Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MJezDrOXN_AelrbJUgOxes0y1cQ.roa
File:                     MJezDrOXN_AelrbJUgOxes0y1cQ.roa (raw, json)
Hash identifier:          hMzX6cmTurBzcee7Jo4Izg9ZDZ90BqWSybyFuDXYQ9k=
Subject key identifier:   30:97:B3:0E:B3:97:37:F0:1E:96:B6:C9:52:03:B1:7A:CD:32:D5:C4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019922FF5F3412FB45B30D45A3C3F4ADA2BC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MJezDrOXN_AelrbJUgOxes0y1cQ.roa
Signing time:             Sun 07 Sep 2025 07:06:25 +0000
ROA not before:           Sun 07 Sep 2025 07:06:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        31.57.186.0/24 maxlen: 24
                          31.59.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:22:ff:5f:34:12:fb:45:b3:0d:45:a3:c3:f4:ad:a2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  7 07:06:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3097b30eb39737f01e96b6c95203b17acd32d5c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9d:5c:2a:c0:55:44:1b:55:a1:ab:5c:32:45:
                    10:42:aa:58:55:f8:c7:03:bd:db:a7:3e:6c:69:4b:
                    9a:3d:94:f7:37:08:a3:fb:07:95:f0:e8:21:f9:a1:
                    a1:13:54:b5:bb:1c:bd:f2:71:8f:b5:a2:f8:77:4d:
                    28:a2:fa:4a:87:05:3b:46:de:7d:9a:74:93:19:32:
                    4c:a7:24:b9:5c:25:77:1b:06:c2:36:0f:a2:62:c0:
                    ae:e1:d5:e1:b9:30:0b:ac:16:81:01:e6:18:e7:80:
                    d0:22:1e:f8:40:ea:af:d0:2f:1f:b6:79:02:c3:76:
                    64:2b:f8:f1:7a:32:7e:a1:b3:4a:2a:3e:8f:78:7e:
                    52:80:d8:04:0c:46:69:88:51:0e:2a:3e:bd:e3:fe:
                    39:d3:63:38:c3:db:ed:32:f5:68:35:9b:8b:6a:64:
                    d2:58:9d:c1:37:2b:e9:03:45:0d:cc:00:59:e1:45:
                    51:f7:ed:fb:ba:53:f5:ca:40:ad:71:3c:65:f4:9a:
                    b5:98:9e:15:7f:b1:50:b0:e4:5d:4f:33:db:17:48:
                    93:79:be:0e:6a:9c:e2:67:2a:b6:35:3c:1d:2c:4f:
                    9e:3d:78:24:30:62:e9:6f:66:97:6d:c0:29:c1:91:
                    8d:12:eb:3b:95:3e:f8:fa:a2:e4:16:e3:5a:08:e1:
                    d1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:97:B3:0E:B3:97:37:F0:1E:96:B6:C9:52:03:B1:7A:CD:32:D5:C4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MJezDrOXN_AelrbJUgOxes0y1cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.186.0/24
                  31.59.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f5:0d:78:e7:92:15:12:8e:0a:0b:90:53:61:bf:74:38:30:
         5a:ee:d5:cc:20:83:78:21:b4:b8:4f:51:77:1b:b9:53:16:ae:
         d4:b1:da:be:03:be:7d:39:82:a7:48:17:ae:25:15:44:21:5c:
         5d:cb:37:05:fb:6a:f2:cb:5c:20:d9:c0:e1:c8:8e:da:5f:d7:
         26:d6:18:79:41:64:79:a4:bb:7c:da:ab:6b:99:c6:1b:14:f9:
         69:93:cb:ba:ee:fb:06:59:69:0d:4a:47:7f:84:a4:c0:af:fd:
         09:44:78:34:18:9b:05:e4:cc:bf:68:3e:ef:45:40:0a:3c:58:
         be:93:f9:30:74:65:85:7c:c2:ca:a9:b0:76:c0:85:46:b9:39:
         bd:7b:04:73:1a:9e:b1:b9:a0:bb:90:96:9e:71:eb:07:29:50:
         08:b7:3f:12:9a:a4:6a:50:28:a6:9c:a2:4d:95:c7:4b:0a:80:
         c0:c1:16:bc:77:2d:f1:7e:bc:f0:f0:cc:52:3f:6d:1c:1a:bd:
         21:bb:10:1c:6b:6e:28:8b:62:a4:87:c4:ee:d5:7c:8a:c7:35:
         62:b2:6b:ff:78:b7:eb:9b:26:ea:ce:cd:2c:33:3a:99:61:67:
         9e:f3:8c:2f:95:58:d2:43:3c:07:ff:3c:0c:eb:3d:5a:5a:e3:
         13:40:67:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZki/180EvtFsw1Fo8P0raK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTA3MDcwNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk3YjMwZWIzOTczN2YwMWU5NmI2Yzk1MjAzYjE3YWNkMzJkNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup1cKsBVRBtVoatcMkUQQqpYVfjH
A73bpz5saUuaPZT3Nwij+weV8Ogh+aGhE1S1uxy98nGPtaL4d00oovpKhwU7Rt59
mnSTGTJMpyS5XCV3GwbCNg+iYsCu4dXhuTALrBaBAeYY54DQIh74QOqv0C8ftnkC
w3ZkK/jxejJ+obNKKj6PeH5SgNgEDEZpiFEOKj694/4502M4w9vtMvVoNZuLamTS
WJ3BNyvpA0UNzABZ4UVR9+37ulP1ykCtcTxl9Jq1mJ4Vf7FQsORdTzPbF0iTeb4O
apziZyq2NTwdLE+ePXgkMGLpb2aXbcApwZGNEus7lT74+qLkFuNaCOHR0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDCXsw6zlzfwHpa2yVIDsXrNMtXEMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTUplekRyT1hOX0FlbHJiSlVnT3hlczB5MWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzm6AwQA
HzutMA0GCSqGSIb3DQEBCwUAA4IBAQBn9Q1455IVEo4KC5BTYb90ODBa7tXMIIN4
IbS4T1F3G7lTFq7Usdq+A759OYKnSBeuJRVEIVxdyzcF+2ryy1wg2cDhyI7aX9cm
1hh5QWR5pLt82qtrmcYbFPlpk8u67vsGWWkNSkd/hKTAr/0JRHg0GJsF5My/aD7v
RUAKPFi+k/kwdGWFfMLKqbB2wIVGuTm9ewRzGp6xuaC7kJaecesHKVAItz8SmqRq
UCimnKJNlcdLCoDAwRa8dy3xfrzw8MxSP20cGr0huxAca24oi2Kkh8Tu1XyKxzVi
smv/eLfrmybqzs0sMzqZYWee84wvlVjSQzwH/zwM6z1aWuMTQGdn
-----END CERTIFICATE-----