Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YzLowWSqm8U4QrVrmi4NyRNs0NQ.roa
File:                     YzLowWSqm8U4QrVrmi4NyRNs0NQ.roa (raw, json)
Hash identifier:          DbTYVEwYYJFfDI2Xg4aWp8pofvrUat6fiQTrJUmvwaE=
Subject key identifier:   63:32:E8:C1:64:AA:9B:C5:38:42:B5:6B:9A:2E:0D:C9:13:6C:D0:D4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196CA76E1E905EBB5B1BD90B792C2FAA0AE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YzLowWSqm8U4QrVrmi4NyRNs0NQ.roa
Signing time:             Tue 13 May 2025 16:25:10 +0000
ROA not before:           Tue 13 May 2025 16:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54444
IP address blocks:        31.56.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ca:76:e1:e9:05:eb:b5:b1:bd:90:b7:92:c2:fa:a0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 13 16:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6332e8c164aa9bc53842b56b9a2e0dc9136cd0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:b1:9d:ab:28:1b:16:74:d0:8b:f5:1a:27:
                    04:cc:66:4f:3c:5f:00:e8:d3:63:bc:87:60:cf:58:
                    4b:17:d1:db:3f:64:78:15:e6:1f:e3:d9:29:e9:e5:
                    01:51:31:cf:4b:a0:85:ea:43:f1:ff:58:85:81:ee:
                    04:64:07:3b:b5:d6:d5:c7:4f:08:26:c8:b6:38:cc:
                    9a:bd:8c:4b:82:86:e1:56:4d:28:70:60:67:70:40:
                    50:90:77:12:f3:ea:48:c2:a6:0b:ab:cc:7e:08:07:
                    c9:0b:6a:6d:b7:7a:9c:6f:90:53:6e:a9:60:87:d5:
                    aa:1f:b8:36:0a:a4:fb:3d:67:ff:cd:e1:c1:cd:67:
                    e7:ea:4c:b6:85:6c:6b:4e:9c:3d:65:fd:56:60:aa:
                    ef:f8:f7:e3:53:4d:23:e3:0a:91:1a:5b:cc:ea:03:
                    ac:45:54:cb:31:39:93:55:d6:84:30:aa:db:92:b6:
                    af:fe:9e:72:40:f8:0e:d6:ed:20:f2:52:62:80:0d:
                    76:9a:b9:b5:1b:f6:cc:6f:65:89:62:2e:7a:ed:a7:
                    c1:b9:e6:11:d4:63:c4:d2:5b:7a:9a:0f:fe:d7:eb:
                    65:6e:98:57:fc:63:c9:ad:aa:4b:7f:eb:97:f5:ce:
                    da:15:0b:a6:98:77:28:e3:f2:2e:83:93:10:a0:88:
                    84:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:32:E8:C1:64:AA:9B:C5:38:42:B5:6B:9A:2E:0D:C9:13:6C:D0:D4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/YzLowWSqm8U4QrVrmi4NyRNs0NQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:7f:6b:78:82:e9:3e:84:63:b6:28:3e:de:f0:cd:9b:83:be:
         3b:8f:d8:90:2f:fe:eb:d0:85:54:ba:2d:22:c8:bc:51:65:e7:
         ea:b0:8b:5a:2f:37:91:cc:de:9e:10:a7:26:6d:68:df:27:35:
         44:cf:26:0c:c7:35:2b:1d:a7:cb:e9:2e:15:fd:79:40:f5:4a:
         d7:c2:e6:02:38:99:eb:c2:58:80:1f:89:89:99:8c:a5:06:c2:
         03:b5:0b:ab:4d:1d:43:47:5c:43:9a:00:26:a7:e6:82:e4:fe:
         88:b2:c0:ff:a1:05:08:a2:ce:57:a2:6a:a0:84:72:c9:86:a7:
         40:32:1b:ac:88:3c:58:4e:4b:ef:22:fa:f8:34:f8:30:2f:7a:
         f6:f0:2c:75:68:83:f1:35:88:f3:a9:a4:f6:f8:59:47:fe:62:
         a3:25:87:e2:83:19:1d:c7:27:39:06:2f:6f:79:d2:d9:af:90:
         60:72:fc:d8:a8:9b:81:46:73:57:12:7c:9a:2d:aa:8e:42:e5:
         36:2e:27:09:fc:7b:e0:ef:59:7d:61:86:4a:4b:a6:9e:c8:86:
         a7:50:4f:c6:96:45:b8:20:c8:4b:ae:45:9c:e0:36:ee:f4:1f:
         bb:c2:60:30:33:da:0b:3a:fd:c1:3e:30:c2:32:de:68:f6:4f:
         e3:8e:cf:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbKduHpBeu1sb2Qt5LC+qCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTEzMTYyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzMyZThjMTY0YWE5YmM1Mzg0MmI1NmI5YTJlMGRjOTEzNmNkMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4SxnasoGxZ00Iv1GicEzGZPPF8A
6NNjvIdgz1hLF9HbP2R4FeYf49kp6eUBUTHPS6CF6kPx/1iFge4EZAc7tdbVx08I
Jsi2OMyavYxLgobhVk0ocGBncEBQkHcS8+pIwqYLq8x+CAfJC2ptt3qcb5BTbqlg
h9WqH7g2CqT7PWf/zeHBzWfn6ky2hWxrTpw9Zf1WYKrv+PfjU00j4wqRGlvM6gOs
RVTLMTmTVdaEMKrbkrav/p5yQPgO1u0g8lJigA12mrm1G/bMb2WJYi567afBueYR
1GPE0lt6mg/+1+tlbphX/GPJrapLf+uX9c7aFQummHco4/Iug5MQoIiEtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMy6MFkqpvFOEK1a5ouDckTbNDUMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWXpMb3dXU3FtOFU0UXJWcm1pNE55Uk5zME5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhHMA0G
CSqGSIb3DQEBCwUAA4IBAQAEf2t4guk+hGO2KD7e8M2bg747j9iQL/7r0IVUui0i
yLxRZefqsItaLzeRzN6eEKcmbWjfJzVEzyYMxzUrHafL6S4V/XlA9UrXwuYCOJnr
wliAH4mJmYylBsIDtQurTR1DR1xDmgAmp+aC5P6IssD/oQUIos5XomqghHLJhqdA
MhusiDxYTkvvIvr4NPgwL3r28Cx1aIPxNYjzqaT2+FlH/mKjJYfigxkdxyc5Bi9v
edLZr5BgcvzYqJuBRnNXEnyaLaqOQuU2LicJ/Hvg71l9YYZKS6aeyIanUE/GlkW4
IMhLrkWc4Dbu9B+7wmAwM9oLOv3BPjDCMt5o9k/jjs8M
-----END CERTIFICATE-----