Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QOFzCICfbHqU9yaiHPFPA7_Oi1A.roa
File:                     QOFzCICfbHqU9yaiHPFPA7_Oi1A.roa (raw, json)
Hash identifier:          oqBG4jLoTzNdzWkQykKziSW7p2Q7bxzMWU7ejutoHKE=
Subject key identifier:   40:E1:73:08:80:9F:6C:7A:94:F7:26:A2:1C:F1:4F:03:BF:CE:8B:50
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A6F68EB438B272EEBF547E345D656FE30
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QOFzCICfbHqU9yaiHPFPA7_Oi1A.roa
Signing time:             Mon 10 Nov 2025 20:15:38 +0000
ROA not before:           Mon 10 Nov 2025 20:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202662
IP address blocks:        31.56.31.0/24 maxlen: 24
                          31.56.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Nov 2025 15:11:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6f:68:eb:43:8b:27:2e:eb:f5:47:e3:45:d6:56:fe:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 10 20:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40e17308809f6c7a94f726a21cf14f03bfce8b50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4b:40:1c:68:f6:ae:eb:3b:aa:17:ea:df:e5:
                    05:0e:55:07:bb:3b:e9:48:9d:5a:e5:0f:89:53:79:
                    bd:59:6e:03:b4:de:cc:3c:4b:43:ba:16:6c:4f:d5:
                    e7:43:9e:87:5e:6f:f1:14:0b:fd:9a:47:c0:3a:c1:
                    64:05:a1:5c:22:b1:8f:95:59:f0:e7:31:62:86:23:
                    66:cc:3e:22:d0:e9:eb:87:dd:ff:99:c4:2c:f3:d9:
                    30:16:90:91:84:97:74:42:8b:cb:1f:47:d9:07:77:
                    9c:b1:26:4b:0c:04:32:3c:4d:91:1c:12:1c:c6:e8:
                    52:30:f4:2a:75:16:7e:4d:28:8b:c0:85:56:31:26:
                    d1:84:97:c4:af:34:07:01:f9:f3:18:39:9d:28:57:
                    ae:79:c4:7a:2d:bc:7a:7f:b4:3f:4f:1d:e5:d7:45:
                    39:bb:77:76:2c:a7:9c:c9:c0:f0:1e:11:22:4e:29:
                    6f:8f:55:c7:7b:45:c5:e7:fd:87:73:8e:71:d0:64:
                    39:b0:41:e7:a5:d8:8f:ce:21:32:79:78:7c:21:7b:
                    48:3a:92:9f:4f:bb:6e:03:a2:54:fe:32:de:3c:77:
                    f7:51:59:2c:2c:20:43:93:ea:7f:0c:f5:4b:b1:50:
                    94:ac:1e:f4:aa:23:21:7a:fd:1e:7f:2d:3a:7b:46:
                    fb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E1:73:08:80:9F:6C:7A:94:F7:26:A2:1C:F1:4F:03:BF:CE:8B:50
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QOFzCICfbHqU9yaiHPFPA7_Oi1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.31.0/24
                  31.56.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:34:8b:51:8f:dc:19:60:13:f0:8d:0e:14:cd:a1:86:14:f0:
         b7:97:3f:25:a6:26:04:36:18:41:ee:cf:0d:10:7a:44:c7:98:
         08:c6:6c:ad:41:4e:54:18:ed:7a:ad:ff:b9:0c:30:3f:70:8c:
         96:98:4a:fe:28:f6:5d:c0:c6:0e:f6:6d:e2:72:56:46:12:80:
         15:e9:96:1f:d4:3b:2d:93:f5:d7:13:c0:ff:2e:7d:fa:4b:d1:
         4b:e2:2e:c6:c7:bb:18:e7:65:fb:57:22:91:d4:e4:50:d0:e2:
         8f:09:3e:84:b2:9d:1a:28:39:59:4d:1b:f7:8f:53:f4:28:d7:
         ad:92:80:47:2b:78:16:b2:48:60:4c:e0:69:a4:12:2b:92:d8:
         b4:9d:b4:a6:ce:d8:d7:aa:00:47:11:ee:48:49:10:70:ce:94:
         23:3b:2b:49:f5:47:ba:2c:ce:e5:b2:64:eb:e6:28:bd:8c:5d:
         73:35:da:76:81:e1:86:cc:e6:e7:f6:2e:92:bf:9a:40:6a:f2:
         80:89:b0:e0:ea:29:35:11:fe:7e:eb:ec:84:8c:19:9e:36:df:
         a5:ab:43:c4:4e:84:09:fe:21:12:b5:b0:c2:40:3d:74:fd:29:
         d7:f2:bf:e4:c0:51:45:1c:89:90:9c:ae:67:15:4f:ef:80:97:
         b9:11:a1:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpvaOtDiycu6/VH40XWVv4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTEwMjAxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGUxNzMwODgwOWY2YzdhOTRmNzI2YTIxY2YxNGYwM2JmY2U4YjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0tAHGj2rus7qhfq3+UFDlUHuzvp
SJ1a5Q+JU3m9WW4DtN7MPEtDuhZsT9XnQ56HXm/xFAv9mkfAOsFkBaFcIrGPlVnw
5zFihiNmzD4i0Onrh93/mcQs89kwFpCRhJd0QovLH0fZB3ecsSZLDAQyPE2RHBIc
xuhSMPQqdRZ+TSiLwIVWMSbRhJfErzQHAfnzGDmdKFeuecR6Lbx6f7Q/Tx3l10U5
u3d2LKecycDwHhEiTilvj1XHe0XF5/2Hc45x0GQ5sEHnpdiPziEyeXh8IXtIOpKf
T7tuA6JU/jLePHf3UVksLCBDk+p/DPVLsVCUrB70qiMhev0efy06e0b7LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDhcwiAn2x6lPcmohzxTwO/zotQMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUU9GekNJQ2ZiSHFVOXlhaUhQRlBBN19PaTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgfAwQA
HzhpMA0GCSqGSIb3DQEBCwUAA4IBAQBVNItRj9wZYBPwjQ4UzaGGFPC3lz8lpiYE
NhhB7s8NEHpEx5gIxmytQU5UGO16rf+5DDA/cIyWmEr+KPZdwMYO9m3iclZGEoAV
6ZYf1Dstk/XXE8D/Ln36S9FL4i7Gx7sY52X7VyKR1ORQ0OKPCT6Esp0aKDlZTRv3
j1P0KNetkoBHK3gWskhgTOBppBIrkti0nbSmztjXqgBHEe5ISRBwzpQjOytJ9Ue6
LM7lsmTr5ii9jF1zNdp2geGGzObn9i6Sv5pAavKAibDg6ik1Ef5+6+yEjBmeNt+l
q0PEToQJ/iEStbDCQD10/SnX8r/kwFFFHImQnK5nFU/vgJe5EaEw
-----END CERTIFICATE-----