Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N9vo4mQCmfM1ceDZEClS5UcLyLo.roa
File:                     N9vo4mQCmfM1ceDZEClS5UcLyLo.roa (raw, json)
Hash identifier:          5aEpvVTCssTcQ0ytYKrCM/MCW/UMOdkRKZlmzQVanRw=
Subject key identifier:   37:DB:E8:E2:64:02:99:F3:35:71:E0:D9:10:29:52:E5:47:0B:C8:BA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019735BC411F240801948E6F4FD782FF9E38
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N9vo4mQCmfM1ceDZEClS5UcLyLo.roa
Signing time:             Tue 03 Jun 2025 12:20:19 +0000
ROA not before:           Tue 03 Jun 2025 12:20:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        31.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:bc:41:1f:24:08:01:94:8e:6f:4f:d7:82:ff:9e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  3 12:20:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37dbe8e2640299f33571e0d9102952e5470bc8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:55:c4:f5:0d:4d:18:b4:27:c2:c9:a5:db:32:
                    94:79:58:eb:69:90:1d:30:a0:42:93:61:90:79:a8:
                    0d:b0:9c:a1:f4:4c:bc:f8:3f:e4:eb:d0:b4:08:90:
                    43:36:95:cd:9d:6e:09:d8:e7:5f:b1:8d:96:e6:b0:
                    83:2f:f3:4d:5f:3c:86:9f:c7:e5:75:d3:f6:fe:b0:
                    f1:d8:5c:d7:f9:9d:d7:2d:77:c2:69:6f:db:ea:f1:
                    3d:ad:47:b4:4b:f0:da:20:94:17:5e:ca:52:b7:72:
                    58:45:f5:6f:19:73:8d:41:db:d2:b5:0c:27:bb:63:
                    30:1c:c9:f5:f7:0e:e7:38:a3:39:f9:1a:f4:a4:10:
                    37:96:e8:42:e0:4b:64:88:23:6b:88:dd:a1:da:78:
                    b9:bb:2f:f2:a4:82:9f:a7:69:52:b7:b1:c5:6f:ae:
                    27:8e:1d:f3:cc:52:ea:34:58:c0:f2:2f:48:7c:a3:
                    fb:c2:26:e2:32:aa:3d:60:f5:6f:3a:a1:a1:90:79:
                    30:cc:57:92:ef:65:a7:f8:a9:56:7a:f8:46:a1:ef:
                    65:5f:26:a6:2b:75:a7:7d:e0:83:a9:4c:84:4f:24:
                    bc:63:19:76:58:3e:12:a6:ef:c5:69:8e:16:99:d5:
                    fa:6a:b6:25:8c:74:e0:b0:1a:9f:e4:fb:08:a6:72:
                    8f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DB:E8:E2:64:02:99:F3:35:71:E0:D9:10:29:52:E5:47:0B:C8:BA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N9vo4mQCmfM1ceDZEClS5UcLyLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b7:96:49:f5:8b:f5:1b:12:e6:2d:e7:84:e9:98:7a:3b:97:
         32:d4:6b:9a:89:cb:11:5b:50:5e:14:38:17:63:6d:1d:5e:6d:
         f1:1f:7a:22:2a:fc:31:87:c7:a3:7b:f8:62:c9:91:b1:ae:02:
         0f:3c:6f:45:79:b0:72:96:b1:ea:b0:bb:4c:9c:c2:c8:4d:f0:
         92:59:a2:ac:e9:76:ba:d8:22:e5:4a:16:72:89:dd:ac:39:7a:
         60:ca:f6:41:b9:98:52:5f:4f:11:65:b1:63:d6:ea:d3:12:52:
         63:26:bd:a9:97:6b:04:aa:ad:78:dc:87:cf:53:ff:73:c9:09:
         8e:e1:bc:96:44:4b:a3:f7:52:07:aa:6b:48:0f:ff:55:be:c8:
         4a:fa:07:74:b5:dc:ba:09:d4:80:ab:4d:48:26:36:b2:85:94:
         8b:0b:cb:56:b8:9b:8f:fd:f4:11:5c:2b:20:64:81:bc:53:b8:
         dd:21:4a:a5:9c:4b:f4:e5:1d:3d:24:b1:13:6b:4c:ca:30:9a:
         d8:13:fa:e9:5a:15:53:fe:01:69:79:30:c3:1f:5c:ec:69:5a:
         60:bf:6f:89:c9:a9:90:f8:81:e6:6f:24:82:de:a1:d2:f1:56:
         3f:0e:fe:41:1e:71:76:d6:ab:d2:ad:65:59:ff:6a:f9:d8:da:
         b3:51:fd:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1vEEfJAgBlI5vT9eC/544MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjAzMTIyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiZThlMjY0MDI5OWYzMzU3MWUwZDkxMDI5NTJlNTQ3MGJjOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFXE9Q1NGLQnwsml2zKUeVjraZAd
MKBCk2GQeagNsJyh9Ey8+D/k69C0CJBDNpXNnW4J2OdfsY2W5rCDL/NNXzyGn8fl
ddP2/rDx2FzX+Z3XLXfCaW/b6vE9rUe0S/DaIJQXXspSt3JYRfVvGXONQdvStQwn
u2MwHMn19w7nOKM5+Rr0pBA3luhC4EtkiCNriN2h2ni5uy/ypIKfp2lSt7HFb64n
jh3zzFLqNFjA8i9IfKP7wibiMqo9YPVvOqGhkHkwzFeS72Wn+KlWevhGoe9lXyam
K3WnfeCDqUyETyS8Yxl2WD4Spu/FaY4WmdX6arYljHTgsBqf5PsIpnKPOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfb6OJkApnzNXHg2RApUuVHC8i6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTjl2bzRtUUNtZk0xY2VEWkVDbFM1VWNMeUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpUMA0G
CSqGSIb3DQEBCwUAA4IBAQBet5ZJ9Yv1GxLmLeeE6Zh6O5cy1GuaicsRW1BeFDgX
Y20dXm3xH3oiKvwxh8eje/hiyZGxrgIPPG9FebBylrHqsLtMnMLITfCSWaKs6Xa6
2CLlShZyid2sOXpgyvZBuZhSX08RZbFj1urTElJjJr2pl2sEqq143IfPU/9zyQmO
4byWREuj91IHqmtID/9VvshK+gd0tdy6CdSAq01IJjayhZSLC8tWuJuP/fQRXCsg
ZIG8U7jdIUqlnEv05R09JLETa0zKMJrYE/rpWhVT/gFpeTDDH1zsaVpgv2+JyamQ
+IHmbySC3qHS8VY/Dv5BHnF21qvSrWVZ/2r52NqzUf0B
-----END CERTIFICATE-----