Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bnZHBsCXy_T9ocJsv3nIB35-0I0.roa
File:                     bnZHBsCXy_T9ocJsv3nIB35-0I0.roa (raw, json)
Hash identifier:          A+x1JVKrsXYXx/sy8m2Mn1TCzHxmu2t8bgEaJRJ++nk=
Subject key identifier:   6E:76:47:06:C0:97:CB:F4:FD:A1:C2:6C:BF:79:C8:07:7E:7E:D0:8D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019735BA67E48D2E5BFF8599DF99D7842D85
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bnZHBsCXy_T9ocJsv3nIB35-0I0.roa
Signing time:             Tue 03 Jun 2025 12:18:18 +0000
ROA not before:           Tue 03 Jun 2025 12:18:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        31.58.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:ba:67:e4:8d:2e:5b:ff:85:99:df:99:d7:84:2d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  3 12:18:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e764706c097cbf4fda1c26cbf79c8077e7ed08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e8:38:24:bd:61:90:e9:af:a9:54:b3:f0:46:
                    91:cd:d2:7f:69:a8:8d:e0:26:b6:f5:18:bd:ae:e8:
                    3d:b7:8b:4b:50:e9:12:13:bb:9b:95:d8:f5:b2:6b:
                    1d:cf:6e:13:3c:2f:b4:a2:b7:8d:3a:17:8b:ea:14:
                    66:c0:d6:2e:09:23:30:90:2f:df:0e:53:77:5b:00:
                    41:27:40:f8:93:4c:59:24:93:a1:51:84:58:7a:70:
                    b6:6c:28:0e:e7:a2:b5:85:ac:37:60:d1:bc:1a:59:
                    a2:f4:7f:08:85:cf:1d:ad:7d:7f:25:68:c3:ea:91:
                    02:8b:17:b0:26:f0:5f:42:cd:73:77:ec:91:f5:96:
                    fc:b7:68:15:34:cd:6b:ce:2c:1b:e3:08:07:14:7a:
                    86:53:9d:22:b9:7f:00:be:ff:20:37:8f:50:fa:52:
                    19:6d:f8:33:d7:54:3d:8d:fa:22:c9:f0:91:7b:34:
                    5b:f0:01:fb:9b:c9:5f:3a:7e:a6:63:8a:64:80:02:
                    82:92:e3:73:e0:1a:d5:1b:ac:db:3c:b7:87:d7:06:
                    2a:1e:f5:1d:8d:d4:f5:22:2d:6b:06:0a:e5:f7:47:
                    b7:12:db:0d:ce:ac:be:1c:00:0b:24:ce:2f:41:0d:
                    6a:30:4c:50:88:eb:90:ac:3a:92:62:60:9b:dd:fa:
                    ce:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:76:47:06:C0:97:CB:F4:FD:A1:C2:6C:BF:79:C8:07:7E:7E:D0:8D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bnZHBsCXy_T9ocJsv3nIB35-0I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ae:74:73:a5:5f:8a:c9:1e:48:2d:eb:85:85:af:6d:51:36:
         a7:ca:1d:09:7f:d5:f2:0c:a7:ab:f5:e6:f8:69:48:4c:e2:ce:
         c9:05:36:d6:1c:81:8b:9a:b8:4f:d9:27:65:f6:95:5d:3d:1d:
         f7:d2:23:15:e5:5d:33:9d:63:82:2e:04:29:4b:32:f2:f1:c1:
         bb:8c:72:0b:d0:de:ac:94:9f:4a:e0:47:f9:e0:51:33:de:29:
         c3:78:7a:1e:d8:bc:fd:d2:67:4f:88:42:89:35:6d:61:ee:89:
         e5:78:48:69:1f:c2:9d:b7:87:ec:b3:17:8a:a1:88:46:1f:b1:
         7a:a9:92:68:6a:e3:f2:30:fb:a9:60:c3:73:18:31:63:41:57:
         85:b5:9e:37:d5:11:a4:7a:4a:2e:ae:e8:3c:38:66:fd:47:bb:
         a6:5c:3e:c0:4c:80:c3:f3:df:34:8d:3d:b1:98:1f:f3:b8:07:
         c7:ed:c7:97:b1:40:be:fc:34:39:0f:9f:78:f2:76:11:13:0a:
         0d:37:b6:05:fd:79:63:f3:31:b3:92:0e:d6:d8:26:81:17:a5:
         f0:ba:23:c4:fc:d8:fe:48:cf:5f:06:d3:2b:71:22:7b:1f:c3:
         0b:3c:73:f4:e0:ac:75:7a:ad:8c:6a:93:f4:6b:2a:d3:4c:0a:
         a7:bf:41:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1umfkjS5b/4WZ35nXhC2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjAzMTIxODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc2NDcwNmMwOTdjYmY0ZmRhMWMyNmNiZjc5YzgwNzdlN2VkMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeg4JL1hkOmvqVSz8EaRzdJ/aaiN
4Ca29Ri9rug9t4tLUOkSE7ubldj1smsdz24TPC+0oreNOheL6hRmwNYuCSMwkC/f
DlN3WwBBJ0D4k0xZJJOhUYRYenC2bCgO56K1haw3YNG8Glmi9H8Ihc8drX1/JWjD
6pECixewJvBfQs1zd+yR9Zb8t2gVNM1rziwb4wgHFHqGU50iuX8Avv8gN49Q+lIZ
bfgz11Q9jfoiyfCRezRb8AH7m8lfOn6mY4pkgAKCkuNz4BrVG6zbPLeH1wYqHvUd
jdT1Ii1rBgrl90e3EtsNzqy+HAALJM4vQQ1qMExQiOuQrDqSYmCb3frOawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG52RwbAl8v0/aHCbL95yAd+ftCNMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYm5aSEJzQ1h5X1Q5b2NKc3YzbklCMzUtMEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqZMA0G
CSqGSIb3DQEBCwUAA4IBAQBernRzpV+KyR5ILeuFha9tUTanyh0Jf9XyDKer9eb4
aUhM4s7JBTbWHIGLmrhP2Sdl9pVdPR330iMV5V0znWOCLgQpSzLy8cG7jHIL0N6s
lJ9K4Ef54FEz3inDeHoe2Lz90mdPiEKJNW1h7onleEhpH8Kdt4fssxeKoYhGH7F6
qZJoauPyMPupYMNzGDFjQVeFtZ431RGkekourug8OGb9R7umXD7ATIDD8980jT2x
mB/zuAfH7ceXsUC+/DQ5D5948nYREwoNN7YF/Xlj8zGzkg7W2CaBF6XwuiPE/Nj+
SM9fBtMrcSJ7H8MLPHP04Kx1eq2MapP0ayrTTAqnv0Gp
-----END CERTIFICATE-----