Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/itF65Ghhn2HEgotYQztqadrOufc.roa
File:                     itF65Ghhn2HEgotYQztqadrOufc.roa (raw, json)
Hash identifier:          /gNf2n0nwgpSV9z8EGHDnIOzPBXYSlc/me7JYlR5NDQ=
Subject key identifier:   8A:D1:7A:E4:68:61:9F:61:C4:82:8B:58:43:3B:6A:69:DA:CE:B9:F7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198EA1473304B285E86953299BA43C2075A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/itF65Ghhn2HEgotYQztqadrOufc.roa
Signing time:             Wed 27 Aug 2025 05:51:05 +0000
ROA not before:           Wed 27 Aug 2025 05:51:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201814
IP address blocks:        31.59.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:14:73:30:4b:28:5e:86:95:32:99:ba:43:c2:07:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 27 05:51:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ad17ae468619f61c4828b58433b6a69daceb9f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3b:6e:56:0c:58:1a:69:e0:3e:79:ba:28:50:
                    8d:58:d5:22:f9:b9:a4:d9:d7:1c:4b:04:18:01:e1:
                    5b:05:37:1f:40:08:d9:13:79:74:f0:5e:30:5b:4b:
                    7d:15:10:13:14:51:ac:62:06:e3:75:e1:b1:e0:b8:
                    28:69:be:bd:3f:62:71:f8:65:2e:bc:f1:3b:d6:09:
                    12:ac:21:47:a7:7b:68:ec:6e:29:da:d5:2e:eb:b0:
                    d7:e3:0c:fa:db:ea:c1:38:7d:4a:21:c4:dd:9c:a3:
                    ba:c9:ba:cc:8f:64:e6:89:a5:6d:5b:75:54:d8:9e:
                    eb:62:e5:c1:99:42:26:9e:9b:d8:7b:15:4b:78:cb:
                    97:5c:23:4c:55:20:c0:dd:61:8b:0f:e6:be:a1:fa:
                    7a:53:82:54:45:bf:f1:a1:4d:bc:d6:fa:23:c0:c2:
                    d7:26:a5:b2:4d:95:03:78:0a:85:71:6b:47:6d:d6:
                    05:55:95:81:e6:d8:a2:cb:ee:9c:a5:1f:83:19:ea:
                    6f:83:a1:a9:86:21:b4:a9:c4:b0:07:73:0b:c8:f4:
                    ac:9b:6e:de:d2:d7:a0:2b:5b:7e:c0:52:53:42:60:
                    f2:4a:ae:7d:9d:89:09:c7:e6:5e:8f:5f:7d:38:75:
                    a5:ee:66:27:11:95:89:3e:9b:d9:28:16:35:85:3a:
                    00:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D1:7A:E4:68:61:9F:61:C4:82:8B:58:43:3B:6A:69:DA:CE:B9:F7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/itF65Ghhn2HEgotYQztqadrOufc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:25:23:2c:51:53:d4:6e:7e:f8:b8:e1:94:f1:f9:5f:72:f6:
         ae:bf:34:f8:18:13:7f:be:6c:1a:20:7a:44:60:e5:55:93:bf:
         6a:50:72:a7:aa:1d:21:3f:98:fc:26:c9:10:e4:b8:f3:ac:db:
         5a:52:9f:4b:5b:9f:f9:fb:3e:e6:3e:03:7f:2b:90:54:b7:8f:
         d6:9b:b1:57:90:5f:41:01:07:4f:da:22:f9:96:19:e4:9e:2d:
         e0:d4:d3:95:bd:c6:e0:2d:d7:50:5b:bd:b5:42:b3:c9:08:11:
         17:60:58:0a:38:d3:d3:aa:8c:29:9c:86:54:1d:57:c0:02:84:
         79:81:d1:64:9b:aa:d4:3b:0c:c7:87:e2:8b:85:e8:f1:72:71:
         2c:95:74:58:b0:9f:32:d9:9d:68:c2:30:9f:20:9c:c5:67:d2:
         21:85:ab:03:7a:95:09:2d:5d:50:2a:b9:41:f0:03:24:a3:85:
         f1:75:1e:48:27:1b:b8:e4:4e:b1:2d:87:58:f9:8f:15:42:54:
         b5:04:20:32:0a:b5:bb:59:a8:d5:9a:8c:87:c5:cd:04:1c:82:
         ea:ac:91:5c:b7:e5:10:a7:ee:bc:fe:da:de:f7:a1:2c:f8:c3:
         34:30:30:ee:df:00:db:7a:0e:7a:9f:93:a6:38:f6:46:e3:6b:
         c4:5b:33:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqFHMwSyhehpUymbpDwgdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODI3MDU1MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQxN2FlNDY4NjE5ZjYxYzQ4MjhiNTg0MzNiNmE2OWRhY2ViOWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmztuVgxYGmngPnm6KFCNWNUi+bmk
2dccSwQYAeFbBTcfQAjZE3l08F4wW0t9FRATFFGsYgbjdeGx4Lgoab69P2Jx+GUu
vPE71gkSrCFHp3to7G4p2tUu67DX4wz62+rBOH1KIcTdnKO6ybrMj2TmiaVtW3VU
2J7rYuXBmUImnpvYexVLeMuXXCNMVSDA3WGLD+a+ofp6U4JURb/xoU281vojwMLX
JqWyTZUDeAqFcWtHbdYFVZWB5tiiy+6cpR+DGepvg6GphiG0qcSwB3MLyPSsm27e
0tegK1t+wFJTQmDySq59nYkJx+Zej199OHWl7mYnEZWJPpvZKBY1hToAlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrReuRoYZ9hxIKLWEM7amnazrn3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaXRGNjVHaGhuMkhFZ290WVF6dHFhZHJPdWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzuJMA0G
CSqGSIb3DQEBCwUAA4IBAQAWJSMsUVPUbn74uOGU8flfcvauvzT4GBN/vmwaIHpE
YOVVk79qUHKnqh0hP5j8JskQ5LjzrNtaUp9LW5/5+z7mPgN/K5BUt4/Wm7FXkF9B
AQdP2iL5lhnkni3g1NOVvcbgLddQW721QrPJCBEXYFgKONPTqowpnIZUHVfAAoR5
gdFkm6rUOwzHh+KLhejxcnEslXRYsJ8y2Z1owjCfIJzFZ9IhhasDepUJLV1QKrlB
8AMko4XxdR5IJxu45E6xLYdY+Y8VQlS1BCAyCrW7WajVmoyHxc0EHILqrJFct+UQ
p+68/tre96Es+MM0MDDu3wDbeg56n5OmOPZG42vEWzP2
-----END CERTIFICATE-----