Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uHtVW65lMshMlIWbGcPc4NBkY_E.roa
File:                     uHtVW65lMshMlIWbGcPc4NBkY_E.roa (raw, json)
Hash identifier:          6aV3FVcGB9XXEbmYnidVw3veSD9ar8krKJRp4L6S4+Q=
Subject key identifier:   B8:7B:55:5B:AE:65:32:C8:4C:94:85:9B:19:C3:DC:E0:D0:64:63:F1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01976413A395F7A3F55F9840548B5C3DB83A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uHtVW65lMshMlIWbGcPc4NBkY_E.roa
Signing time:             Thu 12 Jun 2025 12:18:18 +0000
ROA not before:           Thu 12 Jun 2025 12:18:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211854
IP address blocks:        31.56.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:13:a3:95:f7:a3:f5:5f:98:40:54:8b:5c:3d:b8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 12 12:18:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b87b555bae6532c84c94859b19c3dce0d06463f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9c:93:9b:7c:a9:78:a6:49:60:f8:24:dd:15:
                    97:a0:de:b0:20:10:0b:23:a3:35:aa:1c:5f:27:26:
                    f0:57:b3:51:65:cd:6a:2a:3b:2c:75:c2:ff:28:f2:
                    9d:c8:74:62:f9:d0:04:72:e8:a0:55:ce:aa:52:77:
                    26:e3:c3:b9:18:d5:40:97:dd:2d:fb:11:fc:e8:65:
                    e5:a9:72:e7:a1:36:88:2f:f1:19:8b:74:3d:b6:db:
                    dc:73:7b:0d:84:a1:15:37:65:2b:ee:be:07:86:c5:
                    82:5a:88:fe:d7:46:96:e1:50:e7:e3:94:91:da:25:
                    98:3f:bf:f8:47:f5:c1:5f:9a:46:8c:7d:8c:83:0c:
                    ba:31:d5:b0:01:51:2c:c7:d5:73:9b:85:5a:98:b5:
                    ad:71:d9:79:74:52:57:62:bb:ed:0c:44:bf:b0:0d:
                    52:ef:60:ba:24:5c:69:ec:31:f0:69:82:32:8d:98:
                    55:88:79:c5:f3:c7:2a:f8:8b:59:66:82:3a:74:cc:
                    01:46:e6:79:29:6e:e0:d5:22:20:6d:85:bd:27:91:
                    90:e5:be:fa:e3:c2:ce:56:b6:fe:fc:11:59:12:9b:
                    79:08:b6:1a:54:02:5a:05:90:67:2a:14:86:34:ee:
                    b8:04:54:a3:2e:5e:73:4d:87:9d:ff:89:a2:9a:2a:
                    5f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7B:55:5B:AE:65:32:C8:4C:94:85:9B:19:C3:DC:E0:D0:64:63:F1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uHtVW65lMshMlIWbGcPc4NBkY_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d4:bc:4a:7c:c9:e1:c2:07:7c:33:1a:12:82:5e:90:df:d0:
         e3:86:03:23:60:e3:92:6a:6a:7e:40:d2:3f:dd:c2:47:33:c5:
         2d:89:14:cd:36:9f:ea:54:41:ba:05:b9:2e:45:df:3c:54:f7:
         02:aa:a6:c1:22:98:3c:15:44:a8:56:e7:b8:ac:5c:b9:8a:6f:
         95:a0:02:e2:ba:dc:b0:ff:ef:5b:23:a6:c8:06:76:44:7e:43:
         33:63:18:5c:9d:62:6e:73:95:6d:e9:33:da:46:fe:4d:41:8f:
         ce:29:07:9b:0c:e8:3d:cf:ca:67:f8:cc:50:7b:27:a5:fb:53:
         ec:ba:91:af:1c:bc:26:66:e4:b7:12:ca:0b:dd:09:2b:21:94:
         cf:81:c5:d6:3b:5f:53:63:1e:7a:f0:f1:68:67:4b:3d:d7:21:
         f7:6a:47:e5:3d:db:0a:5f:63:a4:82:d5:a0:86:e0:e0:21:ba:
         a1:c6:7f:f3:14:d3:b0:37:2a:cf:74:ec:1e:02:e2:d2:71:08:
         fe:5c:75:3e:fa:82:21:14:4c:bc:de:96:24:c6:23:d5:8d:dd:
         d7:67:75:a7:9d:77:5f:ed:c3:f6:c5:a1:53:9f:67:1d:83:50:
         e4:f7:90:2d:c6:c0:3e:d1:0a:9f:b5:8a:e2:d8:54:36:23:b2:
         e0:0e:d1:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdkE6OV96P1X5hAVItcPbg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjEyMTIxODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdiNTU1YmFlNjUzMmM4NGM5NDg1OWIxOWMzZGNlMGQwNjQ2M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJyTm3ypeKZJYPgk3RWXoN6wIBAL
I6M1qhxfJybwV7NRZc1qKjssdcL/KPKdyHRi+dAEcuigVc6qUncm48O5GNVAl90t
+xH86GXlqXLnoTaIL/EZi3Q9ttvcc3sNhKEVN2Ur7r4HhsWCWoj+10aW4VDn45SR
2iWYP7/4R/XBX5pGjH2Mgwy6MdWwAVEsx9Vzm4VamLWtcdl5dFJXYrvtDES/sA1S
72C6JFxp7DHwaYIyjZhViHnF88cq+ItZZoI6dMwBRuZ5KW7g1SIgbYW9J5GQ5b76
48LOVrb+/BFZEpt5CLYaVAJaBZBnKhSGNO64BFSjLl5zTYed/4mimipfxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh7VVuuZTLITJSFmxnD3ODQZGPxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdUh0Vlc2NWxNc2hNbElXYkdjUGM0TkJrWV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhDMA0G
CSqGSIb3DQEBCwUAA4IBAQAn1LxKfMnhwgd8MxoSgl6Q39DjhgMjYOOSamp+QNI/
3cJHM8UtiRTNNp/qVEG6BbkuRd88VPcCqqbBIpg8FUSoVue4rFy5im+VoALiutyw
/+9bI6bIBnZEfkMzYxhcnWJuc5Vt6TPaRv5NQY/OKQebDOg9z8pn+MxQeyel+1Ps
upGvHLwmZuS3EsoL3QkrIZTPgcXWO19TYx568PFoZ0s91yH3akflPdsKX2OkgtWg
huDgIbqhxn/zFNOwNyrPdOweAuLScQj+XHU++oIhFEy83pYkxiPVjd3XZ3WnnXdf
7cP2xaFTn2cdg1Dk95AtxsA+0QqftYri2FQ2I7LgDtGl
-----END CERTIFICATE-----