Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DKxfsBLKKDO66YAQqByRhNYQJjs.roa
File:                     DKxfsBLKKDO66YAQqByRhNYQJjs.roa (raw, json)
Hash identifier:          7286eE4SdVNhjKMeXDCkVqUQK37yY2dg6x337xYvT50=
Subject key identifier:   0C:AC:5F:B0:12:CA:28:33:BA:E9:80:10:A8:1C:91:84:D6:10:26:3B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196EE94CAB237A9C6EA17E2FB878DCEE401
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DKxfsBLKKDO66YAQqByRhNYQJjs.roa
Signing time:             Tue 20 May 2025 16:44:10 +0000
ROA not before:           Tue 20 May 2025 16:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39521
IP address blocks:        31.57.14.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:94:ca:b2:37:a9:c6:ea:17:e2:fb:87:8d:ce:e4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 20 16:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cac5fb012ca2833bae98010a81c9184d610263b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e9:ac:1f:98:43:7f:8f:2b:42:ef:62:6f:14:
                    a1:a2:7f:79:98:ed:ee:81:1f:4e:c9:fa:7f:f7:7e:
                    d7:20:87:38:76:97:e8:a1:c0:92:05:17:43:41:02:
                    24:8b:0b:e6:57:7e:b4:6c:f1:2a:c2:fc:78:4d:5d:
                    94:e5:85:2a:18:4a:7c:1e:d6:17:42:10:4c:b4:33:
                    f1:3e:18:81:41:9e:61:4c:95:61:69:cb:f1:59:46:
                    98:2b:ac:28:7b:c0:40:13:34:94:f1:1c:b3:63:e0:
                    ba:97:11:82:f7:26:c2:06:87:2e:2f:11:0b:65:94:
                    fe:b3:51:30:e3:80:cd:21:76:ae:f9:95:b7:24:fc:
                    36:68:12:65:33:c4:a7:f6:82:65:be:9f:d3:13:4c:
                    85:91:a9:0b:48:b6:16:51:91:18:98:c1:26:de:0d:
                    8b:ca:60:6c:fc:e7:e9:49:bf:82:d1:04:c2:dc:c8:
                    cd:6e:76:10:00:c8:e2:2f:e6:23:ae:9f:6d:aa:c5:
                    0f:08:cf:01:f7:79:f8:dc:e8:bf:bb:1c:d4:7b:e7:
                    e3:5d:db:6f:c3:76:c8:91:59:0d:48:fe:c4:5b:0a:
                    13:6c:21:65:c4:75:f4:df:07:c1:a7:80:0a:07:db:
                    c8:65:f8:f2:9f:bf:7d:0f:cd:5b:21:b9:b1:7c:97:
                    da:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AC:5F:B0:12:CA:28:33:BA:E9:80:10:A8:1C:91:84:D6:10:26:3B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DKxfsBLKKDO66YAQqByRhNYQJjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:3f:ab:11:7d:ab:52:98:ed:0d:81:d2:ac:0f:ba:42:6a:43:
         e4:13:48:d8:ae:6a:94:56:0e:1b:35:2f:89:59:a7:ad:77:1c:
         b2:cf:25:73:30:07:b4:15:89:10:f9:70:fc:6b:d4:ce:a4:2b:
         21:53:07:ef:5e:46:e9:ef:c0:e2:10:9f:02:02:3e:33:62:04:
         97:33:70:11:cb:f3:56:60:0f:d8:3c:60:61:be:4d:f5:60:a2:
         22:39:ea:e3:e2:07:e0:93:30:28:5d:c8:9b:eb:47:26:82:e4:
         0d:3f:c2:00:11:58:7b:35:90:6a:0e:59:d6:15:73:9d:aa:6d:
         56:61:0e:d9:16:02:3f:79:5b:87:03:a7:fa:b2:fe:0f:6a:20:
         0a:18:ac:4e:10:d5:0d:f5:a3:57:ce:0f:23:ea:90:e8:6f:04:
         15:4f:a1:d7:62:55:7e:3e:c2:b8:c4:23:bc:7a:a3:18:e0:f2:
         9e:b0:dc:f3:e2:21:d8:c4:f3:bb:30:37:e6:db:36:18:11:dd:
         aa:f1:ae:86:a6:e0:33:17:c8:80:5a:b0:e7:99:75:b9:72:85:
         aa:c2:4b:7b:97:2f:ee:34:72:7b:a3:79:80:1e:69:ff:0c:11:
         d2:5e:6e:0a:1e:4c:0f:78:c2:fc:b2:bd:f3:92:88:62:2a:57:
         2e:60:2a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbulMqyN6nG6hfi+4eNzuQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTIwMTY0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FjNWZiMDEyY2EyODMzYmFlOTgwMTBhODFjOTE4NGQ2MTAyNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+msH5hDf48rQu9ibxShon95mO3u
gR9Oyfp/937XIIc4dpfoocCSBRdDQQIkiwvmV360bPEqwvx4TV2U5YUqGEp8HtYX
QhBMtDPxPhiBQZ5hTJVhacvxWUaYK6woe8BAEzSU8RyzY+C6lxGC9ybCBocuLxEL
ZZT+s1Ew44DNIXau+ZW3JPw2aBJlM8Sn9oJlvp/TE0yFkakLSLYWUZEYmMEm3g2L
ymBs/OfpSb+C0QTC3MjNbnYQAMjiL+Yjrp9tqsUPCM8B93n43Oi/uxzUe+fjXdtv
w3bIkVkNSP7EWwoTbCFlxHX03wfBp4AKB9vIZfjyn799D81bIbmxfJfasQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAysX7ASyigzuumAEKgckYTWECY7MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvREt4ZnNCTEtLRE82NllBUXFCeVJoTllRSmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzkOMA0G
CSqGSIb3DQEBCwUAA4IBAQBPP6sRfatSmO0NgdKsD7pCakPkE0jYrmqUVg4bNS+J
WaetdxyyzyVzMAe0FYkQ+XD8a9TOpCshUwfvXkbp78DiEJ8CAj4zYgSXM3ARy/NW
YA/YPGBhvk31YKIiOerj4gfgkzAoXcib60cmguQNP8IAEVh7NZBqDlnWFXOdqm1W
YQ7ZFgI/eVuHA6f6sv4PaiAKGKxOENUN9aNXzg8j6pDobwQVT6HXYlV+PsK4xCO8
eqMY4PKesNzz4iHYxPO7MDfm2zYYEd2q8a6GpuAzF8iAWrDnmXW5coWqwkt7ly/u
NHJ7o3mAHmn/DBHSXm4KHkwPeML8sr3zkohiKlcuYCrI
-----END CERTIFICATE-----