Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/J94Zf3Q9hrhOTBqh1ZtnDJ-IjUo.roa
File:                     J94Zf3Q9hrhOTBqh1ZtnDJ-IjUo.roa (raw, json)
Hash identifier:          0zeC1tr9M9Fsth+dQI1FvFauEPzdZB7/9r75QNve9Qo=
Subject key identifier:   27:DE:19:7F:74:3D:86:B8:4E:4C:1A:A1:D5:9B:67:0C:9F:88:8D:4A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019668EF898C1F1C2D8CE04B0DDBCFB73EB3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/J94Zf3Q9hrhOTBqh1ZtnDJ-IjUo.roa
Signing time:             Thu 24 Apr 2025 17:54:10 +0000
ROA not before:           Thu 24 Apr 2025 17:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4515
IP address blocks:        31.57.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:ef:89:8c:1f:1c:2d:8c:e0:4b:0d:db:cf:b7:3e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 24 17:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27de197f743d86b84e4c1aa1d59b670c9f888d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:73:cd:6d:84:7e:09:97:a5:1d:8a:99:c9:f1:
                    87:a1:07:3d:62:a2:01:f3:e6:12:03:5c:91:6c:95:
                    b7:ce:49:8d:81:3e:a5:b2:0c:55:12:5b:1a:5d:e0:
                    25:d5:ca:54:cf:d9:d1:01:78:d1:27:42:49:a2:cf:
                    29:22:1b:8f:08:88:77:c1:4f:eb:71:27:c5:b2:c3:
                    c0:bd:be:05:c6:59:5a:9f:48:81:07:52:8d:07:89:
                    8e:87:6b:2f:2e:d3:40:2e:f9:67:d2:84:1a:23:71:
                    23:03:3e:49:06:ff:d1:cf:91:6a:b0:3e:b5:eb:19:
                    d2:97:99:15:1d:24:db:fb:ef:67:fe:b4:64:54:73:
                    59:a3:39:58:58:ba:41:f9:12:e6:0d:b0:c2:da:cf:
                    20:c2:72:51:13:27:4f:13:6d:46:b2:ee:02:71:e6:
                    3c:59:c9:1d:f9:8a:c4:33:c2:a6:a8:8e:3c:de:c7:
                    c7:09:68:07:f2:4a:bc:40:8e:80:ba:4f:3a:19:b2:
                    5d:85:ff:bd:be:ea:87:9f:7d:48:c7:46:b5:e6:a6:
                    b0:71:98:31:8e:09:1a:d6:77:5c:83:f0:9a:c7:7b:
                    8a:be:cc:c0:50:fc:fc:8d:08:2e:b0:e4:57:ba:19:
                    07:7d:08:18:22:5a:c6:d3:61:55:4f:2a:be:5a:6d:
                    a8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DE:19:7F:74:3D:86:B8:4E:4C:1A:A1:D5:9B:67:0C:9F:88:8D:4A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/J94Zf3Q9hrhOTBqh1ZtnDJ-IjUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:7c:a8:c6:1d:cd:12:86:5e:05:44:a4:61:ac:b9:6a:c9:96:
         97:59:f2:95:ba:7d:72:fb:ae:08:65:2a:cf:7e:64:12:b0:f7:
         80:ea:3a:df:0b:6d:20:ee:38:22:32:ed:65:3b:89:e7:7f:0f:
         20:75:b6:ee:9c:6c:50:41:2f:92:ab:49:e2:7e:64:de:4b:32:
         ac:fd:86:35:48:56:36:a1:24:46:3d:12:56:06:f9:5f:75:cf:
         69:f2:e9:b5:0a:17:d9:81:e3:96:d0:13:b1:f7:cf:dd:3e:3c:
         b1:31:ae:ab:ab:2d:0d:b5:24:00:3f:ab:ef:08:11:84:c0:59:
         b2:ec:03:e6:54:a4:96:17:f1:5e:46:a5:01:e4:a3:e4:39:ae:
         42:6f:ff:4c:3d:3c:10:99:27:cc:8d:a7:fc:28:3e:dc:76:37:
         da:cc:21:95:c1:29:0a:96:44:ed:58:c9:15:19:b2:01:2c:ad:
         f6:36:e0:10:f4:2c:b0:4a:3d:e1:a4:16:59:ef:69:47:e9:0f:
         62:00:47:d1:b8:97:51:55:d7:d2:03:89:5b:90:03:78:0c:cf:
         45:08:38:85:ed:f6:04:1b:35:eb:e7:90:ef:24:9e:dd:4d:cf:
         98:09:21:ed:d7:37:12:a3:31:2e:e9:1f:b0:9e:98:9f:32:75:
         ef:62:7c:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZo74mMHxwtjOBLDdvPtz6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDI0MTc1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2RlMTk3Zjc0M2Q4NmI4NGU0YzFhYTFkNTliNjcwYzlmODg4ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6XPNbYR+CZelHYqZyfGHoQc9YqIB
8+YSA1yRbJW3zkmNgT6lsgxVElsaXeAl1cpUz9nRAXjRJ0JJos8pIhuPCIh3wU/r
cSfFssPAvb4Fxllan0iBB1KNB4mOh2svLtNALvln0oQaI3EjAz5JBv/Rz5FqsD61
6xnSl5kVHSTb++9n/rRkVHNZozlYWLpB+RLmDbDC2s8gwnJREydPE21Gsu4CceY8
Wckd+YrEM8KmqI483sfHCWgH8kq8QI6Auk86GbJdhf+9vuqHn31Ix0a15qawcZgx
jgka1ndcg/Cax3uKvszAUPz8jQgusORXuhkHfQgYIlrG02FVTyq+Wm2o7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfeGX90PYa4TkwaodWbZwyfiI1KMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSjk0WmYzUTlocmhPVEJxaDFadG5ESi1JalVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzneMA0G
CSqGSIb3DQEBCwUAA4IBAQCofKjGHc0Shl4FRKRhrLlqyZaXWfKVun1y+64IZSrP
fmQSsPeA6jrfC20g7jgiMu1lO4nnfw8gdbbunGxQQS+Sq0nifmTeSzKs/YY1SFY2
oSRGPRJWBvlfdc9p8um1ChfZgeOW0BOx98/dPjyxMa6rqy0NtSQAP6vvCBGEwFmy
7APmVKSWF/FeRqUB5KPkOa5Cb/9MPTwQmSfMjaf8KD7cdjfazCGVwSkKlkTtWMkV
GbIBLK32NuAQ9CywSj3hpBZZ72lH6Q9iAEfRuJdRVdfSA4lbkAN4DM9FCDiF7fYE
GzXr55DvJJ7dTc+YCSHt1zcSozEu6R+wnpifMnXvYnzL
-----END CERTIFICATE-----