Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPKQ5qtex6ymhW8-7kU2YxGleLM.roa
File:                     oPKQ5qtex6ymhW8-7kU2YxGleLM.roa (raw, json)
Hash identifier:          PmzwVuU0GxT0mImLNxp5/98N4yqAvlSBoNIKgVoNO6E=
Subject key identifier:   A0:F2:90:E6:AB:5E:C7:AC:A6:85:6F:3E:EE:45:36:63:11:A5:78:B3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A43F4BE7EC2EEAAF95E8D036471DFED62
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPKQ5qtex6ymhW8-7kU2YxGleLM.roa
Signing time:             Sun 02 Nov 2025 09:45:04 +0000
ROA not before:           Sun 02 Nov 2025 09:45:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        31.56.33.0/24 maxlen: 24
                          31.56.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:f4:be:7e:c2:ee:aa:f9:5e:8d:03:64:71:df:ed:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  2 09:45:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0f290e6ab5ec7aca6856f3eee45366311a578b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:62:47:1c:b5:63:58:29:b7:1f:de:a9:a4:87:
                    ef:fd:fe:12:27:19:50:ac:c6:8c:06:50:f6:ab:f7:
                    e6:af:f6:6f:ee:de:79:d3:c4:ef:3d:ed:c2:40:10:
                    98:7e:5a:f1:d4:29:f7:ad:b2:ef:b1:51:7c:4f:b5:
                    0b:d6:28:58:fe:75:f6:22:43:b6:30:55:25:7d:1f:
                    9d:7f:38:40:84:6e:97:c2:27:6d:a0:27:92:5e:1b:
                    da:f8:ce:0c:24:bb:98:39:a4:3c:b6:d0:7e:bf:a5:
                    89:27:18:cd:b2:d9:ef:4c:15:ba:a9:d2:ee:55:67:
                    e9:87:b9:a3:d6:f7:e9:6b:98:e3:7d:ef:cf:d6:b8:
                    1f:25:6a:b8:f9:84:0c:e5:de:8a:a7:a0:9d:35:d7:
                    ba:95:a6:e8:1f:2c:d6:50:b4:b2:08:d3:8a:12:58:
                    17:9a:a1:f4:5b:b1:ad:35:95:a5:c2:33:26:12:dc:
                    e0:d9:6b:59:21:ec:22:11:39:51:16:e5:da:1b:bc:
                    83:8b:df:c0:d1:a3:84:0d:cc:36:05:3c:ed:e0:0d:
                    2b:c5:71:99:b0:4e:00:78:ab:65:01:2a:47:9e:2f:
                    3d:c6:a3:2c:bb:40:c3:68:08:69:0e:b5:0f:39:4b:
                    2f:9f:57:9e:08:18:76:c5:26:f5:e1:56:f4:d0:d3:
                    19:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F2:90:E6:AB:5E:C7:AC:A6:85:6F:3E:EE:45:36:63:11:A5:78:B3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPKQ5qtex6ymhW8-7kU2YxGleLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.33.0/24
                  31.56.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:a9:9b:38:dc:23:90:85:cd:c5:3a:60:5b:6e:5f:34:50:d4:
         80:25:3e:89:b5:08:24:2e:19:b3:fb:3a:82:e6:13:58:df:a9:
         6a:19:d9:29:ee:31:2f:ec:4a:a2:3f:8c:cd:72:ca:de:b7:a0:
         20:e0:4f:85:8b:ed:a4:be:87:c6:32:1e:f3:d6:04:35:e1:62:
         2f:66:36:92:75:41:84:29:41:a5:80:c4:95:a0:80:09:98:3d:
         31:17:ba:ac:e7:b5:fb:07:36:25:04:ea:5e:08:f0:33:2a:48:
         a9:74:87:41:bc:5f:7b:f5:1a:65:1c:83:f2:6b:11:fc:6d:67:
         3e:4b:27:60:87:af:ba:10:cd:fe:64:b0:54:b1:79:5a:eb:a2:
         77:ce:65:c8:8e:b7:90:70:e5:1e:cd:4c:af:86:d8:f6:93:ea:
         2c:b6:63:e0:1c:d9:f2:5b:99:a9:2e:cf:20:a2:0f:b5:77:0c:
         75:fe:50:3a:7e:21:11:e1:f3:29:ab:fd:fd:5d:de:77:d7:b6:
         5e:dc:04:ab:4c:e5:01:54:1e:3c:97:70:a5:ca:fc:eb:23:7e:
         9f:7b:89:56:34:c9:bf:ad:b9:fb:4b:56:a8:88:93:6e:00:7c:
         be:73:ad:15:da:cf:b8:cc:69:43:ba:fb:45:e7:3d:7d:c9:f1:
         d4:04:00:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpD9L5+wu6q+V6NA2Rx3+1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTAyMDk0NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGYyOTBlNmFiNWVjN2FjYTY4NTZmM2VlZTQ1MzY2MzExYTU3OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmJHHLVjWCm3H96ppIfv/f4SJxlQ
rMaMBlD2q/fmr/Zv7t5508TvPe3CQBCYflrx1Cn3rbLvsVF8T7UL1ihY/nX2IkO2
MFUlfR+dfzhAhG6XwidtoCeSXhva+M4MJLuYOaQ8ttB+v6WJJxjNstnvTBW6qdLu
VWfph7mj1vfpa5jjfe/P1rgfJWq4+YQM5d6Kp6CdNde6laboHyzWULSyCNOKElgX
mqH0W7GtNZWlwjMmEtzg2WtZIewiETlRFuXaG7yDi9/A0aOEDcw2BTzt4A0rxXGZ
sE4AeKtlASpHni89xqMsu0DDaAhpDrUPOUsvn1eeCBh2xSb14Vb00NMZpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKDykOarXsespoVvPu5FNmMRpXizMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb1BLUTVxdGV4NnltaFc4LTdrVTJZeEdsZUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzghAwQD
HzigMA0GCSqGSIb3DQEBCwUAA4IBAQAVqZs43COQhc3FOmBbbl80UNSAJT6JtQgk
Lhmz+zqC5hNY36lqGdkp7jEv7EqiP4zNcsret6Ag4E+Fi+2kvofGMh7z1gQ14WIv
ZjaSdUGEKUGlgMSVoIAJmD0xF7qs57X7BzYlBOpeCPAzKkipdIdBvF979RplHIPy
axH8bWc+Sydgh6+6EM3+ZLBUsXla66J3zmXIjreQcOUezUyvhtj2k+ostmPgHNny
W5mpLs8gog+1dwx1/lA6fiER4fMpq/39Xd5317Ze3ASrTOUBVB48l3ClyvzrI36f
e4lWNMm/rbn7S1aoiJNuAHy+c60V2s+4zGlDuvtF5z19yfHUBACG
-----END CERTIFICATE-----