Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OZLRUtNtXlM0CI5Efthp1Cuslx0.roa
File:                     OZLRUtNtXlM0CI5Efthp1Cuslx0.roa (raw, json)
Hash identifier:          0E/WKqW2RPDG1PnqAeucBjT5TWZ95lSGvhny2YiwnnQ=
Subject key identifier:   39:92:D1:52:D3:6D:5E:53:34:08:8E:44:7E:D8:69:D4:2B:AC:97:1D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01970C53E92204E59693C988299F51D20523
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OZLRUtNtXlM0CI5Efthp1Cuslx0.roa
Signing time:             Mon 26 May 2025 11:21:55 +0000
ROA not before:           Mon 26 May 2025 11:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201814
IP address blocks:        31.59.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:53:e9:22:04:e5:96:93:c9:88:29:9f:51:d2:05:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 26 11:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3992d152d36d5e5334088e447ed869d42bac971d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1d:a5:f5:d3:d0:9b:34:ec:e2:94:07:35:f8:
                    2c:3a:4a:32:f0:04:f7:87:32:4f:7b:b3:7a:bc:2d:
                    ec:7b:91:76:d8:9f:f6:36:63:55:1c:74:81:db:3b:
                    31:ef:27:1b:2c:e1:3b:00:44:25:1a:ec:3e:3b:8b:
                    30:b0:9b:20:2a:b6:63:a4:3f:83:89:1c:bb:67:4d:
                    cd:00:41:87:8e:11:b3:1f:59:8b:dc:21:bd:53:ca:
                    1c:92:4b:d8:63:28:ab:62:7c:d4:d5:e4:c2:4c:39:
                    1b:2e:ef:9c:38:26:14:07:44:36:ba:04:6f:28:62:
                    29:32:ce:1d:f5:a0:8f:b7:8d:dc:7a:2d:5b:e7:33:
                    21:99:e3:f5:0e:29:54:21:a2:b1:ab:8a:41:16:8b:
                    52:5a:cf:66:73:d0:30:69:65:ac:d4:9a:85:58:67:
                    66:57:60:eb:1a:b9:29:36:59:75:dd:54:78:e4:83:
                    ef:7b:7c:be:22:0f:2a:2f:8d:fa:43:4f:84:34:55:
                    69:6d:82:1c:08:f1:c6:9e:f7:b1:f1:57:2c:a7:55:
                    c0:fa:84:6a:fe:75:83:34:db:e2:7f:a8:36:7c:17:
                    f4:b1:4c:a4:3a:0a:07:9a:83:ef:e4:74:ac:14:66:
                    ed:71:e6:7c:32:e5:35:e1:59:28:e4:6b:ee:ff:94:
                    70:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:92:D1:52:D3:6D:5E:53:34:08:8E:44:7E:D8:69:D4:2B:AC:97:1D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OZLRUtNtXlM0CI5Efthp1Cuslx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:57:67:1b:d1:42:72:22:71:af:1f:a0:5b:0b:4c:33:8f:ec:
         0b:05:17:e1:ac:38:c8:cf:df:91:72:5f:b1:76:d0:b7:53:02:
         73:c6:63:eb:16:60:5d:d9:45:cd:65:9b:41:54:00:9e:50:e8:
         22:56:6f:f2:5f:65:de:3d:b5:b2:fa:74:0a:56:28:c1:51:19:
         7d:74:d4:fb:4c:68:03:7e:20:2a:d4:37:b3:a2:24:77:67:de:
         70:e4:6d:e4:6c:3b:24:0b:ec:ce:4b:cd:5c:a1:88:9e:98:20:
         3b:ed:3a:6d:a1:c4:b2:37:07:87:c1:29:a0:1c:cb:94:de:4c:
         80:a8:c4:9b:ce:93:25:5e:50:70:e8:84:5e:9e:bc:5d:2c:09:
         ae:44:23:2a:47:6b:2c:fe:c6:4c:e3:b3:2c:95:67:f9:54:32:
         8b:d5:b2:20:c7:a0:fa:80:b4:7b:16:47:7c:10:19:ba:fa:85:
         55:0b:b7:ae:c9:26:18:5c:8a:f3:f0:f2:85:4b:ef:ae:50:81:
         47:4d:e4:a8:c7:4e:cc:3f:d9:fa:5d:a8:d8:99:9d:b9:15:9b:
         35:12:42:34:01:a4:d4:87:dd:1d:fe:4b:72:2a:ea:dd:a5:b6:
         0d:95:66:65:29:92:8e:b8:7f:ab:88:27:4c:1b:6b:51:39:ce:
         ce:cd:a2:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMU+kiBOWWk8mIKZ9R0gUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTI2MTEyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTkyZDE1MmQzNmQ1ZTUzMzQwODhlNDQ3ZWQ4NjlkNDJiYWM5NzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth2l9dPQmzTs4pQHNfgsOkoy8AT3
hzJPe7N6vC3se5F22J/2NmNVHHSB2zsx7ycbLOE7AEQlGuw+O4swsJsgKrZjpD+D
iRy7Z03NAEGHjhGzH1mL3CG9U8ockkvYYyirYnzU1eTCTDkbLu+cOCYUB0Q2ugRv
KGIpMs4d9aCPt43cei1b5zMhmeP1DilUIaKxq4pBFotSWs9mc9AwaWWs1JqFWGdm
V2DrGrkpNll13VR45IPve3y+Ig8qL436Q0+ENFVpbYIcCPHGnvex8Vcsp1XA+oRq
/nWDNNvif6g2fBf0sUykOgoHmoPv5HSsFGbtceZ8MuU14Vko5Gvu/5RwHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmS0VLTbV5TNAiORH7YadQrrJcdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvT1pMUlV0TnRYbE0wQ0k1RWZ0aHAxQ3VzbHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzuJMA0G
CSqGSIb3DQEBCwUAA4IBAQCiV2cb0UJyInGvH6BbC0wzj+wLBRfhrDjIz9+Rcl+x
dtC3UwJzxmPrFmBd2UXNZZtBVACeUOgiVm/yX2XePbWy+nQKVijBURl9dNT7TGgD
fiAq1DezoiR3Z95w5G3kbDskC+zOS81coYiemCA77TptocSyNweHwSmgHMuU3kyA
qMSbzpMlXlBw6IRenrxdLAmuRCMqR2ss/sZM47MslWf5VDKL1bIgx6D6gLR7Fkd8
EBm6+oVVC7euySYYXIrz8PKFS++uUIFHTeSox07MP9n6XajYmZ25FZs1EkI0AaTU
h90d/ktyKurdpbYNlWZlKZKOuH+riCdMG2tROc7OzaJI
-----END CERTIFICATE-----