Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jjbIVTTYWr6PE9r_R9c5kvkswSQ.roa
File:                     jjbIVTTYWr6PE9r_R9c5kvkswSQ.roa (raw, json)
Hash identifier:          nV6bpTk99u+A4a5qte7jM2uSt/1Jf2Qy1vFN3M2b1iQ=
Subject key identifier:   8E:36:C8:55:34:D8:5A:BE:8F:13:DA:FF:47:D7:39:92:F9:2C:C1:24
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01991F35D419AF9AACE5BDFB78B34F2C920A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jjbIVTTYWr6PE9r_R9c5kvkswSQ.roa
Signing time:             Sat 06 Sep 2025 13:27:25 +0000
ROA not before:           Sat 06 Sep 2025 13:27:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        31.56.59.0/24 maxlen: 24
                          31.57.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 17:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1f:35:d4:19:af:9a:ac:e5:bd:fb:78:b3:4f:2c:92:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  6 13:27:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e36c85534d85abe8f13daff47d73992f92cc124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e3:01:26:9b:50:dd:53:5a:47:09:f4:57:fe:
                    c2:b7:25:1c:6f:60:b1:cc:5e:6e:6c:b6:67:c7:94:
                    a0:ff:cc:4b:4a:5e:1f:6d:de:8e:3e:9d:da:33:67:
                    5a:6c:da:e7:25:66:f5:a5:64:e9:ce:1e:65:84:af:
                    a5:12:24:ec:4b:9a:eb:5b:0f:83:6e:04:db:e7:1c:
                    83:d6:1d:49:62:b6:ed:f7:52:de:e7:42:57:90:63:
                    cb:5b:47:6d:92:d1:25:31:a7:c8:83:c6:26:5d:51:
                    00:0d:79:12:e4:39:64:93:aa:fb:9e:70:3b:44:be:
                    11:23:95:a5:55:bf:de:85:15:4f:4e:cc:a4:eb:dd:
                    0d:6b:42:3c:43:ae:36:2b:dc:64:e3:66:ff:8a:df:
                    cd:ca:2c:05:0d:b6:57:0f:9c:91:5f:f8:f3:fa:ed:
                    e6:04:b8:65:6d:f5:6f:b5:16:f1:00:ae:71:2a:79:
                    74:ae:b4:26:f1:45:60:94:60:3f:b4:27:f1:b1:1b:
                    d0:e1:7f:0c:b6:6c:8e:f2:87:3d:ac:12:2d:20:1d:
                    bf:f4:a2:df:55:54:75:8a:34:2d:d1:9b:88:64:3f:
                    01:00:89:1a:22:b7:0f:5f:40:85:b3:09:fb:d5:62:
                    cc:0a:e9:d7:01:75:b8:68:d2:05:e8:dc:fb:05:0e:
                    01:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:36:C8:55:34:D8:5A:BE:8F:13:DA:FF:47:D7:39:92:F9:2C:C1:24
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jjbIVTTYWr6PE9r_R9c5kvkswSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.59.0/24
                  31.57.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d8:68:25:0a:2b:de:1f:79:35:bb:b4:cf:cf:68:a0:23:35:
         6b:c4:77:bf:b6:bf:a6:f9:bb:fc:70:33:72:ea:fd:92:bf:65:
         90:86:69:f8:d4:be:93:59:56:5b:90:72:8b:d5:00:43:4e:28:
         df:7d:40:d9:66:3d:b0:47:f7:b6:59:44:f6:d1:6d:d1:b7:6f:
         ab:38:6b:a0:a7:c3:32:80:63:ac:01:c2:37:d8:dc:d1:ab:ff:
         33:8d:31:fc:6a:ce:ea:53:e0:c5:ef:87:45:11:50:2f:c8:90:
         7d:e6:86:81:d4:8c:ff:f4:ac:07:3e:64:10:36:9d:80:6d:81:
         f5:1f:6e:74:bb:f7:0b:f6:9c:e6:65:c1:da:c0:66:2b:75:53:
         05:ab:3e:0a:5e:45:33:16:89:c5:83:83:a7:3d:0f:18:7c:a9:
         32:5e:d4:fa:ee:8c:d2:e9:da:2a:6a:e8:e7:2e:8a:58:cb:68:
         53:85:fb:90:82:63:7c:cb:c5:13:ea:df:f5:03:f5:c8:4e:0a:
         ff:4b:4d:66:cd:29:07:34:3f:27:da:82:44:eb:2b:b7:61:0d:
         47:d4:1e:f3:e2:a8:e8:53:c0:a6:9d:63:8b:ae:2d:a5:2b:90:
         2a:1a:2a:71:31:dd:d6:5e:37:d7:1b:50:de:5e:43:0c:5a:3a:
         53:42:6c:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkfNdQZr5qs5b37eLNPLJIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTA2MTMyNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM2Yzg1NTM0ZDg1YWJlOGYxM2RhZmY0N2Q3Mzk5MmY5MmNjMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeMBJptQ3VNaRwn0V/7CtyUcb2Cx
zF5ubLZnx5Sg/8xLSl4fbd6OPp3aM2dabNrnJWb1pWTpzh5lhK+lEiTsS5rrWw+D
bgTb5xyD1h1JYrbt91Le50JXkGPLW0dtktElMafIg8YmXVEADXkS5Dlkk6r7nnA7
RL4RI5WlVb/ehRVPTsyk690Na0I8Q642K9xk42b/it/NyiwFDbZXD5yRX/jz+u3m
BLhlbfVvtRbxAK5xKnl0rrQm8UVglGA/tCfxsRvQ4X8MtmyO8oc9rBItIB2/9KLf
VVR1ijQt0ZuIZD8BAIkaIrcPX0CFswn71WLMCunXAXW4aNIF6Nz7BQ4BXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI42yFU02Fq+jxPa/0fXOZL5LMEkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvampiSVZUVFlXcjZQRTlyX1I5YzVrdmtzd1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzg7AwQA
HzmHMA0GCSqGSIb3DQEBCwUAA4IBAQB82GglCiveH3k1u7TPz2igIzVrxHe/tr+m
+bv8cDNy6v2Sv2WQhmn41L6TWVZbkHKL1QBDTijffUDZZj2wR/e2WUT20W3Rt2+r
OGugp8MygGOsAcI32NzRq/8zjTH8as7qU+DF74dFEVAvyJB95oaB1Iz/9KwHPmQQ
Np2AbYH1H250u/cL9pzmZcHawGYrdVMFqz4KXkUzFonFg4OnPQ8YfKkyXtT67ozS
6doqaujnLopYy2hThfuQgmN8y8UT6t/1A/XITgr/S01mzSkHND8n2oJE6yu3YQ1H
1B7z4qjoU8CmnWOLri2lK5AqGipxMd3WXjfXG1DeXkMMWjpTQmwo
-----END CERTIFICATE-----