Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyjpHXy6Sz4symbMxAMzPLA328M.roa
File:                     TyjpHXy6Sz4symbMxAMzPLA328M.roa (raw, json)
Hash identifier:          Tyy1xxw1YDS+tCZKsKLfKQpzzvyYWksNKlv+nKkaB9A=
Subject key identifier:   4F:28:E9:1D:7C:BA:4B:3E:2C:CA:66:CC:C4:03:33:3C:B0:37:DB:C3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197D4F87882FDD645DCCF63634FB4C7B394
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyjpHXy6Sz4symbMxAMzPLA328M.roa
Signing time:             Fri 04 Jul 2025 10:25:43 +0000
ROA not before:           Fri 04 Jul 2025 10:25:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199925
IP address blocks:        31.59.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:f8:78:82:fd:d6:45:dc:cf:63:63:4f:b4:c7:b3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  4 10:25:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f28e91d7cba4b3e2cca66ccc403333cb037dbc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bf:22:87:7b:74:c0:81:e8:d8:c9:96:52:35:
                    c2:e6:29:df:7c:9b:c8:71:e1:83:81:51:6b:c2:e4:
                    e9:fc:9a:6a:a1:5c:3c:e9:d1:61:95:82:c5:1a:44:
                    ac:eb:77:d5:cc:89:55:d1:00:e0:a5:13:eb:6b:e5:
                    c6:18:c3:7a:3f:c3:df:14:ac:2d:9e:52:15:8b:36:
                    f8:0f:63:a0:06:9c:22:ca:67:e6:b5:ef:94:79:d4:
                    0d:d3:57:9c:c3:b5:4a:29:64:20:18:9c:8d:44:85:
                    37:2e:f9:e1:e5:b1:52:42:1d:da:d4:0c:a4:f4:fd:
                    99:2e:df:d7:a4:91:c6:27:66:0d:19:7a:af:41:89:
                    cf:26:e5:2c:6a:b6:11:33:72:a9:f5:ea:33:a4:86:
                    bb:23:fb:1c:70:a7:53:52:af:c8:33:d4:5e:07:55:
                    fd:ec:6d:61:04:7f:8c:c6:7c:56:4a:d1:d7:e3:c3:
                    a0:af:72:94:e5:c5:f7:80:34:53:02:e2:80:1f:90:
                    27:79:19:3a:46:17:4a:0b:b9:96:a3:78:48:ed:07:
                    ee:01:46:33:df:c0:b2:63:8b:c1:e7:a5:23:71:ea:
                    08:1c:b4:2c:23:1e:01:78:cf:31:36:35:7c:0f:3a:
                    cf:a8:0e:59:2a:b6:f0:d9:c9:de:0e:18:6d:d1:26:
                    86:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:28:E9:1D:7C:BA:4B:3E:2C:CA:66:CC:C4:03:33:3C:B0:37:DB:C3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyjpHXy6Sz4symbMxAMzPLA328M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:53:69:59:ff:2c:f2:e3:ab:a2:75:61:89:0f:19:3b:d9:dd:
         93:f5:90:70:65:97:a7:47:ce:49:53:bc:55:aa:b1:7e:91:ef:
         90:6a:60:6c:37:f3:4f:56:73:68:26:3c:9c:91:2e:a3:e7:38:
         f4:46:7f:4a:19:fe:23:2a:3a:79:ab:1a:43:df:94:8d:7b:57:
         c7:d1:de:12:90:c9:82:71:19:3d:21:c8:83:a6:22:b6:c0:b0:
         85:1e:0f:87:e9:59:9a:05:0b:2e:aa:04:52:43:d7:3f:44:a8:
         17:3b:ab:a0:06:1a:bd:b2:ca:eb:f5:e1:c1:22:20:59:70:db:
         52:78:1e:f0:00:a2:b1:a3:57:2f:c5:2f:39:e4:7e:15:6d:14:
         c1:c6:f7:0f:6c:25:be:69:e1:d6:03:6c:c0:f4:97:d1:66:07:
         97:34:fe:a4:85:a9:e3:fe:ff:3f:c9:61:f3:1a:e5:15:d9:ff:
         6c:ff:98:97:87:27:3b:50:d9:81:c9:65:d1:37:3b:ba:12:a1:
         86:8b:55:39:a3:69:88:38:fa:cd:58:7d:2e:05:48:46:af:03:
         2e:87:b3:a4:d8:d9:a9:25:d5:da:89:d5:6d:c3:f0:41:ca:46:
         69:fb:2c:9f:89:a3:d5:ba:a2:54:df:bd:38:74:d2:bb:37:de:
         ee:d3:bc:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfU+HiC/dZF3M9jY0+0x7OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA0MTAyNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI4ZTkxZDdjYmE0YjNlMmNjYTY2Y2NjNDAzMzMzY2IwMzdkYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0r8ih3t0wIHo2MmWUjXC5inffJvI
ceGDgVFrwuTp/JpqoVw86dFhlYLFGkSs63fVzIlV0QDgpRPra+XGGMN6P8PfFKwt
nlIVizb4D2OgBpwiymfmte+UedQN01ecw7VKKWQgGJyNRIU3Lvnh5bFSQh3a1Ayk
9P2ZLt/XpJHGJ2YNGXqvQYnPJuUsarYRM3Kp9eozpIa7I/sccKdTUq/IM9ReB1X9
7G1hBH+MxnxWStHX48Ogr3KU5cX3gDRTAuKAH5AneRk6RhdKC7mWo3hI7QfuAUYz
38CyY4vB56UjceoIHLQsIx4BeM8xNjV8DzrPqA5ZKrbw2cneDhht0SaGxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8o6R18uks+LMpmzMQDMzywN9vDMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVHlqcEhYeTZTejRzeW1iTXhBTXpQTEEzMjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztGMA0G
CSqGSIb3DQEBCwUAA4IBAQC1U2lZ/yzy46uidWGJDxk72d2T9ZBwZZenR85JU7xV
qrF+ke+QamBsN/NPVnNoJjyckS6j5zj0Rn9KGf4jKjp5qxpD35SNe1fH0d4SkMmC
cRk9IciDpiK2wLCFHg+H6VmaBQsuqgRSQ9c/RKgXO6ugBhq9ssrr9eHBIiBZcNtS
eB7wAKKxo1cvxS855H4VbRTBxvcPbCW+aeHWA2zA9JfRZgeXNP6khanj/v8/yWHz
GuUV2f9s/5iXhyc7UNmByWXRNzu6EqGGi1U5o2mIOPrNWH0uBUhGrwMuh7Ok2Nmp
JdXaidVtw/BBykZp+yyfiaPVuqJU3704dNK7N97u07yi
-----END CERTIFICATE-----