Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hK3DBULYC3ob_OfslGzPQ6s6Ot0.roa
File:                     hK3DBULYC3ob_OfslGzPQ6s6Ot0.roa (raw, json)
Hash identifier:          ODWkCIebxdQha/ez8skNmVhOC+uLNglitdr7a83Sxc0=
Subject key identifier:   84:AD:C3:05:42:D8:0B:7A:1B:FC:E7:EC:94:6C:CF:43:AB:3A:3A:DD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197CF02711E43CA125413E235CE8ADEA0FE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hK3DBULYC3ob_OfslGzPQ6s6Ot0.roa
Signing time:             Thu 03 Jul 2025 06:38:53 +0000
ROA not before:           Thu 03 Jul 2025 06:38:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        31.57.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:02:71:1e:43:ca:12:54:13:e2:35:ce:8a:de:a0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  3 06:38:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84adc30542d80b7a1bfce7ec946ccf43ab3a3add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d6:dd:7d:37:5d:c3:fa:44:2b:62:79:08:63:
                    19:c8:33:b1:69:c8:6e:ee:6e:a6:22:6e:7d:3b:6c:
                    84:bf:66:99:d7:9f:51:4f:b5:55:5a:3c:73:21:97:
                    c4:db:40:29:07:e4:9a:2d:9e:e7:97:fe:30:49:b0:
                    91:0c:b1:f6:06:c4:b8:4f:dd:cb:95:c4:cb:bd:61:
                    4d:45:08:2e:fa:dd:f4:fb:9e:e6:c2:cf:f4:ba:be:
                    8b:f8:4a:5e:d6:5f:6c:47:57:12:ce:bc:73:3d:ea:
                    5e:0c:82:a5:93:ba:1c:07:79:69:29:88:fe:62:1f:
                    18:29:87:36:a8:d6:1b:03:db:1b:4b:87:f4:94:20:
                    67:48:62:62:b0:ba:fe:a8:32:3b:8d:d4:1c:37:2d:
                    4a:a8:53:be:f9:9f:e2:4b:bb:9e:de:b8:39:3a:6d:
                    3d:46:0d:87:1a:fe:e2:ed:2d:af:d5:23:b6:33:3a:
                    42:d1:9b:6b:b9:09:96:82:64:38:ff:75:b6:a6:cc:
                    ab:f8:d5:82:76:c8:ee:8f:c9:fe:d9:d1:cb:cf:ae:
                    5c:a7:32:8e:c3:e1:2d:7c:3c:b7:3b:aa:2b:81:1b:
                    e6:51:64:4a:c2:9f:ee:6e:35:33:c3:42:b9:df:ca:
                    f0:88:41:5d:c2:d9:92:c6:24:78:3a:b8:e8:e1:35:
                    b9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:AD:C3:05:42:D8:0B:7A:1B:FC:E7:EC:94:6C:CF:43:AB:3A:3A:DD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hK3DBULYC3ob_OfslGzPQ6s6Ot0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:fb:12:64:b4:72:4e:e5:be:b4:a8:b3:08:60:23:16:8d:05:
         32:49:f6:b3:ec:3b:fa:c3:60:bf:c2:7b:e2:95:9c:69:0d:48:
         32:88:ff:8a:4f:26:76:f3:42:fa:a7:68:01:2a:aa:67:23:50:
         9e:8f:e5:24:70:84:56:08:18:d7:ff:fd:11:16:3d:a1:e2:65:
         43:a2:a4:6e:c2:65:3e:1a:d0:a7:09:f7:1e:56:ca:48:a3:06:
         ff:3d:49:0d:ca:72:84:c9:b6:97:48:e9:a6:06:87:e9:81:39:
         f1:0e:56:59:23:f1:4c:b8:2f:f1:29:ad:78:97:1f:08:aa:55:
         70:19:dc:37:68:89:d7:e6:ff:f0:ce:85:06:ff:94:46:6c:11:
         1b:8a:cf:05:53:45:99:ba:a4:11:ac:6d:82:df:36:dd:ee:f3:
         f1:f1:b6:5d:17:b0:07:56:6d:0f:06:3f:1c:50:eb:4b:c0:15:
         dd:8d:79:02:37:4b:12:98:c0:18:28:61:19:20:5d:bc:b7:aa:
         78:6f:72:02:eb:c3:a9:a0:19:ae:3f:f3:41:b3:eb:97:50:ff:
         66:2d:29:d0:6b:f4:b9:3e:80:fb:bd:75:0d:4b:9e:60:84:1c:
         7d:ed:f4:61:ed:3e:fb:cb:f2:f6:c4:17:de:9f:c5:9f:e6:15:
         2b:5b:5c:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfPAnEeQ8oSVBPiNc6K3qD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzAzMDYzODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFkYzMwNTQyZDgwYjdhMWJmY2U3ZWM5NDZjY2Y0M2FiM2EzYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNbdfTddw/pEK2J5CGMZyDOxachu
7m6mIm59O2yEv2aZ159RT7VVWjxzIZfE20ApB+SaLZ7nl/4wSbCRDLH2BsS4T93L
lcTLvWFNRQgu+t30+57mws/0ur6L+Epe1l9sR1cSzrxzPepeDIKlk7ocB3lpKYj+
Yh8YKYc2qNYbA9sbS4f0lCBnSGJisLr+qDI7jdQcNy1KqFO++Z/iS7ue3rg5Om09
Rg2HGv7i7S2v1SO2MzpC0ZtruQmWgmQ4/3W2psyr+NWCdsjuj8n+2dHLz65cpzKO
w+EtfDy3O6orgRvmUWRKwp/ubjUzw0K538rwiEFdwtmSxiR4Orjo4TW5/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIStwwVC2At6G/zn7JRsz0OrOjrdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaEszREJVTFlDM29iX09mc2xHelBRNnM2T3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmfMA0G
CSqGSIb3DQEBCwUAA4IBAQBy+xJktHJO5b60qLMIYCMWjQUySfaz7Dv6w2C/wnvi
lZxpDUgyiP+KTyZ280L6p2gBKqpnI1Cej+UkcIRWCBjX//0RFj2h4mVDoqRuwmU+
GtCnCfceVspIowb/PUkNynKEybaXSOmmBofpgTnxDlZZI/FMuC/xKa14lx8IqlVw
Gdw3aInX5v/wzoUG/5RGbBEbis8FU0WZuqQRrG2C3zbd7vPx8bZdF7AHVm0PBj8c
UOtLwBXdjXkCN0sSmMAYKGEZIF28t6p4b3IC68OpoBmuP/NBs+uXUP9mLSnQa/S5
PoD7vXUNS55ghBx97fRh7T77y/L2xBfen8Wf5hUrW1wS
-----END CERTIFICATE-----