Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DzGgXO-EWK0sREQNtXObBPcrEEk.roa
File:                     DzGgXO-EWK0sREQNtXObBPcrEEk.roa (raw, json)
Hash identifier:          61dZ3N+/VtQNFE72vW5vy5jMeguoWZ+kEs+PCsNJFhs=
Subject key identifier:   0F:31:A0:5C:EF:84:58:AD:2C:44:44:0D:B5:73:9B:04:F7:2B:10:49
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198E655E4442EF0D94A46F8F2EBC46A1026
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DzGgXO-EWK0sREQNtXObBPcrEEk.roa
Signing time:             Tue 26 Aug 2025 12:24:05 +0000
ROA not before:           Tue 26 Aug 2025 12:24:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        31.56.90.0/24 maxlen: 24
                          31.57.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:55:e4:44:2e:f0:d9:4a:46:f8:f2:eb:c4:6a:10:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 26 12:24:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f31a05cef8458ad2c44440db5739b04f72b1049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f7:49:75:e3:3e:0c:65:f3:8c:37:88:f0:c8:
                    ae:4b:a0:94:96:e9:a5:0b:db:a4:d8:37:e0:a0:53:
                    62:9a:12:f5:9e:d5:87:7e:78:9e:d3:ec:38:df:22:
                    b5:5c:3b:23:71:4f:96:db:f1:be:13:ec:e6:33:ee:
                    2e:cf:bd:93:78:f3:cb:8a:f1:b7:06:67:b8:a7:af:
                    62:3c:85:cc:14:0a:58:d2:39:47:7f:fd:0c:b0:fd:
                    6a:36:7f:32:ff:3d:81:7d:9d:4d:c2:c4:60:f5:35:
                    83:8b:ad:0d:84:7f:a5:cb:11:45:e7:e6:34:4f:4a:
                    41:e5:d3:89:e4:07:2c:dc:c0:c1:25:ba:a4:77:24:
                    ac:51:ee:a1:48:47:ce:db:3f:b7:8d:58:4f:56:a9:
                    40:e4:07:75:aa:b9:5e:03:31:3d:58:ad:0a:a8:c0:
                    e3:0f:e5:e8:53:ac:7f:25:bd:d3:4b:53:48:d1:59:
                    d5:67:ac:2c:fc:e5:64:a4:02:55:84:d3:28:f5:01:
                    c3:a9:b7:8e:51:5d:a7:37:77:df:c3:9a:ae:07:e1:
                    9d:9c:8d:cb:12:ea:22:ff:e3:c3:7d:f4:0c:bf:4f:
                    0e:f2:0f:1a:4a:9a:d2:f3:73:2c:a3:3c:ae:82:4d:
                    8a:db:05:bf:a1:b4:2f:56:e4:45:0b:f6:c0:cb:85:
                    5f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:31:A0:5C:EF:84:58:AD:2C:44:44:0D:B5:73:9B:04:F7:2B:10:49
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/DzGgXO-EWK0sREQNtXObBPcrEEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.90.0/24
                  31.57.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:cc:de:21:e9:84:21:2f:9f:ca:76:d1:8d:d7:00:38:60:58:
         65:2d:8b:32:44:cd:5e:1d:d2:f8:c7:1f:d9:84:56:43:26:2e:
         ba:52:c4:20:85:50:ef:b8:25:51:a8:c2:04:d8:73:69:6d:98:
         a0:98:64:88:d0:5a:ff:81:35:9f:11:72:9c:2d:f2:c8:7a:5c:
         48:dd:28:9b:fe:63:c3:e2:99:17:03:ce:fb:f0:cd:3c:9b:05:
         b1:f6:47:52:d5:f4:2e:a2:ce:88:ec:b6:98:19:ed:6f:35:7b:
         40:a2:ae:64:10:99:67:0c:e3:e3:86:27:b9:ef:e3:c4:df:a6:
         35:30:6f:30:a2:4d:3d:0f:b4:7d:72:b0:49:d1:b4:ef:1d:6a:
         a3:56:ff:e3:bf:bd:59:54:e3:22:88:e1:6a:cb:54:2f:25:52:
         68:cf:3c:c4:0d:0b:b3:6b:3c:3b:38:5e:b8:bb:06:7d:89:4c:
         48:2e:f9:6e:88:91:22:78:f1:49:19:82:67:f2:58:d6:8c:9d:
         2f:88:2f:92:2a:a7:2c:c2:46:fb:ad:7e:92:ad:f9:c2:c0:96:
         f3:40:d0:e5:4e:dc:07:7f:11:65:89:d0:e1:70:a7:5a:39:31:
         e2:dd:b0:2b:08:df:07:a5:d0:d3:1a:31:8a:09:bc:f1:88:2d:
         c8:c4:fa:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjmVeRELvDZSkb48uvEahAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODI2MTIyNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjMxYTA1Y2VmODQ1OGFkMmM0NDQ0MGRiNTczOWIwNGY3MmIxMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fdJdeM+DGXzjDeI8MiuS6CUluml
C9uk2DfgoFNimhL1ntWHfnie0+w43yK1XDsjcU+W2/G+E+zmM+4uz72TePPLivG3
Bme4p69iPIXMFApY0jlHf/0MsP1qNn8y/z2BfZ1NwsRg9TWDi60NhH+lyxFF5+Y0
T0pB5dOJ5Acs3MDBJbqkdySsUe6hSEfO2z+3jVhPVqlA5Ad1qrleAzE9WK0KqMDj
D+XoU6x/Jb3TS1NI0VnVZ6ws/OVkpAJVhNMo9QHDqbeOUV2nN3ffw5quB+GdnI3L
Euoi/+PDffQMv08O8g8aSprS83Msozyugk2K2wW/obQvVuRFC/bAy4VfVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA8xoFzvhFitLEREDbVzmwT3KxBJMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRHpHZ1hPLUVXSzBzUkVRTnRYT2JCUGNyRUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhaAwQA
Hzm2MA0GCSqGSIb3DQEBCwUAA4IBAQAhzN4h6YQhL5/KdtGN1wA4YFhlLYsyRM1e
HdL4xx/ZhFZDJi66UsQghVDvuCVRqMIE2HNpbZigmGSI0Fr/gTWfEXKcLfLIelxI
3Sib/mPD4pkXA8778M08mwWx9kdS1fQuos6I7LaYGe1vNXtAoq5kEJlnDOPjhie5
7+PE36Y1MG8wok09D7R9crBJ0bTvHWqjVv/jv71ZVOMiiOFqy1QvJVJozzzEDQuz
azw7OF64uwZ9iUxILvluiJEiePFJGYJn8ljWjJ0viC+SKqcswkb7rX6SrfnCwJbz
QNDlTtwHfxFlidDhcKdaOTHi3bArCN8HpdDTGjGKCbzxiC3IxPqS
-----END CERTIFICATE-----