Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Xw_lkND15hMjrbjt11kOViW0jH8.roa
File:                     Xw_lkND15hMjrbjt11kOViW0jH8.roa (raw, json)
Hash identifier:          XaJQPC72QbBLE9JVY8bwdPaNA4pvGWfNYgcMOv2wZjk=
Subject key identifier:   5F:0F:E5:90:D0:F5:E6:13:23:AD:B8:ED:D7:59:0E:56:25:B4:8C:7F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198E67F16AAA7D8114E946BBBD04C8E7B80
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Xw_lkND15hMjrbjt11kOViW0jH8.roa
Signing time:             Tue 26 Aug 2025 13:09:05 +0000
ROA not before:           Tue 26 Aug 2025 13:09:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205733
IP address blocks:        31.57.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:7f:16:aa:a7:d8:11:4e:94:6b:bb:d0:4c:8e:7b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 26 13:09:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f0fe590d0f5e61323adb8edd7590e5625b48c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:64:e0:c8:0d:c2:f0:69:1d:8d:49:c5:80:14:
                    6d:bc:8d:63:12:be:f1:eb:b5:78:47:e0:9f:14:2a:
                    e7:bc:aa:c0:6f:05:ee:c9:c2:11:3f:f7:f9:4a:90:
                    85:b6:60:d5:4c:65:ae:c5:5d:25:6b:de:74:e2:5d:
                    bb:83:1f:55:ab:86:bc:67:62:03:a3:63:2e:97:d6:
                    89:f8:e4:b1:2b:7b:a5:ee:2a:8a:66:c1:bb:d1:48:
                    b0:21:6f:7a:ae:b9:ee:b8:69:e4:ec:6c:19:e6:73:
                    65:48:a9:c7:69:05:2a:dc:49:48:55:2e:be:a9:e6:
                    41:55:01:1d:84:95:bd:af:a8:21:65:f6:ad:23:11:
                    17:9a:75:ac:13:20:d5:56:ed:41:95:db:1c:29:59:
                    e6:00:ed:5d:ec:c5:47:64:1c:49:40:66:a3:9a:b1:
                    44:89:3b:d6:35:6f:28:37:e9:94:27:61:fc:e2:5a:
                    1e:50:27:31:ab:63:36:00:b5:af:ec:5a:61:e7:04:
                    95:23:17:b8:c3:7c:a7:ef:14:a6:cf:15:d8:24:5a:
                    42:2c:8f:e5:fe:96:d1:54:bc:7c:0f:d0:4b:d2:50:
                    91:c4:07:98:3b:2c:82:e7:ec:f3:62:6c:12:48:27:
                    29:e9:43:8f:f9:c3:02:4d:22:04:91:13:65:ea:1a:
                    6e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0F:E5:90:D0:F5:E6:13:23:AD:B8:ED:D7:59:0E:56:25:B4:8C:7F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Xw_lkND15hMjrbjt11kOViW0jH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:09:a8:1c:51:79:47:e6:cc:70:79:80:a2:ba:7d:af:29:7e:
         66:33:fb:8a:46:b6:01:24:b7:53:eb:69:0d:47:30:8d:ed:c2:
         cd:f3:2c:c7:51:b9:6f:f6:c0:22:e5:34:bd:ba:b4:5d:b1:97:
         cb:cc:4f:2f:07:2d:55:24:73:a7:31:13:42:76:cc:69:05:b6:
         64:62:b7:4b:18:d7:cb:a7:4b:c5:25:08:13:29:fe:78:63:e7:
         88:7d:e2:3d:c7:c0:bf:e3:49:6e:bd:93:17:cd:63:75:13:4b:
         0a:b5:1e:d6:f4:15:9e:04:1a:8f:27:66:31:5a:7b:bf:d6:2b:
         a5:81:cd:8c:db:0a:94:0e:1c:fa:a0:15:df:cc:5a:d1:94:b6:
         36:8d:e7:af:83:42:26:e6:77:32:01:91:99:c0:a5:db:a1:e0:
         2e:4c:bb:50:81:8d:7e:8e:e7:fa:ad:fc:ed:ad:c8:04:ea:d1:
         b5:8e:60:36:3c:03:2e:11:6b:d1:3e:b7:34:40:6e:f6:82:28:
         27:b7:da:6a:80:6a:fa:d6:13:bd:d8:99:92:59:f7:dd:81:3e:
         53:7f:ac:bb:68:4f:72:2d:ec:78:7b:42:6d:a6:0e:79:d2:d5:
         17:62:7f:b3:bf:c7:c9:e6:b1:f1:95:89:00:76:36:65:e9:47:
         ec:cb:cb:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjmfxaqp9gRTpRru9BMjnuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODI2MTMwOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBmZTU5MGQwZjVlNjEzMjNhZGI4ZWRkNzU5MGU1NjI1YjQ4YzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmTgyA3C8GkdjUnFgBRtvI1jEr7x
67V4R+CfFCrnvKrAbwXuycIRP/f5SpCFtmDVTGWuxV0la9504l27gx9Vq4a8Z2ID
o2Mul9aJ+OSxK3ul7iqKZsG70UiwIW96rrnuuGnk7GwZ5nNlSKnHaQUq3ElIVS6+
qeZBVQEdhJW9r6ghZfatIxEXmnWsEyDVVu1BldscKVnmAO1d7MVHZBxJQGajmrFE
iTvWNW8oN+mUJ2H84loeUCcxq2M2ALWv7Fph5wSVIxe4w3yn7xSmzxXYJFpCLI/l
/pbRVLx8D9BL0lCRxAeYOyyC5+zzYmwSSCcp6UOP+cMCTSIEkRNl6hpuDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8P5ZDQ9eYTI6247ddZDlYltIx/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWHdfbGtORDE1aE1qcmJqdDExa09WaVcwakg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmGMA0G
CSqGSIb3DQEBCwUAA4IBAQCFCagcUXlH5sxweYCiun2vKX5mM/uKRrYBJLdT62kN
RzCN7cLN8yzHUblv9sAi5TS9urRdsZfLzE8vBy1VJHOnMRNCdsxpBbZkYrdLGNfL
p0vFJQgTKf54Y+eIfeI9x8C/40luvZMXzWN1E0sKtR7W9BWeBBqPJ2YxWnu/1iul
gc2M2wqUDhz6oBXfzFrRlLY2jeevg0Im5ncyAZGZwKXboeAuTLtQgY1+juf6rfzt
rcgE6tG1jmA2PAMuEWvRPrc0QG72gignt9pqgGr61hO92JmSWffdgT5Tf6y7aE9y
Lex4e0Jtpg550tUXYn+zv8fJ5rHxlYkAdjZl6Ufsy8tz
-----END CERTIFICATE-----