Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9uV8HheiEo8Epr0M6-OjFhzh6iA.roa
File:                     9uV8HheiEo8Epr0M6-OjFhzh6iA.roa (raw, json)
Hash identifier:          Z8QBnu+wKKvz9BYTBcJaY+4cJ2gSGVrHnyYHej/v5ho=
Subject key identifier:   F6:E5:7C:1E:17:A2:12:8F:04:A6:BD:0C:EB:E3:A3:16:1C:E1:EA:20
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A43F4BFF8F2566B78F377CBB3A3952575
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9uV8HheiEo8Epr0M6-OjFhzh6iA.roa
Signing time:             Sun 02 Nov 2025 09:45:04 +0000
ROA not before:           Sun 02 Nov 2025 09:45:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13347
IP address blocks:        31.56.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:f4:bf:f8:f2:56:6b:78:f3:77:cb:b3:a3:95:25:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  2 09:45:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6e57c1e17a2128f04a6bd0cebe3a3161ce1ea20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e2:f5:31:f3:56:b6:e8:1f:ba:36:19:f1:49:
                    bd:29:e9:c2:1b:f2:a6:c6:15:07:d2:dc:03:fa:9c:
                    ee:80:46:ee:83:7e:7f:61:12:84:a5:2d:bf:b0:78:
                    b3:fa:32:c3:0b:2f:f2:8b:e0:b2:76:26:ae:0a:25:
                    c8:f8:bc:5c:45:b4:5c:19:5e:e7:50:01:83:92:70:
                    b3:5d:aa:2e:52:25:f6:03:cb:99:38:9e:57:fe:52:
                    0c:75:f9:97:7f:4f:3d:86:2c:50:89:c1:20:1d:27:
                    e1:37:48:8d:27:01:06:34:8e:1b:6b:1d:9f:0e:eb:
                    99:21:53:41:0a:b9:7e:13:67:ac:ed:40:55:55:ff:
                    b9:1f:17:36:eb:ed:8c:89:09:c7:db:7f:93:de:b5:
                    f2:ba:b6:38:52:8d:6e:c3:20:18:a2:5d:7c:b8:22:
                    56:af:2a:d5:a4:c5:59:1e:b6:d9:85:b3:3b:38:9c:
                    48:9c:5b:c1:dc:69:80:56:09:fc:1c:73:ea:80:00:
                    61:3e:c8:3c:71:5d:9f:1c:f2:d4:f8:9a:a9:e5:bd:
                    57:ab:a1:24:93:55:67:1d:b0:d2:ab:8b:40:13:03:
                    79:5e:39:f6:52:53:32:9b:c6:6c:3e:9c:d8:94:0c:
                    86:7f:cd:ae:ad:76:fa:db:e8:92:76:e2:95:8e:35:
                    66:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E5:7C:1E:17:A2:12:8F:04:A6:BD:0C:EB:E3:A3:16:1C:E1:EA:20
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9uV8HheiEo8Epr0M6-OjFhzh6iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:ee:c4:32:b1:48:b1:9d:d6:74:47:89:c1:0f:f1:40:b5:30:
         ca:2a:61:17:61:a0:16:eb:ba:c1:b5:7a:71:fc:1d:6d:ae:fd:
         29:1f:1b:d9:15:17:f6:84:d4:93:cf:3b:7f:cd:37:dd:ca:c6:
         72:18:39:af:9b:d3:20:ea:db:9d:01:b9:9f:9e:b2:bd:5c:13:
         9d:80:d1:86:c5:19:16:17:6a:bd:33:97:04:1d:20:a1:a6:0c:
         1b:0d:3e:7e:95:ae:3f:b6:75:a0:18:a0:1d:c6:89:0d:24:39:
         c5:09:01:b4:ba:60:b1:ad:90:96:20:32:6a:20:88:f5:6d:2f:
         35:1d:42:12:8d:19:29:1f:07:f2:34:1b:3d:d2:32:59:d4:16:
         0b:a8:e2:ae:60:ec:32:f8:88:49:69:5e:62:1d:06:06:a2:39:
         e6:e6:a4:7e:1f:52:c9:64:43:a6:25:e4:99:2b:89:73:9c:7a:
         c5:98:27:08:7c:79:bf:80:a2:1c:dd:61:86:69:76:a4:c2:44:
         5a:cb:88:00:98:c8:91:70:0f:b1:08:44:76:3e:ce:6b:06:69:
         eb:da:85:d4:26:21:f6:39:52:44:59:e2:54:e7:55:b8:d4:a5:
         95:15:ef:94:89:57:9b:50:05:26:25:f7:52:d7:65:02:5b:ef:
         01:5a:50:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpD9L/48lZrePN3y7OjlSV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTAyMDk0NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU1N2MxZTE3YTIxMjhmMDRhNmJkMGNlYmUzYTMxNjFjZTFlYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+L1MfNWtugfujYZ8Um9KenCG/Km
xhUH0twD+pzugEbug35/YRKEpS2/sHiz+jLDCy/yi+CydiauCiXI+LxcRbRcGV7n
UAGDknCzXaouUiX2A8uZOJ5X/lIMdfmXf089hixQicEgHSfhN0iNJwEGNI4bax2f
DuuZIVNBCrl+E2es7UBVVf+5Hxc26+2MiQnH23+T3rXyurY4Uo1uwyAYol18uCJW
ryrVpMVZHrbZhbM7OJxInFvB3GmAVgn8HHPqgABhPsg8cV2fHPLU+Jqp5b1Xq6Ek
k1VnHbDSq4tAEwN5Xjn2UlMym8ZsPpzYlAyGf82urXb62+iSduKVjjVm6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPblfB4XohKPBKa9DOvjoxYc4eogMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOXVWOEhoZWlFbzhFcHIwTTYtT2pGaHpoNmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHzigMA0G
CSqGSIb3DQEBCwUAA4IBAQBM7sQysUixndZ0R4nBD/FAtTDKKmEXYaAW67rBtXpx
/B1trv0pHxvZFRf2hNSTzzt/zTfdysZyGDmvm9Mg6tudAbmfnrK9XBOdgNGGxRkW
F2q9M5cEHSChpgwbDT5+la4/tnWgGKAdxokNJDnFCQG0umCxrZCWIDJqIIj1bS81
HUISjRkpHwfyNBs90jJZ1BYLqOKuYOwy+IhJaV5iHQYGojnm5qR+H1LJZEOmJeSZ
K4lznHrFmCcIfHm/gKIc3WGGaXakwkRay4gAmMiRcA+xCER2Ps5rBmnr2oXUJiH2
OVJEWeJU51W41KWVFe+UiVebUAUmJfdS12UCW+8BWlAX
-----END CERTIFICATE-----