Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U-eWtaeYyrga4f7VfLXIM9jO09Y.roa
File:                     U-eWtaeYyrga4f7VfLXIM9jO09Y.roa (raw, json)
Hash identifier:          zRC96TJSNJImhE2nEA7yH0mK1w+3Z9oOG6E8fMmU6GU=
Subject key identifier:   53:E7:96:B5:A7:98:CA:B8:1A:E1:FE:D5:7C:B5:C8:33:D8:CE:D3:D6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196F26DA659E8A76C07A13EC5CC3BE0858C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U-eWtaeYyrga4f7VfLXIM9jO09Y.roa
Signing time:             Wed 21 May 2025 10:39:54 +0000
ROA not before:           Wed 21 May 2025 10:39:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46475
IP address blocks:        31.58.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:6d:a6:59:e8:a7:6c:07:a1:3e:c5:cc:3b:e0:85:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 21 10:39:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53e796b5a798cab81ae1fed57cb5c833d8ced3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1f:94:e0:cd:85:70:30:55:f7:1f:4a:dc:f1:
                    75:ee:0b:c0:c8:b7:a5:fc:4b:a7:cd:6c:1d:51:97:
                    4e:f7:c8:db:de:1e:46:39:6b:a5:7a:41:bc:9d:f5:
                    23:50:bc:21:2e:88:19:bd:8e:bc:23:31:9b:d5:8b:
                    d7:d0:72:fe:97:ea:07:2e:17:c2:af:38:32:f5:6e:
                    65:59:5c:71:14:71:8c:f3:21:bc:19:be:3c:1c:1a:
                    f1:e1:44:90:a3:38:98:40:e2:b9:0f:a2:cb:a8:89:
                    78:a7:21:05:39:4d:6e:a1:9f:24:89:42:89:40:23:
                    2c:3e:c3:e7:e8:24:10:d2:7a:fa:11:bb:77:2a:91:
                    17:bc:0e:f1:ed:c0:fb:0b:8d:28:7c:2a:9f:6e:6c:
                    8e:cd:a1:6c:8d:ac:78:ba:07:50:57:be:82:52:eb:
                    d9:87:cd:7f:fb:97:f4:15:03:86:91:1a:03:ca:4a:
                    4e:d3:f5:c2:0b:41:13:37:3b:6e:0f:9d:9e:6e:78:
                    63:8c:7c:90:a5:a7:e0:44:cd:d7:ad:d0:76:b7:ab:
                    1b:2a:18:15:48:fb:8b:c9:3d:7f:8e:0b:64:d8:1d:
                    aa:a8:26:d5:af:e9:f2:b1:5c:d2:f2:af:54:b4:f8:
                    73:a4:b3:93:4d:49:2f:ed:47:3c:6b:df:24:e7:51:
                    96:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E7:96:B5:A7:98:CA:B8:1A:E1:FE:D5:7C:B5:C8:33:D8:CE:D3:D6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U-eWtaeYyrga4f7VfLXIM9jO09Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:53:1c:db:19:21:45:f2:a0:25:3e:67:a1:e9:b8:26:45:35:
         58:0c:2c:7b:c6:2d:a4:21:06:d7:3a:cd:b6:c0:03:f7:9d:b7:
         31:8f:5d:d8:c8:d0:05:37:8d:73:fd:77:3d:88:19:26:36:86:
         f7:d4:08:eb:c6:fe:3d:57:b1:dc:0f:b8:52:35:f2:4c:8e:7d:
         99:40:93:50:d3:2a:af:cd:a1:84:72:79:79:92:40:3f:ed:ce:
         e7:55:ea:6c:80:34:2c:49:9d:2c:12:84:d7:69:b4:73:fd:99:
         a8:49:e1:66:a9:4e:0d:d1:a9:ec:88:c4:13:b7:39:c0:44:66:
         a7:fe:60:f9:c9:61:4f:21:82:d5:87:43:c2:7b:ee:f8:52:e2:
         fb:57:5a:e1:39:d2:98:96:37:79:3d:19:31:69:a9:03:01:4b:
         c9:63:84:4f:c3:d0:0e:c5:ba:92:2a:30:6a:5e:84:97:a4:3b:
         1b:16:67:6c:b8:6f:e5:e5:34:4d:fe:87:03:27:ac:ed:de:ed:
         10:b5:50:7c:1c:d1:8c:62:91:51:1b:39:8e:0a:81:12:b7:75:
         f7:f3:a6:59:83:bb:27:b8:79:fa:63:e6:fe:8c:fe:b6:65:f6:
         38:bd:f4:5a:4b:0b:4c:42:ec:c7:a7:86:81:e0:1e:a2:3d:4d:
         eb:68:2f:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbybaZZ6KdsB6E+xcw74IWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTIxMTAzOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2U3OTZiNWE3OThjYWI4MWFlMWZlZDU3Y2I1YzgzM2Q4Y2VkM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx+U4M2FcDBV9x9K3PF17gvAyLel
/EunzWwdUZdO98jb3h5GOWulekG8nfUjULwhLogZvY68IzGb1YvX0HL+l+oHLhfC
rzgy9W5lWVxxFHGM8yG8Gb48HBrx4USQoziYQOK5D6LLqIl4pyEFOU1uoZ8kiUKJ
QCMsPsPn6CQQ0nr6Ebt3KpEXvA7x7cD7C40ofCqfbmyOzaFsjax4ugdQV76CUuvZ
h81/+5f0FQOGkRoDykpO0/XCC0ETNztuD52ebnhjjHyQpafgRM3XrdB2t6sbKhgV
SPuLyT1/jgtk2B2qqCbVr+nysVzS8q9UtPhzpLOTTUkv7Uc8a98k51GW8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPnlrWnmMq4GuH+1Xy1yDPYztPWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVS1lV3RhZVl5cmdhNGY3VmZMWElNOWpPMDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpmMA0G
CSqGSIb3DQEBCwUAA4IBAQCbUxzbGSFF8qAlPmeh6bgmRTVYDCx7xi2kIQbXOs22
wAP3nbcxj13YyNAFN41z/Xc9iBkmNob31Ajrxv49V7HcD7hSNfJMjn2ZQJNQ0yqv
zaGEcnl5kkA/7c7nVepsgDQsSZ0sEoTXabRz/ZmoSeFmqU4N0ansiMQTtznARGan
/mD5yWFPIYLVh0PCe+74UuL7V1rhOdKYljd5PRkxaakDAUvJY4RPw9AOxbqSKjBq
XoSXpDsbFmdsuG/l5TRN/ocDJ6zt3u0QtVB8HNGMYpFRGzmOCoESt3X386ZZg7sn
uHn6Y+b+jP62ZfY4vfRaSwtMQuzHp4aB4B6iPU3raC8O
-----END CERTIFICATE-----