Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ENg2py0xlaRxeuvk1pEwAq7szJw.roa
File:                     ENg2py0xlaRxeuvk1pEwAq7szJw.roa (raw, json)
Hash identifier:          xp82+MVR89F0LtekH4jwEI/9kV5NGdPS6flWujuI6w0=
Subject key identifier:   10:D8:36:A7:2D:31:95:A4:71:7A:EB:E4:D6:91:30:02:AE:EC:CC:9C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A2AEDDF9F3FC0DB5CE6BAFA9104AEDD49
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ENg2py0xlaRxeuvk1pEwAq7szJw.roa
Signing time:             Tue 28 Oct 2025 13:07:03 +0000
ROA not before:           Tue 28 Oct 2025 13:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        31.57.14.0/24 maxlen: 24
                          31.57.99.0/24 maxlen: 24
                          31.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:ed:df:9f:3f:c0:db:5c:e6:ba:fa:91:04:ae:dd:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 28 13:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10d836a72d3195a4717aebe4d6913002aeeccc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7f:9d:d4:21:f4:2e:8d:27:d1:73:86:d3:a8:
                    17:21:35:60:e4:01:af:db:39:9f:e6:40:8f:2a:2f:
                    e5:2c:0b:12:af:e6:64:70:4b:03:56:f4:ca:1f:89:
                    c8:f5:8d:b0:c6:2e:f7:5e:1a:0e:1f:8b:89:d9:17:
                    a1:8e:8b:d3:f8:bb:3a:c6:10:99:62:66:25:3e:69:
                    c8:0e:74:7f:e4:a6:91:4b:74:44:1d:c8:71:8a:10:
                    9c:e5:b7:2b:f6:34:e7:47:22:b7:fc:95:08:2c:dd:
                    7f:9c:b7:fa:c8:96:8a:02:69:f8:68:d2:55:0d:31:
                    ad:9e:eb:1b:21:ba:1f:5d:8b:b8:ca:69:de:84:fc:
                    aa:50:4c:c3:7d:b6:a2:f5:ba:3f:b8:70:bb:a4:67:
                    4b:f2:74:32:51:ae:1e:37:1a:56:88:97:73:20:fd:
                    77:b0:b5:57:17:39:33:34:21:72:23:82:2e:39:9f:
                    9f:04:88:ec:74:aa:11:6a:d3:8b:af:dc:95:49:10:
                    cb:a8:c7:29:38:65:a8:48:8f:ba:8e:71:c6:f1:70:
                    d8:7c:37:38:52:30:f9:58:29:c1:5f:2b:75:0d:bd:
                    32:d9:00:e8:dc:c2:9f:68:a6:ad:91:4e:ed:68:af:
                    c3:99:38:a8:dd:84:76:51:73:f5:ff:22:bb:c5:d8:
                    44:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D8:36:A7:2D:31:95:A4:71:7A:EB:E4:D6:91:30:02:AE:EC:CC:9C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ENg2py0xlaRxeuvk1pEwAq7szJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.14.0/24
                  31.57.99.0/24
                  31.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6d:cc:5c:20:5a:02:8c:5a:31:f2:3b:16:a0:88:ba:40:73:
         2b:5a:5c:95:b3:e4:16:41:0c:47:4f:28:9a:47:5c:98:89:8e:
         5e:02:49:76:97:20:7e:cb:03:51:0c:e0:f1:2a:a4:fe:7e:ba:
         c9:ef:33:c1:41:99:0d:d6:1a:c9:0c:f9:d0:df:c9:c5:4e:93:
         2a:8e:a0:65:76:f5:c5:db:ea:12:cb:59:b9:49:8f:34:15:b4:
         09:ee:e9:4f:c1:cb:e6:1f:b1:51:ef:59:2b:12:d7:71:26:21:
         ad:3f:ba:38:4b:33:c7:b0:6e:47:df:77:0e:51:06:85:20:eb:
         9c:1f:1f:6c:12:05:93:e1:05:a5:e5:98:d5:f3:ef:00:87:22:
         53:51:8e:f4:b1:92:7f:4a:1d:aa:9c:8b:25:fe:25:54:47:a2:
         5e:55:b3:8e:e8:d7:be:ad:eb:bc:53:41:87:33:78:c6:40:8b:
         cb:2b:31:77:f6:c0:94:b6:3a:22:f5:32:c5:a0:82:21:1e:e3:
         65:ba:f0:64:95:7f:83:0a:33:05:88:ce:3b:43:26:31:26:3d:
         03:2c:70:d5:2d:71:85:d2:41:a9:0b:ab:d0:1b:1b:3e:6d:72:
         31:67:33:28:32:8c:b5:26:1d:5b:34:09:d7:1f:86:73:7e:04:
         11:6b:9a:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoq7d+fP8DbXOa6+pEErt1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDI4MTMwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ4MzZhNzJkMzE5NWE0NzE3YWViZTRkNjkxMzAwMmFlZWNjYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn+d1CH0Lo0n0XOG06gXITVg5AGv
2zmf5kCPKi/lLAsSr+ZkcEsDVvTKH4nI9Y2wxi73XhoOH4uJ2RehjovT+Ls6xhCZ
YmYlPmnIDnR/5KaRS3REHchxihCc5bcr9jTnRyK3/JUILN1/nLf6yJaKAmn4aNJV
DTGtnusbIbofXYu4ymnehPyqUEzDfbai9bo/uHC7pGdL8nQyUa4eNxpWiJdzIP13
sLVXFzkzNCFyI4IuOZ+fBIjsdKoRatOLr9yVSRDLqMcpOGWoSI+6jnHG8XDYfDc4
UjD5WCnBXyt1Db0y2QDo3MKfaKatkU7taK/DmTio3YR2UXP1/yK7xdhEjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBDYNqctMZWkcXrr5NaRMAKu7MycMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRU5nMnB5MHhsYVJ4ZXV2azFwRXdBcTdzekp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzkOAwQA
HzljAwQAHzpUMA0GCSqGSIb3DQEBCwUAA4IBAQBtbcxcIFoCjFox8jsWoIi6QHMr
WlyVs+QWQQxHTyiaR1yYiY5eAkl2lyB+ywNRDODxKqT+frrJ7zPBQZkN1hrJDPnQ
38nFTpMqjqBldvXF2+oSy1m5SY80FbQJ7ulPwcvmH7FR71krEtdxJiGtP7o4SzPH
sG5H33cOUQaFIOucHx9sEgWT4QWl5ZjV8+8AhyJTUY70sZJ/Sh2qnIsl/iVUR6Je
VbOO6Ne+reu8U0GHM3jGQIvLKzF39sCUtjoi9TLFoIIhHuNluvBklX+DCjMFiM47
QyYxJj0DLHDVLXGF0kGpC6vQGxs+bXIxZzMoMoy1Jh1bNAnXH4ZzfgQRa5oz
-----END CERTIFICATE-----