8d:2d:10:55:23:f9:b5:50:b6:0c:99:75:8e:4a:57:
                    fb:3a:50:11:74:74:02:3d:f4:71:c5:f6:74:d9:1c:
                    fb:df:ee:99:b6:ab:56:d4:4c:b0:80:33:c5:ac:e7:
                    4d:f3:d5:ec:4a:2e:67:0a:bc:34:69:df:53:fb:77:
                    78:58:41:44:63:11:8a:b5:a2:f6:3d:d5:19:77:8f:
                    a2:28:91:03:96:53:41:8f:3a:6c:96:d1:be:ff:8e:
                    00:6b:19:a1:fd:25:e8:53:f4:6b:ee:ae:43:36:5e:
                    8f:bf:8d:69:73:8c:f1:a6:de:21:87:a5:5b:27:f2:
                    f4:d4:b4:f7:a8:8e:4d:68:38:b9:24:9a:b1:94:d3:
                    48:89:7d:88:71:75:2e:da:8e:79:00:4b:7c:8c:b7:
                    b8:5c:a3:98:16:30:d5:7f:8c:25:d4:46:bc:17:0c:
                    c5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AD:A9:2C:E4:33:37:08:34:E2:16:A5:3F:06:7B:C7:CD:13:D1:81
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Aa2pLOQzNwg04halPwZ7x80T0YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.20.0/23
                  31.57.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:db:99:05:94:29:6b:c5:f5:5c:d3:0c:3e:83:de:98:43:07:
         52:b7:f7:77:c3:77:4f:77:7c:45:26:97:24:af:35:59:79:03:
         d0:c6:8c:c3:d0:d6:40:93:e2:d0:7d:33:b6:63:8a:00:ab:6e:
         d5:9f:1b:5f:7e:fa:69:d5:85:5f:0d:fa:b8:2f:15:14:bf:23:
         ac:72:24:f3:fb:94:2c:49:5a:b5:0d:55:e0:02:0e:8b:9f:61:
         ae:ff:fd:99:2b:9f:9f:0e:99:ad:05:8c:c4:23:47:c9:02:af:
         55:1f:03:11:dd:57:d3:3f:ff:63:fd:63:52:a0:0b:6a:f6:2d:
         69:84:1c:17:77:b9:ac:18:9a:cc:5a:32:59:de:32:d0:fd:d9:
         a5:20:21:15:a6:dd:52:f4:5c:70:bb:2f:8d:74:18:54:36:1b:
         47:f6:ba:20:5e:ea:64:6c:14:5d:2e:bc:96:4e:00:05:bc:d7:
         ba:af:9d:3a:fd:68:94:d4:63:0a:7b:59:47:5b:f0:3f:3e:53:
         8d:36:31:27:63:1f:72:85:e5:38:54:ce:26:9b:9e:20:af:e0:
         58:d0:2b:20:2d:ba:a9:9f:1a:a2:81:a5:f5:72:01:8b:2a:2d:
         1f:43:be:17:73:05:bb:14:c6:85:d7:f4:f8:32:ff:9b:3e:11:
         78:25:09:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZqD8PWguciHexdq0N30v0HoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTE0MTk1NjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFkYTkyY2U0MzMzNzA4MzRlMjE2YTUzZjA2N2JjN2NkMTNkMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE+Drn03J4I+h0Us1aj6YjS/4J1k
cYAXIlMQvRQl4bTmtekvfw34pOIjG/rNVoNE0kQf1MKbm/9jyqmyqdA/KuxyB/xz
uI4MugU87u0PQEuqgs4EMKlupBKNLRBVI/m1ULYMmXWOSlf7OlARdHQCPfRxxfZ0
2Rz73+6ZtqtW1EywgDPFrOdN89XsSi5nCrw0ad9T+3d4WEFEYxGKtaL2PdUZd4+i
KJEDllNBjzpsltG+/44Aaxmh/SXoU/Rr7q5DNl6Pv41pc4zxpt4hh6VbJ/L01LT3
qI5NaDi5JJqxlNNIiX2IcXUu2o55AEt8jLe4XKOYFjDVf4wl1Ea8FwzFUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAGtqSzkMzcINOIWpT8Ge8fNE9GBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWEycExPUXpOd2cwNGhhbFB3Wjd4ODBUMFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBHzgUAwQA
HzmqMA0GCSqGSIb3DQEBCwUAA4IBAQAR25kFlClrxfVc0ww+g96YQwdSt/d3w3dP
d3xFJpckrzVZeQPQxozD0NZAk+LQfTO2Y4oAq27Vnxtffvpp1YVfDfq4LxUUvyOs
ciTz+5QsSVq1DVXgAg6Ln2Gu//2ZK5+fDpmtBYzEI0fJAq9VHwMR3VfTP/9j/WNS
oAtq9i1phBwXd7msGJrMWjJZ3jLQ/dmlICEVpt1S9Fxwuy+NdBhUNhtH9rogXupk
bBRdLryWTgAFvNe6r506/WiU1GMKe1lHW/A/PlONNjEnYx9yheU4VM4mm54gr+BY
0CsgLbqpnxqigaX1cgGLKi0fQ74XcwW7FMaF1/T4Mv+bPhF4JQkr
-----END CERTIFICATE-----