Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AV7kkWXJzFVulh2v6LGatJMP_A4.roa
File:                     AV7kkWXJzFVulh2v6LGatJMP_A4.roa (raw, json)
Hash identifier:          8o49kkx7vWUelREYMNjx9rUerPg2gfN3tnLji9NkiH8=
Subject key identifier:   01:5E:E4:91:65:C9:CC:55:6E:96:1D:AF:E8:B1:9A:B4:93:0F:FC:0E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198664D7A316E5FC11CD2A8F07CF45E45DD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AV7kkWXJzFVulh2v6LGatJMP_A4.roa
Signing time:             Fri 01 Aug 2025 15:43:30 +0000
ROA not before:           Fri 01 Aug 2025 15:43:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        31.56.238.0/24 maxlen: 24
                          31.57.30.0/24 maxlen: 24
                          31.58.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:4d:7a:31:6e:5f:c1:1c:d2:a8:f0:7c:f4:5e:45:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  1 15:43:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=015ee49165c9cc556e961dafe8b19ab4930ffc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a9:6c:fa:62:48:66:ad:ad:62:54:88:ba:2e:
                    06:8d:05:d0:9c:c9:95:39:03:d2:e1:b2:c3:8c:09:
                    75:4e:05:24:a1:cf:3e:11:13:e3:6d:a5:b6:6d:ca:
                    83:1b:96:75:f5:51:95:72:74:43:51:45:97:11:e7:
                    70:19:24:ea:78:47:de:8a:f5:06:09:14:dc:5e:28:
                    30:5b:e7:e5:48:f4:62:85:ab:6a:d9:c5:68:2f:57:
                    50:eb:b0:8a:b6:d4:f8:0d:59:9b:46:d2:1f:1e:34:
                    ce:62:58:75:ea:f7:f0:56:b9:90:05:97:53:3e:50:
                    e1:3b:33:53:aa:95:0c:8b:8d:5d:fa:25:32:89:5a:
                    ad:62:4a:d0:60:00:f4:d4:ca:19:90:5a:c9:de:0a:
                    7a:9c:f3:0b:90:e3:0d:31:52:f9:06:d8:98:07:6d:
                    94:9c:92:8c:92:42:ee:23:0c:0e:f1:2f:77:24:56:
                    5b:74:4d:20:da:1d:52:98:31:7e:e1:d2:df:91:60:
                    33:ba:34:2b:10:14:02:21:8f:3d:38:03:2b:49:cc:
                    a8:9a:79:ab:be:ba:73:85:15:22:7b:49:1a:f5:77:
                    5a:92:03:aa:6a:46:46:91:9e:e8:93:34:e4:dd:19:
                    a5:e3:bd:91:d4:a9:7e:42:b0:82:d6:91:1d:10:9f:
                    37:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:5E:E4:91:65:C9:CC:55:6E:96:1D:AF:E8:B1:9A:B4:93:0F:FC:0E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AV7kkWXJzFVulh2v6LGatJMP_A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.238.0/24
                  31.57.30.0/24
                  31.58.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b1:c5:45:2a:39:df:cc:c3:e9:bd:6f:af:c4:97:81:45:b2:
         4e:7a:95:31:ee:d8:57:d7:3d:61:86:97:d8:2f:47:9b:02:83:
         81:a7:77:c3:a8:5d:bf:95:20:df:ae:39:dd:75:78:8b:46:27:
         37:db:fe:34:6b:5a:e3:b9:72:fc:0e:74:2e:58:f7:d8:a1:31:
         95:6e:98:49:2e:93:8b:fd:8a:ac:b8:e9:70:b3:15:ce:92:51:
         ca:63:71:0f:92:9e:b2:00:92:81:87:e8:e7:06:76:0b:07:f5:
         3c:97:da:e7:cf:dc:cb:db:25:df:16:22:ce:2e:4c:87:1d:2c:
         ca:08:5e:6a:8b:06:a9:98:61:db:ab:d9:7f:e1:49:ad:90:23:
         d4:2d:10:e1:5b:a9:ab:64:e1:d9:a9:d2:94:9c:aa:26:6b:c9:
         d5:58:8b:c7:1b:5e:e5:b8:d5:86:0a:2f:df:89:fe:8c:fe:09:
         e9:07:14:c8:5c:c8:67:4b:17:b9:fe:6d:34:6a:b4:f5:3e:c8:
         c6:f2:89:e5:c7:a2:15:43:83:d8:3a:2d:b0:93:19:c2:42:67:
         22:4d:f0:9d:4a:79:8f:73:3f:69:b3:73:d8:8c:a1:e6:65:ce:
         af:f6:52:14:18:60:86:f8:ca:74:53:68:b7:9c:ad:3c:55:cd:
         02:8d:20:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhmTXoxbl/BHNKo8Hz0XkXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAxMTU0MzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTVlZTQ5MTY1YzljYzU1NmU5NjFkYWZlOGIxOWFiNDkzMGZmYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKls+mJIZq2tYlSIui4GjQXQnMmV
OQPS4bLDjAl1TgUkoc8+ERPjbaW2bcqDG5Z19VGVcnRDUUWXEedwGSTqeEfeivUG
CRTcXigwW+flSPRihatq2cVoL1dQ67CKttT4DVmbRtIfHjTOYlh16vfwVrmQBZdT
PlDhOzNTqpUMi41d+iUyiVqtYkrQYAD01MoZkFrJ3gp6nPMLkOMNMVL5BtiYB22U
nJKMkkLuIwwO8S93JFZbdE0g2h1SmDF+4dLfkWAzujQrEBQCIY89OAMrScyomnmr
vrpzhRUie0ka9XdakgOqakZGkZ7okzTk3Rml472R1Kl+QrCC1pEdEJ83CQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAFe5JFlycxVbpYdr+ixmrSTD/wOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQVY3a2tXWEp6RlZ1bGgydjZMR2F0Sk1QX0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjuAwQA
HzkeAwQAHzpFMA0GCSqGSIb3DQEBCwUAA4IBAQB3scVFKjnfzMPpvW+vxJeBRbJO
epUx7thX1z1hhpfYL0ebAoOBp3fDqF2/lSDfrjnddXiLRic32/40a1rjuXL8DnQu
WPfYoTGVbphJLpOL/YqsuOlwsxXOklHKY3EPkp6yAJKBh+jnBnYLB/U8l9rnz9zL
2yXfFiLOLkyHHSzKCF5qiwapmGHbq9l/4UmtkCPULRDhW6mrZOHZqdKUnKoma8nV
WIvHG17luNWGCi/fif6M/gnpBxTIXMhnSxe5/m00arT1PsjG8onlx6IVQ4PYOi2w
kxnCQmciTfCdSnmPcz9ps3PYjKHmZc6v9lIUGGCG+Mp0U2i3nK08Vc0CjSCr
-----END CERTIFICATE-----
Generated at Mon Aug 4 08:17:02 2025 by rpki-client