Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3VDEwd1usBmmzjTGttGR9vXGnGQ.roa
File:                     3VDEwd1usBmmzjTGttGR9vXGnGQ.roa (raw, json)
Hash identifier:          KyQYqH5nzohFuOAdR3ngC40qF/LGovRB9hReuRmqV9o=
Subject key identifier:   DD:50:C4:C1:DD:6E:B0:19:A6:CE:34:C6:B6:D1:91:F6:F5:C6:9C:64
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197165A222A1925DE50FE361CB9A423D8A8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3VDEwd1usBmmzjTGttGR9vXGnGQ.roa
Signing time:             Wed 28 May 2025 10:04:55 +0000
ROA not before:           Wed 28 May 2025 10:04:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135040
IP address blocks:        31.56.66.0/24 maxlen: 24
                          31.57.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:5a:22:2a:19:25:de:50:fe:36:1c:b9:a4:23:d8:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 28 10:04:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd50c4c1dd6eb019a6ce34c6b6d191f6f5c69c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:af:44:10:20:ee:93:d5:f9:8d:27:02:ba:61:
                    2d:58:6e:86:a2:bc:ec:87:47:d5:a2:46:f3:c3:c8:
                    df:24:25:1f:85:4c:ec:fd:76:4e:20:c1:8e:6f:36:
                    38:dd:0f:05:45:2d:c5:ec:8b:7b:00:72:dc:ed:8e:
                    1f:2b:bd:81:a6:e6:f1:03:c1:d8:68:c2:83:e5:eb:
                    5d:64:aa:72:4b:b6:90:87:67:ee:53:9c:5e:e9:cf:
                    40:27:55:da:83:56:14:59:ca:bf:40:e4:6d:eb:e6:
                    09:13:e5:d0:70:43:cc:f0:21:79:48:8d:88:23:d3:
                    88:be:9d:eb:6d:b8:ea:58:22:1a:98:81:5f:3f:2f:
                    23:e0:64:ec:42:e6:98:a2:e6:21:74:75:02:b4:2a:
                    14:5a:fb:a4:62:8e:57:56:f9:0c:59:a2:b6:b0:18:
                    fb:0b:23:86:23:d2:f5:dd:cf:15:68:13:f0:b7:46:
                    97:05:1d:db:1b:19:ac:d7:e2:b3:b5:db:7a:70:39:
                    09:5b:e1:03:8f:0f:1c:15:8f:08:af:f3:5e:18:ca:
                    f6:ec:1d:6f:d1:3a:25:6a:b1:89:0a:2a:b6:e9:ea:
                    44:c6:db:30:29:ee:d2:b5:67:9b:05:c2:72:6f:d5:
                    f0:e9:d0:cb:7b:f2:06:c2:52:7b:27:da:d4:38:eb:
                    58:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:50:C4:C1:DD:6E:B0:19:A6:CE:34:C6:B6:D1:91:F6:F5:C6:9C:64
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3VDEwd1usBmmzjTGttGR9vXGnGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.66.0/24
                  31.57.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:87:9c:b5:3f:08:23:03:ab:1d:67:da:51:df:45:d2:cb:0e:
         4a:a3:dd:4b:4c:fe:3b:1b:38:58:27:63:07:9e:03:53:75:25:
         48:05:5a:e8:ee:87:e8:e0:ce:16:8d:42:6b:69:4b:5d:5b:af:
         b9:27:29:1f:8d:64:88:32:02:68:fc:46:3e:08:3c:cd:88:d2:
         51:8b:76:85:34:e6:1e:3d:52:00:36:64:b6:fa:ec:5b:02:7b:
         45:c1:46:f5:5b:e5:77:75:c2:47:ef:83:b3:5d:4f:39:69:a4:
         28:8f:69:46:aa:eb:23:db:aa:e0:12:6a:6a:82:79:3e:d0:e0:
         84:2e:c5:19:9d:8b:a4:dc:a4:31:19:15:de:4e:94:2d:e5:17:
         ec:9e:57:34:38:4b:a1:1e:16:33:3f:6b:ee:3d:5c:be:9b:ab:
         bf:da:29:9e:6a:13:06:f6:6e:b7:f0:da:f4:56:3a:d0:28:80:
         40:77:7a:ee:c9:d9:4d:49:81:a5:5f:0a:09:9c:05:6c:e0:6b:
         33:41:5f:3f:95:d6:80:f3:43:ac:99:43:c5:ab:11:af:29:32:
         ad:17:9e:cd:4a:62:19:7b:0a:de:fc:88:75:c0:5c:1a:1e:29:
         48:ac:cf:3b:60:60:63:5d:20:66:cc:70:59:93:ff:92:4a:18:
         f6:ae:62:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcWWiIqGSXeUP42HLmkI9ioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTI4MTAwNDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDUwYzRjMWRkNmViMDE5YTZjZTM0YzZiNmQxOTFmNmY1YzY5YzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa9EECDuk9X5jScCumEtWG6Gorzs
h0fVokbzw8jfJCUfhUzs/XZOIMGObzY43Q8FRS3F7It7AHLc7Y4fK72BpubxA8HY
aMKD5etdZKpyS7aQh2fuU5xe6c9AJ1Xag1YUWcq/QORt6+YJE+XQcEPM8CF5SI2I
I9OIvp3rbbjqWCIamIFfPy8j4GTsQuaYouYhdHUCtCoUWvukYo5XVvkMWaK2sBj7
CyOGI9L13c8VaBPwt0aXBR3bGxms1+Kztdt6cDkJW+EDjw8cFY8Ir/NeGMr27B1v
0TolarGJCiq26epExtswKe7StWebBcJyb9Xw6dDLe/IGwlJ7J9rUOOtYOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1QxMHdbrAZps40xrbRkfb1xpxkMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM1ZERXdkMXVzQm1tempUR3R0R1I5dlhHbkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzhCAwQA
Hzn4MA0GCSqGSIb3DQEBCwUAA4IBAQAdh5y1PwgjA6sdZ9pR30XSyw5Ko91LTP47
GzhYJ2MHngNTdSVIBVro7ofo4M4WjUJraUtdW6+5JykfjWSIMgJo/EY+CDzNiNJR
i3aFNOYePVIANmS2+uxbAntFwUb1W+V3dcJH74OzXU85aaQoj2lGqusj26rgEmpq
gnk+0OCELsUZnYuk3KQxGRXeTpQt5Rfsnlc0OEuhHhYzP2vuPVy+m6u/2imeahMG
9m638Nr0VjrQKIBAd3ruydlNSYGlXwoJnAVs4GszQV8/ldaA80OsmUPFqxGvKTKt
F57NSmIZewre/Ih1wFwaHilIrM87YGBjXSBmzHBZk/+SShj2rmJY
-----END CERTIFICATE-----