Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/f6tdboBSBVkm_zHRd12A3O36m8o.roa
File:                     f6tdboBSBVkm_zHRd12A3O36m8o.roa (raw, json)
Hash identifier:          G3uhF3TVuQa3XBMbylZTj/SC/JYAy6+QfifbbaOzX08=
Subject key identifier:   7F:AB:5D:6E:80:52:05:59:26:FF:31:D1:77:5D:80:DC:ED:FA:9B:CA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01971B498F7983A9918EEFF1CBB9BFA32325
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/f6tdboBSBVkm_zHRd12A3O36m8o.roa
Signing time:             Thu 29 May 2025 09:04:55 +0000
ROA not before:           Thu 29 May 2025 09:04:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213613
IP address blocks:        31.56.48.0/24 maxlen: 24
                          31.57.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1b:49:8f:79:83:a9:91:8e:ef:f1:cb:b9:bf:a3:23:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 29 09:04:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fab5d6e8052055926ff31d1775d80dcedfa9bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:fe:9e:8b:00:b2:8b:88:9f:43:ca:20:b5:02:
                    8b:d1:d9:3b:b9:17:61:ac:ed:30:a5:87:5d:20:1a:
                    a5:07:0d:87:a5:30:08:d5:f0:ed:7a:f9:df:75:94:
                    93:b0:b1:27:56:51:49:47:21:8e:aa:a7:f6:b3:a5:
                    0c:7b:e6:57:ed:58:56:dc:32:c3:3b:49:05:fd:48:
                    7b:75:45:80:72:50:23:10:ec:f8:0e:72:bc:a1:0e:
                    c0:45:58:62:f4:8f:7d:8e:01:5e:c6:11:b4:c8:3e:
                    5c:c3:af:65:3f:9f:e3:69:64:41:76:a3:dc:60:a8:
                    27:07:91:a5:10:7b:b0:4c:eb:d8:71:b7:5d:12:34:
                    d8:5a:f1:28:11:06:15:64:57:07:a6:fa:df:9c:e7:
                    fe:6b:45:c7:a8:1e:20:4b:ec:02:5e:19:7f:71:b1:
                    15:59:fc:31:28:32:e5:fd:8c:b6:90:c3:1a:73:18:
                    aa:e7:43:ed:ad:89:49:62:a6:3b:86:49:18:f2:7a:
                    5c:7c:ac:5d:3a:ae:a4:c0:9d:d8:25:96:e9:b9:87:
                    fc:83:f0:21:6e:3e:c3:4e:14:20:16:ef:6d:54:23:
                    3a:72:d8:c9:d8:47:72:cc:d6:c1:7d:b9:90:54:c8:
                    1e:56:47:e1:78:82:55:b7:01:02:25:c6:ff:8b:61:
                    9b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:AB:5D:6E:80:52:05:59:26:FF:31:D1:77:5D:80:DC:ED:FA:9B:CA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/f6tdboBSBVkm_zHRd12A3O36m8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.48.0/24
                  31.57.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:92:06:20:d1:0b:13:a0:44:6f:4e:40:52:de:6e:59:b5:d1:
         65:a2:7d:50:89:e6:f2:73:67:09:c5:e3:68:91:99:b3:94:e4:
         8e:fa:60:d5:5e:be:8e:22:cb:39:0f:65:a4:88:83:12:19:d2:
         fb:0e:3f:f5:da:bc:20:4a:0f:6d:fd:ed:db:57:99:66:ec:8d:
         9c:f9:76:77:46:f4:b3:19:36:18:ba:c9:da:69:25:54:1c:8f:
         9c:1b:88:a3:3d:6c:8c:c4:8d:7d:c7:20:55:d8:cc:40:ab:50:
         e0:5c:f6:12:f0:07:db:ab:98:62:56:a6:14:8b:48:d0:8e:19:
         5a:c2:f9:8e:8f:67:37:96:e4:4d:59:88:be:88:8a:a8:77:7a:
         94:53:8c:b9:6b:e1:55:48:66:99:2b:23:7d:cb:85:3a:94:df:
         f7:9c:e5:12:57:44:97:06:25:a8:67:3f:56:b4:b2:10:3b:e9:
         fc:cb:2f:db:84:8d:b3:87:79:6f:04:24:8c:10:57:d8:51:72:
         34:4b:ec:1a:1e:ed:38:91:c7:08:bc:4c:a0:9d:5d:11:1f:0e:
         cb:e2:77:b1:4b:f9:d2:50:6e:f6:3a:5d:1a:79:6d:0b:c3:16:
         0e:77:e4:9a:00:8d:20:30:f8:9f:fc:71:80:04:82:ce:9e:f6:
         ed:66:46:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcbSY95g6mRju/xy7m/oyMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTI5MDkwNDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmFiNWQ2ZTgwNTIwNTU5MjZmZjMxZDE3NzVkODBkY2VkZmE5YmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5f6eiwCyi4ifQ8ogtQKL0dk7uRdh
rO0wpYddIBqlBw2HpTAI1fDtevnfdZSTsLEnVlFJRyGOqqf2s6UMe+ZX7VhW3DLD
O0kF/Uh7dUWAclAjEOz4DnK8oQ7ARVhi9I99jgFexhG0yD5cw69lP5/jaWRBdqPc
YKgnB5GlEHuwTOvYcbddEjTYWvEoEQYVZFcHpvrfnOf+a0XHqB4gS+wCXhl/cbEV
WfwxKDLl/Yy2kMMacxiq50PtrYlJYqY7hkkY8npcfKxdOq6kwJ3YJZbpuYf8g/Ah
bj7DThQgFu9tVCM6ctjJ2EdyzNbBfbmQVMgeVkfheIJVtwECJcb/i2GbvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH+rXW6AUgVZJv8x0XddgNzt+pvKMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZjZ0ZGJvQlNCVmttX3pIUmQxMkEzTzM2bThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgwAwQA
HzkMMA0GCSqGSIb3DQEBCwUAA4IBAQC9kgYg0QsToERvTkBS3m5ZtdFlon1Qieby
c2cJxeNokZmzlOSO+mDVXr6OIss5D2WkiIMSGdL7Dj/12rwgSg9t/e3bV5lm7I2c
+XZ3RvSzGTYYusnaaSVUHI+cG4ijPWyMxI19xyBV2MxAq1DgXPYS8Afbq5hiVqYU
i0jQjhlawvmOj2c3luRNWYi+iIqod3qUU4y5a+FVSGaZKyN9y4U6lN/3nOUSV0SX
BiWoZz9WtLIQO+n8yy/bhI2zh3lvBCSMEFfYUXI0S+waHu04kccIvEygnV0RHw7L
4nexS/nSUG72Ol0aeW0LwxYOd+SaAI0gMPif/HGABILOnvbtZkbv
-----END CERTIFICATE-----