Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gIFGObv_LIR2RYoSjul1FgTzRpQ.roa
File:                     gIFGObv_LIR2RYoSjul1FgTzRpQ.roa (raw, json)
Hash identifier:          Ldx5RKbuCN3uDmYJKYnT5Mag3vYqfxiKOGjoLL1ZuFU=
Subject key identifier:   80:81:46:39:BB:FF:2C:84:76:45:8A:12:8E:E9:75:16:04:F3:46:94
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198643FF805C7B9E4AB66DB32A6DBCF939B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gIFGObv_LIR2RYoSjul1FgTzRpQ.roa
Signing time:             Fri 01 Aug 2025 06:09:30 +0000
ROA not before:           Fri 01 Aug 2025 06:09:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        31.57.135.0/24 maxlen: 24
                          31.58.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:33:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:3f:f8:05:c7:b9:e4:ab:66:db:32:a6:db:cf:93:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  1 06:09:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80814639bbff2c8476458a128ee9751604f34694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a0:80:96:d4:70:c2:1a:b9:53:82:f9:10:7a:
                    b9:e1:00:46:08:e3:0b:66:44:21:fe:c2:38:15:b9:
                    be:c9:0a:15:e8:75:53:92:2f:22:69:25:91:fe:88:
                    18:6b:8e:c4:35:4c:59:75:50:f9:6a:b8:47:53:60:
                    6c:b1:d2:ca:7a:d0:ba:0e:ec:2a:10:53:8e:f8:48:
                    28:c2:ff:a4:0e:bb:56:1f:d2:57:47:1f:50:75:cf:
                    99:be:a1:33:d8:31:29:ad:fc:8b:bf:fe:eb:e9:de:
                    04:95:2f:d8:0e:ee:b2:3b:12:a9:12:ee:d7:b8:46:
                    76:71:5f:35:3d:b0:6d:50:72:80:17:a1:e3:43:78:
                    b3:c2:58:00:68:a7:8f:9c:b3:9a:04:d0:66:70:df:
                    b5:97:5c:d4:b5:b5:40:7d:b8:f4:17:4f:bf:ea:16:
                    ee:a7:fb:38:86:35:51:64:77:93:82:d9:85:21:90:
                    3a:2b:fa:f0:6c:69:75:f4:b6:bf:91:88:3f:6a:46:
                    08:db:57:67:0e:19:7f:b2:e9:6c:14:45:1d:5a:81:
                    2c:d3:87:65:4e:d4:9f:a4:b7:fb:26:9c:03:5e:d4:
                    e7:e6:97:f5:f7:28:46:fa:0b:a1:62:02:69:b8:68:
                    f3:76:21:15:e4:38:40:42:02:c5:64:97:7a:7b:e3:
                    24:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:81:46:39:BB:FF:2C:84:76:45:8A:12:8E:E9:75:16:04:F3:46:94
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gIFGObv_LIR2RYoSjul1FgTzRpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.135.0/24
                  31.58.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:54:df:d9:77:7d:50:0d:df:6c:4a:c8:97:f7:01:ce:ee:be:
         21:b6:8a:b8:7d:e6:b1:ab:3a:e4:ec:39:0c:88:a2:46:cd:9e:
         fe:d9:69:60:1f:78:c6:40:d0:45:42:29:1e:5b:fe:e0:88:92:
         b1:ec:fd:5d:30:3f:77:7c:df:e3:45:3a:da:83:c3:3b:18:7b:
         23:91:96:c3:2e:9f:52:c8:af:d5:79:ac:6e:05:ff:84:3f:bf:
         af:5e:16:69:86:18:d5:b0:f6:1e:70:78:72:28:4e:94:1a:dc:
         ee:6c:96:84:c1:8e:cc:b1:65:0d:0c:5f:74:aa:4e:96:bc:a0:
         de:90:7d:08:6a:8e:01:31:89:b4:a9:8d:57:2e:f1:f5:2b:d8:
         3c:90:11:a1:93:a1:7a:89:0c:fe:d2:03:ed:e5:5e:d2:8c:09:
         25:0d:b5:e0:4b:af:01:20:44:89:b6:46:18:51:e5:32:63:a5:
         df:30:22:21:20:77:c8:4c:17:e5:51:37:9b:71:63:67:cf:61:
         66:11:64:04:b3:58:20:6b:e4:8e:38:24:ed:a2:47:cf:30:1f:
         82:2f:89:5f:ae:01:29:02:6c:4c:f6:fc:99:c1:d8:02:a8:de:
         8b:5a:01:53:4f:b3:4e:70:2e:fc:13:fa:91:1d:a4:dd:f6:2d:
         5d:b6:ad:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhkP/gFx7nkq2bbMqbbz5ObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAxMDYwOTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDgxNDYzOWJiZmYyYzg0NzY0NThhMTI4ZWU5NzUxNjA0ZjM0Njk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqCAltRwwhq5U4L5EHq54QBGCOML
ZkQh/sI4Fbm+yQoV6HVTki8iaSWR/ogYa47ENUxZdVD5arhHU2BssdLKetC6Duwq
EFOO+Egowv+kDrtWH9JXRx9Qdc+ZvqEz2DEprfyLv/7r6d4ElS/YDu6yOxKpEu7X
uEZ2cV81PbBtUHKAF6HjQ3izwlgAaKePnLOaBNBmcN+1l1zUtbVAfbj0F0+/6hbu
p/s4hjVRZHeTgtmFIZA6K/rwbGl19La/kYg/akYI21dnDhl/sulsFEUdWoEs04dl
TtSfpLf7JpwDXtTn5pf19yhG+guhYgJpuGjzdiEV5DhAQgLFZJd6e+MkFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFICBRjm7/yyEdkWKEo7pdRYE80aUMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ0lGR09idl9MSVIyUllvU2p1bDFGZ1R6UnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmHAwQB
Hzo4MA0GCSqGSIb3DQEBCwUAA4IBAQAlVN/Zd31QDd9sSsiX9wHO7r4htoq4feax
qzrk7DkMiKJGzZ7+2WlgH3jGQNBFQikeW/7giJKx7P1dMD93fN/jRTrag8M7GHsj
kZbDLp9SyK/VeaxuBf+EP7+vXhZphhjVsPYecHhyKE6UGtzubJaEwY7MsWUNDF90
qk6WvKDekH0Iao4BMYm0qY1XLvH1K9g8kBGhk6F6iQz+0gPt5V7SjAklDbXgS68B
IESJtkYYUeUyY6XfMCIhIHfITBflUTebcWNnz2FmEWQEs1gga+SOOCTtokfPMB+C
L4lfrgEpAmxM9vyZwdgCqN6LWgFTT7NOcC78E/qRHaTd9i1dtq0e
-----END CERTIFICATE-----