Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDioV5GQmyg_oanRZxwvQdUTj-0.roa
File:                     CDioV5GQmyg_oanRZxwvQdUTj-0.roa (raw, json)
Hash identifier:          0+Z+lzIibi6LvfSPxchveEOEyAYBuT9EjXtlOwNlBNo=
Subject key identifier:   08:38:A8:57:91:90:9B:28:3F:A1:A9:D1:67:1C:2F:41:D5:13:8F:ED
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196E9EC3CE847978A6D8210630BBC3A1BCC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDioV5GQmyg_oanRZxwvQdUTj-0.roa
Signing time:             Mon 19 May 2025 19:01:35 +0000
ROA not before:           Mon 19 May 2025 19:01:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        31.57.171.0/24 maxlen: 24
                          31.57.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:ec:3c:e8:47:97:8a:6d:82:10:63:0b:bc:3a:1b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 19 19:01:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0838a85791909b283fa1a9d1671c2f41d5138fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3b:87:24:fd:2b:8e:53:8b:35:b7:b0:c0:73:
                    b1:b4:7a:b0:d9:ca:a9:76:99:8d:39:0f:a8:95:54:
                    d3:46:51:d4:9a:d7:6e:29:7f:f8:d1:7b:42:b9:c1:
                    bf:37:ce:1b:a8:1d:c5:83:83:8d:14:6f:06:35:b7:
                    1a:d6:5b:16:0b:ee:a7:b9:71:ea:ad:3d:36:c0:3b:
                    32:d6:05:70:b5:47:6e:10:70:56:20:70:d5:38:ed:
                    0e:b2:fd:2d:8c:49:be:41:23:4e:f0:23:4f:39:a8:
                    16:fc:ec:e2:30:f8:29:e0:12:16:f1:a8:d1:d7:8b:
                    84:3e:80:d5:b6:48:fb:9c:d3:2a:3e:ec:23:8f:6a:
                    de:a2:9b:bb:75:df:52:a8:81:fa:1f:26:1c:c2:91:
                    69:c8:d2:58:98:49:2b:fe:6a:c5:6e:33:aa:ca:d4:
                    32:7c:39:d2:3d:30:6b:56:f1:a3:1e:df:76:f9:a8:
                    b7:66:96:e9:a2:75:a4:78:3e:23:fb:e1:62:a0:9d:
                    27:4e:fe:d1:dc:4f:d1:d4:5f:03:41:25:6b:3f:e8:
                    91:92:b2:92:d2:94:0e:50:a7:98:3e:c2:85:dc:62:
                    a1:e1:b0:f7:cc:36:45:bf:aa:23:7d:fa:8e:3d:02:
                    22:82:74:0f:7a:2a:55:f6:0b:01:ff:4d:09:b2:0b:
                    5c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:38:A8:57:91:90:9B:28:3F:A1:A9:D1:67:1C:2F:41:D5:13:8F:ED
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CDioV5GQmyg_oanRZxwvQdUTj-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.171.0/24
                  31.57.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:a1:53:45:10:e6:41:d3:e3:c9:3c:4c:aa:bc:f7:9b:60:6b:
         7c:32:85:27:38:d9:26:31:55:57:f0:fb:62:9c:d7:f0:24:ad:
         0c:c9:00:57:66:39:06:66:d5:e5:6c:20:39:c7:89:48:ee:a2:
         a7:26:6f:92:21:1c:ea:54:dd:18:58:11:79:09:54:84:dc:d8:
         32:1a:d3:28:f4:21:ae:ec:38:d8:a9:f9:1f:f5:d8:97:6e:df:
         70:8f:e0:3b:5e:61:e9:dd:27:01:a4:c6:22:d3:f0:fe:5c:54:
         81:c9:b0:73:ff:ae:ea:0f:6b:a7:5b:15:0d:c4:db:4e:d0:4f:
         39:73:e4:75:ae:24:ba:47:45:cf:66:05:ce:c2:ca:ba:66:7e:
         0c:c3:3e:8e:ad:28:18:8e:5c:0d:87:48:56:5e:67:6a:ed:46:
         51:fd:c9:f9:6b:cd:0d:51:44:ae:57:50:a3:bf:ce:e1:14:94:
         5b:7f:51:83:ee:c5:fa:1d:a1:0d:4e:ca:bd:a3:d8:bb:ec:3a:
         af:34:e8:37:6a:0b:4b:11:f7:7d:17:0b:aa:30:44:86:b1:82:
         66:f7:d1:92:04:12:87:e5:ce:91:80:5f:17:c6:22:4f:ca:ec:
         15:2b:e3:13:47:f0:34:44:e9:b2:54:85:d5:59:5f:4c:e7:83:
         cc:50:d9:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbp7DzoR5eKbYIQYwu8OhvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTE5MTkwMTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM4YTg1NzkxOTA5YjI4M2ZhMWE5ZDE2NzFjMmY0MWQ1MTM4ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDuHJP0rjlOLNbewwHOxtHqw2cqp
dpmNOQ+olVTTRlHUmtduKX/40XtCucG/N84bqB3Fg4ONFG8GNbca1lsWC+6nuXHq
rT02wDsy1gVwtUduEHBWIHDVOO0Osv0tjEm+QSNO8CNPOagW/OziMPgp4BIW8ajR
14uEPoDVtkj7nNMqPuwjj2reopu7dd9SqIH6HyYcwpFpyNJYmEkr/mrFbjOqytQy
fDnSPTBrVvGjHt92+ai3ZpbponWkeD4j++FioJ0nTv7R3E/R1F8DQSVrP+iRkrKS
0pQOUKeYPsKF3GKh4bD3zDZFv6ojffqOPQIignQPeipV9gsB/00JsgtcqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAg4qFeRkJsoP6Gp0WccL0HVE4/tMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0Rpb1Y1R1FteWdfb2FuUlp4d3ZRZFVUai0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmrAwQB
HzneMA0GCSqGSIb3DQEBCwUAA4IBAQC0oVNFEOZB0+PJPEyqvPebYGt8MoUnONkm
MVVX8PtinNfwJK0MyQBXZjkGZtXlbCA5x4lI7qKnJm+SIRzqVN0YWBF5CVSE3Ngy
GtMo9CGu7DjYqfkf9diXbt9wj+A7XmHp3ScBpMYi0/D+XFSBybBz/67qD2unWxUN
xNtO0E85c+R1riS6R0XPZgXOwsq6Zn4Mwz6OrSgYjlwNh0hWXmdq7UZR/cn5a80N
UUSuV1Cjv87hFJRbf1GD7sX6HaENTsq9o9i77DqvNOg3agtLEfd9FwuqMESGsYJm
99GSBBKH5c6RgF8XxiJPyuwVK+MTR/A0ROmyVIXVWV9M54PMUNnW
-----END CERTIFICATE-----