Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jpz8oatXg0IgL0_ot850_UK9FGM.roa
File:                     Jpz8oatXg0IgL0_ot850_UK9FGM.roa (raw, json)
Hash identifier:          FhEdqRFnMrG+Kwv5qHa6tVZbiM7DC1n5zVde3z+uoyI=
Subject key identifier:   26:9C:FC:A1:AB:57:83:42:20:2F:4F:E8:B7:CE:74:FD:42:BD:14:63
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01972A6FBC63CB642CD5A6286B6C9D72DF61
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jpz8oatXg0IgL0_ot850_UK9FGM.roa
Signing time:             Sun 01 Jun 2025 07:40:55 +0000
ROA not before:           Sun 01 Jun 2025 07:40:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        31.57.225.0/24 maxlen: 24
                          31.58.56.0/23 maxlen: 24
                          31.58.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2a:6f:bc:63:cb:64:2c:d5:a6:28:6b:6c:9d:72:df:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  1 07:40:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=269cfca1ab578342202f4fe8b7ce74fd42bd1463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:eb:c0:24:fa:8c:ff:72:5d:0c:77:3a:a7:bc:
                    c4:9b:33:eb:cb:d5:f1:bd:17:c1:8b:a9:21:5d:f8:
                    9d:b8:db:10:a5:e7:db:73:66:b8:b8:2b:6e:2c:75:
                    99:e8:09:ef:5c:b8:0d:58:e7:cd:7a:c2:64:7f:a3:
                    b9:f0:2d:0a:43:95:bb:19:f8:11:d4:c4:8a:27:a0:
                    c3:83:64:03:9a:4d:fb:47:b1:df:cd:24:75:0e:0d:
                    f6:00:d9:d1:03:d3:a1:a4:13:c7:8a:13:dc:a1:37:
                    6b:87:ff:e6:14:b5:11:ff:2f:66:23:d1:44:42:9b:
                    bc:02:94:05:04:bc:9e:b4:f4:83:3e:5f:88:de:bc:
                    54:af:46:08:a0:d8:3f:02:fe:51:51:ac:58:5e:2b:
                    ef:83:cb:ef:79:83:af:50:a0:ae:79:e5:cd:db:32:
                    3b:6b:ff:84:10:16:57:0f:4c:e1:f4:5d:d0:f0:8c:
                    b3:4b:2c:fe:f8:f3:7b:6e:a4:f6:10:0e:67:0e:f3:
                    dc:d8:b4:ed:cb:98:0d:bf:5b:a9:b3:5a:89:31:4a:
                    b2:10:ce:89:17:d3:d6:11:35:66:cc:a1:67:b2:15:
                    f0:d9:d7:15:c2:3d:6a:27:db:c9:dd:6d:06:b2:15:
                    ef:2c:1e:97:6b:cd:18:70:34:e8:db:d0:74:52:db:
                    8d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9C:FC:A1:AB:57:83:42:20:2F:4F:E8:B7:CE:74:FD:42:BD:14:63
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Jpz8oatXg0IgL0_ot850_UK9FGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.225.0/24
                  31.58.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:6b:0c:3d:af:d4:12:1a:1c:71:41:ff:64:e6:72:8f:1c:14:
         74:b0:5a:95:77:74:e9:5d:3b:60:d4:6e:15:ec:2c:28:60:4b:
         cf:2e:ec:de:7b:80:48:7c:11:a5:be:15:6e:12:56:20:00:5a:
         22:87:26:6a:64:c6:e6:d3:9d:97:f4:ea:ca:84:05:8e:a6:26:
         4c:1e:f9:15:2f:ab:23:5b:c2:e4:ac:10:c1:4b:c9:82:db:72:
         4a:40:92:00:cf:64:ee:4f:02:4a:e3:b0:41:bf:f8:54:70:89:
         83:5d:7d:d1:ab:79:6e:61:d7:6f:97:65:f4:4d:8f:8e:03:fe:
         6e:9e:7d:c1:7d:d6:d2:63:30:43:dc:4f:24:4e:52:b6:e7:be:
         c0:6d:3c:db:be:b1:7f:1c:36:90:8c:ce:35:54:fa:dc:2c:5c:
         e0:9c:18:a7:7a:e2:ea:46:be:67:f1:49:d8:4c:ec:4b:aa:97:
         9c:34:43:f7:da:89:4f:b9:94:a7:c1:40:da:77:a1:8b:65:4f:
         17:b2:d3:08:93:9a:77:71:29:35:2b:be:32:7f:3c:74:ea:61:
         6f:f5:52:c6:cc:c6:71:21:ab:6d:30:47:fc:f4:66:db:65:a5:
         e3:b0:65:3c:c3:19:38:86:3e:99:84:2e:48:70:2b:0a:db:c9:
         65:11:c1:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcqb7xjy2Qs1aYoa2ydct9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjAxMDc0MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjljZmNhMWFiNTc4MzQyMjAyZjRmZThiN2NlNzRmZDQyYmQxNDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+vAJPqM/3JdDHc6p7zEmzPry9Xx
vRfBi6khXfiduNsQpefbc2a4uCtuLHWZ6AnvXLgNWOfNesJkf6O58C0KQ5W7GfgR
1MSKJ6DDg2QDmk37R7HfzSR1Dg32ANnRA9OhpBPHihPcoTdrh//mFLUR/y9mI9FE
Qpu8ApQFBLyetPSDPl+I3rxUr0YIoNg/Av5RUaxYXivvg8vveYOvUKCueeXN2zI7
a/+EEBZXD0zh9F3Q8IyzSyz++PN7bqT2EA5nDvPc2LTty5gNv1ups1qJMUqyEM6J
F9PWETVmzKFnshXw2dcVwj1qJ9vJ3W0GshXvLB6Xa80YcDTo29B0UtuNYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCac/KGrV4NCIC9P6LfOdP1CvRRjMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSnB6OG9hdFhnMElnTDBfb3Q4NTBfVUs5RkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHznhAwQB
Hzo4MA0GCSqGSIb3DQEBCwUAA4IBAQAHaww9r9QSGhxxQf9k5nKPHBR0sFqVd3Tp
XTtg1G4V7CwoYEvPLuzee4BIfBGlvhVuElYgAFoihyZqZMbm052X9OrKhAWOpiZM
HvkVL6sjW8LkrBDBS8mC23JKQJIAz2TuTwJK47BBv/hUcImDXX3Rq3luYddvl2X0
TY+OA/5unn3BfdbSYzBD3E8kTlK2577AbTzbvrF/HDaQjM41VPrcLFzgnBineuLq
Rr5n8UnYTOxLqpecNEP32olPuZSnwUDad6GLZU8XstMIk5p3cSk1K74yfzx06mFv
9VLGzMZxIattMEf89GbbZaXjsGU8wxk4hj6ZhC5IcCsK28llEcE0
-----END CERTIFICATE-----