Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cYFj49FrisCt4wNQII-6Rv6CoAM.roa
File:                     cYFj49FrisCt4wNQII-6Rv6CoAM.roa (raw, json)
Hash identifier:          GjEZzSy4R6GmOTiMd/vD5un7kc1pgCUjortMRcah9Ck=
Subject key identifier:   71:81:63:E3:D1:6B:8A:C0:AD:E3:03:50:20:8F:BA:46:FE:82:A0:03
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019835BAB9244A58FF8C91380B6EBE8258D7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cYFj49FrisCt4wNQII-6Rv6CoAM.roa
Signing time:             Wed 23 Jul 2025 05:21:26 +0000
ROA not before:           Wed 23 Jul 2025 05:21:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212336
IP address blocks:        31.57.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 07:15:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:35:ba:b9:24:4a:58:ff:8c:91:38:0b:6e:be:82:58:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 23 05:21:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=718163e3d16b8ac0ade30350208fba46fe82a003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:da:aa:7e:98:71:12:c4:57:c7:5a:df:04:b6:
                    12:a4:73:7f:cd:0f:e4:fb:60:a1:84:c1:ca:42:24:
                    31:9b:2f:f0:24:30:10:f4:9a:76:9f:11:cf:9c:a7:
                    12:6d:07:4e:b3:2a:d5:fd:f5:37:60:8e:1f:3c:7f:
                    bf:de:2e:27:79:92:cb:d6:86:16:02:70:9a:4f:6c:
                    7c:33:4d:8f:46:46:b6:42:14:a3:0c:a6:80:94:3a:
                    ec:b2:5b:32:10:22:6d:c5:4d:f1:dd:a0:e7:50:06:
                    0b:09:10:c5:72:4d:0b:0d:3f:12:06:27:b6:4c:38:
                    25:c1:3a:c6:57:32:c0:b0:a5:a0:df:c4:5b:79:87:
                    cb:3b:1a:6c:81:b8:dc:ba:88:65:c7:a5:7b:7e:59:
                    11:d5:95:4b:d7:c8:cf:7f:3b:85:3e:f9:78:91:ad:
                    58:3c:aa:5d:ec:1c:2e:29:22:88:c2:bc:22:13:c4:
                    d9:ce:cf:5e:85:e5:73:a8:9b:3a:0b:b3:61:e0:f3:
                    cd:3d:36:b0:26:96:3d:3d:94:c1:f0:5d:d7:0e:32:
                    bb:46:1c:0d:fe:00:f7:04:2f:0a:1e:97:73:8d:76:
                    5f:be:37:71:c3:ba:d9:6c:ec:4b:0d:50:e6:c1:04:
                    98:67:71:18:65:83:c1:53:90:35:f3:58:c6:bd:d6:
                    3a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:81:63:E3:D1:6B:8A:C0:AD:E3:03:50:20:8F:BA:46:FE:82:A0:03
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cYFj49FrisCt4wNQII-6Rv6CoAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:10:f1:d4:41:e1:81:c8:f1:05:48:ee:32:48:e7:b9:72:c0:
         22:5e:8b:39:55:e6:d0:f4:9f:6c:9d:32:6e:44:21:fd:9e:06:
         e0:00:4e:6e:a8:a2:8a:40:27:59:83:85:e1:32:02:e3:bf:a9:
         a6:a4:10:37:f5:f6:84:08:7e:d9:a1:87:e8:16:90:bd:34:06:
         e6:90:ba:d1:47:a6:91:0e:3f:8a:5f:26:d2:ec:99:04:77:bd:
         d5:3b:f0:9a:ee:83:c2:ad:b6:af:b2:a0:e4:80:b2:f7:06:2a:
         39:9b:db:25:70:14:20:00:42:57:1e:af:d9:9d:36:4e:d9:81:
         55:91:44:e0:ff:b5:d4:10:12:69:e3:44:7c:64:75:90:2c:f6:
         c7:15:cd:55:d6:95:35:f8:02:08:a5:7d:50:b2:bb:1f:13:9b:
         20:69:21:98:3a:1b:4c:55:d9:a6:97:bc:cc:32:bd:18:7c:22:
         ea:ee:ac:37:69:ed:14:85:47:a2:63:d0:50:00:74:68:79:dd:
         cf:74:16:2d:9c:6c:7b:98:65:ec:fd:df:d4:72:e1:ee:c4:8d:
         28:f2:ea:80:c4:1c:e7:c0:a6:de:0d:c0:65:6c:81:c1:5e:f9:
         f8:d6:74:d7:69:a8:8f:d4:3d:47:c4:f7:93:90:34:16:ad:b7:
         18:68:b6:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg1urkkSlj/jJE4C26+gljXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzIzMDUyMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTgxNjNlM2QxNmI4YWMwYWRlMzAzNTAyMDhmYmE0NmZlODJhMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9qqfphxEsRXx1rfBLYSpHN/zQ/k
+2ChhMHKQiQxmy/wJDAQ9Jp2nxHPnKcSbQdOsyrV/fU3YI4fPH+/3i4neZLL1oYW
AnCaT2x8M02PRka2QhSjDKaAlDrsslsyECJtxU3x3aDnUAYLCRDFck0LDT8SBie2
TDglwTrGVzLAsKWg38RbeYfLOxpsgbjcuohlx6V7flkR1ZVL18jPfzuFPvl4ka1Y
PKpd7BwuKSKIwrwiE8TZzs9eheVzqJs6C7Nh4PPNPTawJpY9PZTB8F3XDjK7RhwN
/gD3BC8KHpdzjXZfvjdxw7rZbOxLDVDmwQSYZ3EYZYPBU5A181jGvdY6XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGBY+PRa4rAreMDUCCPukb+gqADMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY1lGajQ5RnJpc0N0NHdOUUlJLTZSdjZDb0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmsMA0G
CSqGSIb3DQEBCwUAA4IBAQBnEPHUQeGByPEFSO4ySOe5csAiXos5VebQ9J9snTJu
RCH9ngbgAE5uqKKKQCdZg4XhMgLjv6mmpBA39faECH7ZoYfoFpC9NAbmkLrRR6aR
Dj+KXybS7JkEd73VO/Ca7oPCrbavsqDkgLL3Bio5m9slcBQgAEJXHq/ZnTZO2YFV
kUTg/7XUEBJp40R8ZHWQLPbHFc1V1pU1+AIIpX1QsrsfE5sgaSGYOhtMVdmml7zM
Mr0YfCLq7qw3ae0UhUeiY9BQAHRoed3PdBYtnGx7mGXs/d/UcuHuxI0o8uqAxBzn
wKbeDcBlbIHBXvn41nTXaaiP1D1HxPeTkDQWrbcYaLZT
-----END CERTIFICATE-----