Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y6aIM1736JuuBcnQ3I10iI4sacE.roa
File:                     Y6aIM1736JuuBcnQ3I10iI4sacE.roa (raw, json)
Hash identifier:          +7dmNghNFZf1bc767OKB1paRB+8JDqfSyhl8Gc0KOqQ=
Subject key identifier:   63:A6:88:33:5E:F7:E8:9B:AE:05:C9:D0:DC:8D:74:88:8E:2C:69:C1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197AB4162D0493E295AB6B2D0CC5DE7D68E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y6aIM1736JuuBcnQ3I10iI4sacE.roa
Signing time:             Thu 26 Jun 2025 08:01:18 +0000
ROA not before:           Thu 26 Jun 2025 08:01:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214819
IP address blocks:        31.58.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:41:62:d0:49:3e:29:5a:b6:b2:d0:cc:5d:e7:d6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 26 08:01:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63a688335ef7e89bae05c9d0dc8d74888e2c69c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:75:6b:49:72:da:9c:f3:08:4b:f6:3c:1c:
                    e3:b8:6f:6a:65:9d:63:f3:25:b5:72:da:48:2d:c8:
                    bf:cf:74:a9:ca:85:90:22:c3:c7:18:8d:74:ff:af:
                    66:f0:c4:8e:be:ae:53:01:94:4c:db:eb:5e:5b:0a:
                    17:eb:a7:45:52:82:b6:3e:97:63:8e:ed:5c:74:71:
                    23:26:d6:9e:11:a3:c4:68:83:28:69:a4:7c:2e:11:
                    04:74:1d:4d:82:77:07:05:80:67:3d:8b:1d:27:0b:
                    d6:00:a2:35:8e:56:ef:7f:5f:fb:f0:86:76:11:10:
                    ff:c2:d2:ca:cd:0d:f8:8e:f3:11:f2:bb:94:90:47:
                    71:a3:f5:95:28:05:29:f0:13:53:64:54:0d:8d:39:
                    39:d7:89:9b:91:ed:27:d6:d7:33:00:d4:ae:96:3b:
                    e1:b0:06:38:0b:af:23:d4:d2:55:e3:78:93:a5:ac:
                    94:c0:18:90:34:24:b3:60:ec:8c:4e:7f:74:7e:76:
                    df:5d:b5:0b:ad:fc:99:65:43:ef:45:86:94:fe:46:
                    87:88:08:80:7e:37:f9:9f:38:0e:02:40:e1:f0:48:
                    8e:f4:6a:37:86:6f:f9:5f:7a:dd:7e:5d:b3:98:ab:
                    2a:96:b2:db:7b:2e:47:45:7c:3a:54:5c:69:8e:27:
                    c4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A6:88:33:5E:F7:E8:9B:AE:05:C9:D0:DC:8D:74:88:8E:2C:69:C1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y6aIM1736JuuBcnQ3I10iI4sacE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:ca:21:4a:11:32:c8:0d:c0:41:85:eb:8c:11:4e:72:b8:8a:
         a3:a2:dd:d9:7b:ed:6f:7b:fb:48:e5:34:d7:a6:46:79:27:a3:
         bc:95:87:c4:b3:46:20:76:8a:d2:9a:bc:0e:cd:e6:6a:dd:2f:
         d8:97:a7:4a:49:f0:e2:48:17:bd:0d:62:09:af:87:04:9c:bf:
         24:9a:0a:5e:94:49:a3:36:3b:1d:5d:9b:f2:ff:f7:41:0e:80:
         98:09:ff:4b:3e:56:40:fe:29:15:d4:56:af:2f:71:2b:c6:6f:
         54:92:c1:4b:77:2c:a3:12:9b:7a:c2:21:5b:32:a3:d2:1d:0b:
         39:df:8e:4b:f6:35:b2:ea:48:84:31:e0:05:77:0b:08:2d:ba:
         76:f5:20:78:3d:3d:d6:fb:e8:8a:00:b9:d9:ca:d3:be:e8:30:
         28:91:21:e6:2d:d8:62:b2:13:7c:c9:8c:ca:3f:2a:7a:3d:ed:
         6e:47:85:b4:df:81:8c:94:eb:0c:93:fc:31:f9:b2:78:a2:24:
         43:63:9a:2c:10:38:5e:a1:4a:04:20:bf:b2:95:81:23:e0:84:
         72:48:f0:96:d4:58:2e:54:36:33:ab:50:74:64:73:70:19:44:
         bd:05:9f:b7:54:0a:4a:9e:a5:2e:19:02:92:76:01:e9:78:89:
         74:49:33:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZerQWLQST4pWray0Mxd59aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjI2MDgwMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2E2ODgzMzVlZjdlODliYWUwNWM5ZDBkYzhkNzQ4ODhlMmM2OWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbV1a0ly2pzzCEv2PBzjuG9qZZ1j
8yW1ctpILci/z3SpyoWQIsPHGI10/69m8MSOvq5TAZRM2+teWwoX66dFUoK2Ppdj
ju1cdHEjJtaeEaPEaIMoaaR8LhEEdB1NgncHBYBnPYsdJwvWAKI1jlbvf1/78IZ2
ERD/wtLKzQ34jvMR8ruUkEdxo/WVKAUp8BNTZFQNjTk514mbke0n1tczANSuljvh
sAY4C68j1NJV43iTpayUwBiQNCSzYOyMTn90fnbfXbULrfyZZUPvRYaU/kaHiAiA
fjf5nzgOAkDh8EiO9Go3hm/5X3rdfl2zmKsqlrLbey5HRXw6VFxpjifEHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOmiDNe9+ibrgXJ0NyNdIiOLGnBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWTZhSU0xNzM2SnV1QmNuUTNJMTBpSTRzYWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzoyMA0G
CSqGSIb3DQEBCwUAA4IBAQCMyiFKETLIDcBBheuMEU5yuIqjot3Ze+1ve/tI5TTX
pkZ5J6O8lYfEs0YgdorSmrwOzeZq3S/Yl6dKSfDiSBe9DWIJr4cEnL8kmgpelEmj
NjsdXZvy//dBDoCYCf9LPlZA/ikV1FavL3Erxm9UksFLdyyjEpt6wiFbMqPSHQs5
345L9jWy6kiEMeAFdwsILbp29SB4PT3W++iKALnZytO+6DAokSHmLdhishN8yYzK
Pyp6Pe1uR4W034GMlOsMk/wx+bJ4oiRDY5osEDheoUoEIL+ylYEj4IRySPCW1Fgu
VDYzq1B0ZHNwGUS9BZ+3VApKnqUuGQKSdgHpeIl0STOp
-----END CERTIFICATE-----