Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Dz5sX-mcwEm61sUTrc6oRLQIjEw.roa
File:                     Dz5sX-mcwEm61sUTrc6oRLQIjEw.roa (raw, json)
Hash identifier:          OAgOvdTkeYCMNaLlnmcySgKUiTIq3uhflBrMs0aQgBc=
Subject key identifier:   0F:3E:6C:5F:E9:9C:C0:49:BA:D6:C5:13:AD:CE:A8:44:B4:08:8C:4C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A395772F89DD4DBA27F15D91C7F756734
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Dz5sX-mcwEm61sUTrc6oRLQIjEw.roa
Signing time:             Fri 31 Oct 2025 08:17:03 +0000
ROA not before:           Fri 31 Oct 2025 08:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        31.56.106.0/24 maxlen: 24
                          31.58.221.0/24 maxlen: 24
                          31.59.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:57:72:f8:9d:d4:db:a2:7f:15:d9:1c:7f:75:67:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 31 08:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f3e6c5fe99cc049bad6c513adcea844b4088c4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0d:af:38:e7:b2:ad:22:76:c7:49:4c:a5:59:
                    27:80:8e:fc:e3:dd:9a:9d:66:2f:a7:62:2b:77:b2:
                    72:a7:4d:71:7f:a7:db:17:de:46:70:3c:06:f9:b4:
                    67:81:9e:45:08:ff:d0:a8:0a:ec:74:9a:d2:2e:5d:
                    ac:2a:28:e6:ff:68:9f:a6:2b:2d:1c:11:95:3f:76:
                    41:b0:ea:e7:42:7e:d5:e7:8a:6e:3b:92:5e:bb:e5:
                    28:17:27:0d:69:3e:46:c9:cd:f4:c0:da:39:b7:20:
                    10:00:06:c8:6c:77:2f:65:8a:4e:83:d1:45:3a:1c:
                    50:ca:02:54:6f:02:4a:92:ff:39:72:14:78:9e:13:
                    af:88:e5:d3:2b:12:9c:7e:27:25:38:c9:0f:65:db:
                    0b:df:56:43:55:33:a6:73:e9:24:b7:45:72:73:8a:
                    50:cf:e1:3f:97:37:10:72:8c:ff:45:2b:ab:fc:f5:
                    a7:ce:96:d9:7e:27:c2:76:21:6f:a5:cd:76:ef:1d:
                    77:e0:d5:04:1c:61:ec:c7:10:a0:f6:f1:86:9a:29:
                    16:ef:e7:77:59:00:b7:f5:34:28:79:87:19:3d:a9:
                    05:0b:15:ee:03:f4:5d:e8:c7:e3:61:6f:84:05:de:
                    01:10:e7:c0:21:9c:96:84:2e:76:0a:ca:5d:7c:9c:
                    e8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:3E:6C:5F:E9:9C:C0:49:BA:D6:C5:13:AD:CE:A8:44:B4:08:8C:4C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Dz5sX-mcwEm61sUTrc6oRLQIjEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.106.0/24
                  31.58.221.0/24
                  31.59.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:bb:b9:0e:82:67:e5:03:10:1d:74:da:8a:dd:7a:13:5c:4c:
         99:b5:fb:f5:65:bd:3a:1e:45:6f:50:86:a4:04:43:0d:de:38:
         54:39:3c:05:c4:80:14:69:4e:af:1b:f3:5b:b8:80:ae:01:5e:
         f8:36:84:30:a7:1f:b7:85:5b:0c:30:f2:04:9e:e4:92:b8:b1:
         9f:70:0d:f9:b6:7b:8c:3b:ac:19:35:c6:8e:b9:30:82:76:2b:
         80:16:51:3e:4f:f6:e3:36:e8:4e:d3:97:82:7c:1a:d2:99:a6:
         b5:33:43:0a:2f:fc:95:3e:61:a9:9d:6e:f7:5f:28:63:29:5c:
         ef:2a:49:8a:ab:9c:63:e1:c8:be:51:64:cb:ca:ba:77:08:88:
         e2:25:9d:3d:0b:da:e7:a4:78:6b:1f:17:86:1b:24:68:f5:19:
         34:7c:91:27:a4:2b:66:cb:53:ea:cd:a5:1c:d4:fb:ce:f9:a1:
         20:68:53:2d:0c:d2:0b:8b:2a:61:e3:72:ea:9c:7b:62:11:ec:
         8d:5c:c6:8f:ab:9b:b4:08:3d:e0:be:54:34:08:ff:5f:6f:e2:
         3e:1e:c4:f2:c6:ab:6c:9f:5a:4d:29:3a:1d:9b:cc:e2:ba:07:
         9c:0c:ce:d6:99:ba:4a:7a:d2:bb:31:44:8b:2a:c5:bb:f8:d8:
         58:16:64:6b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo5V3L4ndTbon8V2Rx/dWc0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDMxMDgxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjNlNmM1ZmU5OWNjMDQ5YmFkNmM1MTNhZGNlYTg0NGI0MDg4YzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg2vOOeyrSJ2x0lMpVkngI78492a
nWYvp2Ird7Jyp01xf6fbF95GcDwG+bRngZ5FCP/QqArsdJrSLl2sKijm/2ifpist
HBGVP3ZBsOrnQn7V54puO5Jeu+UoFycNaT5Gyc30wNo5tyAQAAbIbHcvZYpOg9FF
OhxQygJUbwJKkv85chR4nhOviOXTKxKcficlOMkPZdsL31ZDVTOmc+kkt0Vyc4pQ
z+E/lzcQcoz/RSur/PWnzpbZfifCdiFvpc127x134NUEHGHsxxCg9vGGmikW7+d3
WQC39TQoeYcZPakFCxXuA/Rd6MfjYW+EBd4BEOfAIZyWhC52CspdfJzo+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA8+bF/pnMBJutbFE63OqES0CIxMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRHo1c1gtbWN3RW02MXNVVHJjNm9STFFJakV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzhqAwQA
HzrdAwQAHzvmMA0GCSqGSIb3DQEBCwUAA4IBAQC5u7kOgmflAxAddNqK3XoTXEyZ
tfv1Zb06HkVvUIakBEMN3jhUOTwFxIAUaU6vG/NbuICuAV74NoQwpx+3hVsMMPIE
nuSSuLGfcA35tnuMO6wZNcaOuTCCdiuAFlE+T/bjNuhO05eCfBrSmaa1M0MKL/yV
PmGpnW73XyhjKVzvKkmKq5xj4ci+UWTLyrp3CIjiJZ09C9rnpHhrHxeGGyRo9Rk0
fJEnpCtmy1PqzaUc1PvO+aEgaFMtDNILiyph43LqnHtiEeyNXMaPq5u0CD3gvlQ0
CP9fb+I+HsTyxqtsn1pNKTodm8ziugecDM7WmbpKetK7MUSLKsW7+NhYFmRr
-----END CERTIFICATE-----