Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FMdwZM2D7kZLNbBDemeeU3bFahY.roa
File:                     FMdwZM2D7kZLNbBDemeeU3bFahY.roa (raw, json)
Hash identifier:          JmUSXmBntaXg3tPPs1e/9LNXsbGBA18aOi0jahAs+z0=
Subject key identifier:   14:C7:70:64:CD:83:EE:46:4B:35:B0:43:7A:67:9E:53:76:C5:6A:16
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199332A9B9471DFFA11B3D28A45065AF7C4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FMdwZM2D7kZLNbBDemeeU3bFahY.roa
Signing time:             Wed 10 Sep 2025 10:27:34 +0000
ROA not before:           Wed 10 Sep 2025 10:27:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208765
IP address blocks:        31.56.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:2a:9b:94:71:df:fa:11:b3:d2:8a:45:06:5a:f7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 10 10:27:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c77064cd83ee464b35b0437a679e5376c56a16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fa:a8:a6:3a:99:0d:23:b5:e9:6e:da:2f:d3:
                    e9:06:41:b0:bb:d0:d1:bf:54:49:e2:b0:18:4f:45:
                    5c:10:dc:28:46:4d:5c:5e:d1:72:95:63:5a:a0:29:
                    b8:62:25:98:9a:7b:65:75:db:ef:36:01:3c:e0:1b:
                    41:7e:7f:0f:ec:2d:51:f1:f2:ad:47:fd:a0:3c:0f:
                    49:f8:78:fa:4a:c1:07:45:b6:dc:66:ce:a3:de:92:
                    68:39:df:79:1b:88:e1:9e:db:a2:88:18:87:71:67:
                    f6:f1:d3:91:b1:7a:8b:a7:df:17:a2:98:fd:00:e5:
                    9b:28:c5:cf:08:77:46:78:b3:72:70:38:a8:51:d6:
                    c0:26:32:65:c6:83:85:a5:0b:01:14:ba:ff:dc:d7:
                    23:41:1e:f4:13:d9:a0:ef:0a:a9:a3:77:ed:d1:7f:
                    56:00:73:93:42:d2:57:56:c6:41:fe:b5:42:2c:1e:
                    d6:83:ff:2f:0f:8f:9d:2d:aa:f5:58:75:2b:73:66:
                    88:26:02:69:09:55:17:71:b2:7f:66:c6:ac:33:bc:
                    12:b2:1f:6f:54:ef:f2:65:b2:ab:33:cc:e2:42:70:
                    8b:b7:a5:34:6a:f5:24:42:ba:38:de:3b:6c:30:70:
                    a4:b5:e6:cc:5d:5e:15:81:ff:39:7e:73:1d:47:f5:
                    a4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C7:70:64:CD:83:EE:46:4B:35:B0:43:7A:67:9E:53:76:C5:6A:16
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FMdwZM2D7kZLNbBDemeeU3bFahY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:e6:19:df:1c:ea:0e:33:20:7a:28:1d:4e:fe:97:2c:4d:4e:
         69:9f:3a:a5:26:78:9d:78:22:44:94:ae:e0:71:d5:d0:c4:40:
         2a:60:10:21:43:1b:17:d4:1d:77:03:6f:79:39:56:0a:dd:c5:
         6a:c0:1d:a5:f8:91:3f:1a:d3:96:eb:1e:1c:90:23:57:03:6e:
         22:51:ad:96:46:7a:6a:3c:de:50:bc:6e:32:46:1f:b0:3b:29:
         2c:21:f6:50:66:64:f8:a5:27:2e:5d:d7:3f:7c:66:23:92:0d:
         5a:8b:a5:ce:48:b4:07:5c:c2:b7:5b:83:3e:40:4b:48:2f:92:
         35:92:77:87:2c:2f:db:b2:0c:f2:bb:4b:cd:80:3c:31:42:a1:
         77:b7:24:24:34:bf:38:12:9a:6e:39:49:bb:5d:29:08:8e:80:
         b7:0d:51:3b:81:07:d6:4f:a3:48:a8:8f:12:71:fd:40:92:f2:
         20:2a:5e:a6:93:c0:0c:b2:c8:66:ba:18:4e:4c:6e:b8:c6:68:
         e0:e7:55:e6:5b:ca:f6:de:2b:d6:a4:49:b3:f6:56:bb:00:c6:
         26:a7:a0:ce:1d:ff:ea:f9:dc:4e:65:86:82:02:20:92:2f:16:
         d4:82:45:72:61:64:d1:4c:3c:07:ca:0a:ea:2d:99:f3:97:ba:
         13:0e:99:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkzKpuUcd/6EbPSikUGWvfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTEwMTAyNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM3NzA2NGNkODNlZTQ2NGIzNWIwNDM3YTY3OWU1Mzc2YzU2YTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvqopjqZDSO16W7aL9PpBkGwu9DR
v1RJ4rAYT0VcENwoRk1cXtFylWNaoCm4YiWYmntlddvvNgE84BtBfn8P7C1R8fKt
R/2gPA9J+Hj6SsEHRbbcZs6j3pJoOd95G4jhntuiiBiHcWf28dORsXqLp98Xopj9
AOWbKMXPCHdGeLNycDioUdbAJjJlxoOFpQsBFLr/3NcjQR70E9mg7wqpo3ft0X9W
AHOTQtJXVsZB/rVCLB7Wg/8vD4+dLar1WHUrc2aIJgJpCVUXcbJ/ZsasM7wSsh9v
VO/yZbKrM8ziQnCLt6U0avUkQro43jtsMHCktebMXV4Vgf85fnMdR/WkiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTHcGTNg+5GSzWwQ3pnnlN2xWoWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRk1kd1pNMkQ3a1pMTmJCRGVtZWVVM2JGYWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjsMA0G
CSqGSIb3DQEBCwUAA4IBAQBe5hnfHOoOMyB6KB1O/pcsTU5pnzqlJnideCJElK7g
cdXQxEAqYBAhQxsX1B13A295OVYK3cVqwB2l+JE/GtOW6x4ckCNXA24iUa2WRnpq
PN5QvG4yRh+wOyksIfZQZmT4pScuXdc/fGYjkg1ai6XOSLQHXMK3W4M+QEtIL5I1
kneHLC/bsgzyu0vNgDwxQqF3tyQkNL84EppuOUm7XSkIjoC3DVE7gQfWT6NIqI8S
cf1AkvIgKl6mk8AMsshmuhhOTG64xmjg51XmW8r23ivWpEmz9la7AMYmp6DOHf/q
+dxOZYaCAiCSLxbUgkVyYWTRTDwHygrqLZnzl7oTDpkN
-----END CERTIFICATE-----