Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_29byfAAxpIvIl2ICYgeg5LdkY8.roa
File:                     _29byfAAxpIvIl2ICYgeg5LdkY8.roa (raw, json)
Hash identifier:          pqOHJLLxNWnemGToIJHFvpTbBfTiDlZR3IcvT4NrSAE=
Subject key identifier:   FF:6F:5B:C9:F0:00:C6:92:2F:22:5D:88:09:88:1E:83:92:DD:91:8F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019905621418FBEC575F1A1FCD34B5988043
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_29byfAAxpIvIl2ICYgeg5LdkY8.roa
Signing time:             Mon 01 Sep 2025 13:05:37 +0000
ROA not before:           Mon 01 Sep 2025 13:05:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215355
IP address blocks:        31.59.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 07:41:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:62:14:18:fb:ec:57:5f:1a:1f:cd:34:b5:98:80:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  1 13:05:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff6f5bc9f000c6922f225d8809881e8392dd918f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:91:67:98:f6:ac:2c:e7:cf:73:d3:e7:c2:6d:
                    1b:a0:62:f7:27:7c:f6:c0:6d:ed:4d:47:ae:a3:e2:
                    cf:28:e9:50:0a:a1:8f:28:75:77:c8:1f:79:b6:ce:
                    ab:2d:4f:13:1b:4a:38:18:6a:d4:55:b8:42:31:47:
                    c6:d4:2a:1a:7b:c3:79:5b:b7:78:27:d2:ed:9c:1e:
                    c9:93:e2:59:46:28:9d:57:7e:a0:13:7e:86:f9:0f:
                    87:67:76:6c:7a:37:22:57:96:b4:21:da:d8:fd:31:
                    51:88:24:4c:a8:09:6d:6a:61:fe:7a:98:71:15:51:
                    4d:b2:28:de:f7:52:a4:07:33:f3:2b:d9:14:37:a3:
                    b9:7c:e4:1c:99:1e:17:f6:6f:44:4d:d6:e9:8d:68:
                    11:a0:04:99:a8:03:8a:2b:c2:23:64:b4:fb:0e:aa:
                    13:74:87:78:c3:0c:cf:f8:4f:5d:19:bc:fd:1f:c7:
                    e3:c1:eb:b7:e7:5b:e2:2a:c0:b2:86:d0:f3:d6:7b:
                    20:e5:c4:33:b1:b1:f4:cd:fd:2a:3a:5d:62:34:6f:
                    91:5b:fb:ff:18:47:32:1d:4d:f3:59:1d:54:0a:d0:
                    c5:4e:c9:c4:9f:47:65:b6:84:f5:f0:3d:83:ef:c8:
                    44:00:75:a7:ff:83:b6:d0:1f:b0:24:af:b4:1e:e9:
                    5a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:6F:5B:C9:F0:00:C6:92:2F:22:5D:88:09:88:1E:83:92:DD:91:8F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_29byfAAxpIvIl2ICYgeg5LdkY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:61:e4:0f:81:11:ed:a9:78:64:5d:07:8c:a2:fd:7b:f9:c6:
         1f:11:f6:02:23:17:8d:3a:47:50:17:ea:a4:9e:e6:16:83:c0:
         26:d8:5f:75:2f:48:c1:1d:70:c5:a5:32:db:2c:cd:f2:da:df:
         07:26:ba:f6:6c:31:26:9c:ba:ae:c1:be:6a:65:59:4b:e4:42:
         e7:22:4e:e5:ba:21:95:3a:ac:69:f5:8a:a2:0e:ed:35:d2:ef:
         80:00:23:a3:0b:a6:b1:91:ba:76:8e:0e:8e:58:1f:e5:68:07:
         59:a9:53:73:d5:92:f8:ab:1f:ac:39:7a:1e:b3:28:23:48:16:
         b3:f6:04:6e:95:6a:67:ce:26:5c:f4:1a:e8:c2:b9:ec:a9:85:
         ce:7d:39:29:0c:f9:45:44:08:9c:01:f7:3d:5c:a4:fa:c2:0c:
         06:d0:df:22:a5:77:bb:58:03:f6:0c:2e:ff:5d:6e:65:a6:22:
         a2:fe:12:08:d9:88:f2:36:4d:57:fd:1e:c6:74:07:eb:6f:0f:
         25:9b:1e:c7:f0:99:03:0c:3d:89:c7:c9:9f:47:f9:64:c8:5b:
         00:63:97:d8:69:be:c4:13:c1:dd:4a:e1:41:fb:41:50:44:a6:
         cc:c1:d5:7c:25:c0:bf:88:4b:6a:03:c8:44:6d:a1:d0:46:97:
         1c:58:0c:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkFYhQY++xXXxofzTS1mIBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTAxMTMwNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjZmNWJjOWYwMDBjNjkyMmYyMjVkODgwOTg4MWU4MzkyZGQ5MThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJFnmPasLOfPc9Pnwm0boGL3J3z2
wG3tTUeuo+LPKOlQCqGPKHV3yB95ts6rLU8TG0o4GGrUVbhCMUfG1Coae8N5W7d4
J9LtnB7Jk+JZRiidV36gE36G+Q+HZ3ZsejciV5a0IdrY/TFRiCRMqAltamH+ephx
FVFNsije91KkBzPzK9kUN6O5fOQcmR4X9m9ETdbpjWgRoASZqAOKK8IjZLT7DqoT
dId4wwzP+E9dGbz9H8fjweu351viKsCyhtDz1nsg5cQzsbH0zf0qOl1iNG+RW/v/
GEcyHU3zWR1UCtDFTsnEn0dltoT18D2D78hEAHWn/4O20B+wJK+0HulaAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9vW8nwAMaSLyJdiAmIHoOS3ZGPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvXzI5YnlmQUF4cEl2SWwySUNZZ2VnNUxka1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztvMA0G
CSqGSIb3DQEBCwUAA4IBAQAMYeQPgRHtqXhkXQeMov17+cYfEfYCIxeNOkdQF+qk
nuYWg8Am2F91L0jBHXDFpTLbLM3y2t8HJrr2bDEmnLquwb5qZVlL5ELnIk7luiGV
Oqxp9YqiDu010u+AACOjC6axkbp2jg6OWB/laAdZqVNz1ZL4qx+sOXoesygjSBaz
9gRulWpnziZc9BrowrnsqYXOfTkpDPlFRAicAfc9XKT6wgwG0N8ipXe7WAP2DC7/
XW5lpiKi/hII2YjyNk1X/R7GdAfrbw8lmx7H8JkDDD2Jx8mfR/lkyFsAY5fYab7E
E8HdSuFB+0FQRKbMwdV8JcC/iEtqA8hEbaHQRpccWAz5
-----END CERTIFICATE-----