Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LsYaPG7CMOMToNqneNz01-3e8O4.roa
File:                     LsYaPG7CMOMToNqneNz01-3e8O4.roa (raw, json)
Hash identifier:          L7SRsJOZejkaFtfCh0eTqhQrQwUS0NuQE2JLJQgsMiQ=
Subject key identifier:   2E:C6:1A:3C:6E:C2:30:E3:13:A0:DA:A7:78:DC:F4:D7:ED:DE:F0:EE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019944AF80A39F56FB773716512F9BAC697A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LsYaPG7CMOMToNqneNz01-3e8O4.roa
Signing time:             Sat 13 Sep 2025 20:06:16 +0000
ROA not before:           Sat 13 Sep 2025 20:06:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205536
IP address blocks:        31.58.239.0/24 maxlen: 24
                          217.60.198.0/24 maxlen: 24
                          217.60.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:44:af:80:a3:9f:56:fb:77:37:16:51:2f:9b:ac:69:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 13 20:06:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ec61a3c6ec230e313a0daa778dcf4d7eddef0ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bf:a5:c8:37:e2:dd:7e:a3:1b:f4:4c:66:a7:
                    d8:d4:97:ee:67:9e:2c:af:4d:d6:ab:67:e2:8a:d5:
                    d4:6c:76:06:4d:df:2e:c0:5b:ea:26:3c:47:c3:4e:
                    0a:fe:bc:28:a2:3a:0a:4a:78:78:ec:59:3a:1f:71:
                    20:96:55:e5:65:ef:ee:00:ac:17:0c:fa:e4:7e:ca:
                    5f:e9:d5:c5:25:f5:75:7f:40:b3:8c:e5:87:b4:48:
                    21:df:8b:4f:8b:6e:c9:fa:be:7a:fa:47:84:42:4d:
                    06:a0:77:bd:3a:99:e7:e1:86:e2:29:4d:17:57:05:
                    35:bc:f8:ab:9d:7a:e3:9a:ee:39:77:a9:bb:ed:8f:
                    ae:44:82:37:42:72:3f:46:34:55:ff:03:ee:bb:cd:
                    b5:a8:4a:fe:ee:df:8c:44:01:90:b6:f6:bf:67:c3:
                    c7:fa:69:46:a4:61:17:7f:d0:b6:bb:85:16:70:91:
                    e6:24:4b:b8:d2:bd:43:be:92:e9:94:0b:d0:49:48:
                    b5:18:c1:f2:40:65:4b:13:23:a9:11:fe:cd:f1:f1:
                    67:7d:d0:16:1a:03:a1:ef:0a:1d:7c:6b:4f:47:70:
                    66:b9:c4:b1:50:60:36:38:2d:32:80:b4:21:90:d2:
                    77:84:7c:7d:77:66:b6:aa:88:0b:0f:49:93:f6:74:
                    aa:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C6:1A:3C:6E:C2:30:E3:13:A0:DA:A7:78:DC:F4:D7:ED:DE:F0:EE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LsYaPG7CMOMToNqneNz01-3e8O4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.239.0/24
                  217.60.198.0/24
                  217.60.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:0e:34:7c:ce:8e:84:60:d6:ad:a5:63:a5:93:21:d8:9e:b9:
         f9:d2:27:f4:1e:a4:47:65:2e:c1:96:21:c1:b3:11:04:25:e6:
         ae:44:31:b3:e4:c1:6e:1a:a1:94:44:ba:3f:de:46:77:96:7f:
         63:07:14:8f:8d:53:56:79:e3:9d:b2:47:f1:3e:de:d9:74:c3:
         9a:d4:ca:2a:96:92:2e:42:a5:b9:16:3a:ab:9c:87:a3:d3:2c:
         d4:f8:65:00:82:50:5c:cd:05:2e:2e:9e:63:7b:e2:2b:e7:81:
         5e:c1:9d:95:8f:bb:18:ce:87:5e:35:e0:d4:cf:8c:d9:12:d3:
         9f:8a:24:f3:a2:17:c5:57:d5:86:a6:ab:d4:6b:02:43:45:b0:
         6a:e5:30:49:11:a5:0f:6e:2b:eb:ff:f8:7b:4b:e5:6a:4c:c6:
         d6:84:12:f1:2a:d9:53:b2:f1:9e:1f:1a:f1:f2:cb:24:18:be:
         04:7b:9f:16:55:85:cf:74:6c:85:2e:7b:36:0d:21:d4:14:a4:
         36:af:50:ce:5b:5c:31:ec:9a:1a:73:b9:8d:d4:57:e9:87:7e:
         70:da:5b:bc:36:1a:d7:f7:62:1d:38:c5:85:30:58:b5:5a:f5:
         3e:95:86:37:ef:65:c1:f9:66:f6:a2:f6:fa:2c:c2:08:37:1f:
         ae:b8:36:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlEr4Cjn1b7dzcWUS+brGl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTEzMjAwNjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM2MWEzYzZlYzIzMGUzMTNhMGRhYTc3OGRjZjRkN2VkZGVmMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7+lyDfi3X6jG/RMZqfY1JfuZ54s
r03Wq2fiitXUbHYGTd8uwFvqJjxHw04K/rwoojoKSnh47Fk6H3EgllXlZe/uAKwX
DPrkfspf6dXFJfV1f0CzjOWHtEgh34tPi27J+r56+keEQk0GoHe9Opnn4YbiKU0X
VwU1vPirnXrjmu45d6m77Y+uRII3QnI/RjRV/wPuu821qEr+7t+MRAGQtva/Z8PH
+mlGpGEXf9C2u4UWcJHmJEu40r1DvpLplAvQSUi1GMHyQGVLEyOpEf7N8fFnfdAW
GgOh7wodfGtPR3BmucSxUGA2OC0ygLQhkNJ3hHx9d2a2qogLD0mT9nSqtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC7GGjxuwjDjE6Dap3jc9Nft3vDuMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTHNZYVBHN0NNT01Ub05xbmVOejAxLTNlOE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzrvAwQA
2TzGAwQA2TzwMA0GCSqGSIb3DQEBCwUAA4IBAQBzDjR8zo6EYNatpWOlkyHYnrn5
0if0HqRHZS7BliHBsxEEJeauRDGz5MFuGqGURLo/3kZ3ln9jBxSPjVNWeeOdskfx
Pt7ZdMOa1MoqlpIuQqW5FjqrnIej0yzU+GUAglBczQUuLp5je+Ir54FewZ2Vj7sY
zodeNeDUz4zZEtOfiiTzohfFV9WGpqvUawJDRbBq5TBJEaUPbivr//h7S+VqTMbW
hBLxKtlTsvGeHxrx8sskGL4Ee58WVYXPdGyFLns2DSHUFKQ2r1DOW1wx7Joac7mN
1Ffph35w2lu8NhrX92IdOMWFMFi1WvU+lYY372XB+Wb2ovb6LMIINx+uuDb5
-----END CERTIFICATE-----