Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hct_Qa-aiYflyMrXfVRY_ZiimLE.roa
File:                     hct_Qa-aiYflyMrXfVRY_ZiimLE.roa (raw, json)
Hash identifier:          iiheQBpveYRU67OY0/gJPgfRvk52jsoV+l0S4PZffVA=
Subject key identifier:   85:CB:7F:41:AF:9A:89:87:E5:C8:CA:D7:7D:54:58:FD:98:A2:98:B1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01986441CAD3B052BFF42319A42C1319B937
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hct_Qa-aiYflyMrXfVRY_ZiimLE.roa
Signing time:             Fri 01 Aug 2025 06:11:30 +0000
ROA not before:           Fri 01 Aug 2025 06:11:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207155
IP address blocks:        31.59.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:41:ca:d3:b0:52:bf:f4:23:19:a4:2c:13:19:b9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  1 06:11:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85cb7f41af9a8987e5c8cad77d5458fd98a298b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:61:c1:a2:70:34:d9:49:1d:c6:80:7c:a5:7a:
                    59:35:0d:bf:e0:8d:ed:a4:46:f4:6a:43:ce:89:19:
                    3f:3d:44:2a:6c:72:db:4c:6c:36:18:83:c2:6f:23:
                    d2:00:e5:c1:cc:52:c0:cd:dd:30:f5:f0:28:6e:eb:
                    df:3e:10:b4:25:47:e1:b7:24:5e:61:40:61:cf:48:
                    0d:40:54:1c:3a:fb:51:64:ad:78:cb:82:09:8a:c9:
                    96:b5:ff:f6:f3:d7:7a:d7:a3:49:2b:77:93:e9:e9:
                    74:c1:85:52:6f:ab:c8:1b:c4:09:83:65:d2:be:ed:
                    ff:9a:cf:31:ff:8f:27:34:7d:b8:57:94:7c:d2:f2:
                    9b:b3:f1:1d:5c:2f:31:09:f0:c4:21:aa:4f:9f:46:
                    71:fb:57:0b:6c:b2:7d:10:22:36:12:74:79:d7:e9:
                    84:a9:87:1d:b4:5b:50:b7:6f:47:aa:6f:2e:39:df:
                    40:b4:c7:37:fe:04:4e:28:ee:88:df:68:e9:32:9e:
                    8a:3b:2a:b8:d2:eb:df:f6:d5:3c:32:4a:a8:55:46:
                    a6:df:fb:49:a8:2d:ab:6e:8f:20:c5:b6:1b:6e:a8:
                    fd:cf:d5:30:25:1f:b4:9f:a4:c1:84:fc:4d:c2:21:
                    e6:af:85:eb:e0:e0:26:c9:81:cf:f4:3f:78:bc:36:
                    21:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:CB:7F:41:AF:9A:89:87:E5:C8:CA:D7:7D:54:58:FD:98:A2:98:B1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hct_Qa-aiYflyMrXfVRY_ZiimLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:f8:63:f6:3b:de:d1:2a:b2:9c:35:5b:3f:7b:68:e8:b9:f9:
         ff:e1:95:66:10:df:8f:5c:01:14:da:ad:ed:77:ca:2e:3e:44:
         bb:22:41:eb:9f:84:82:67:b1:a5:fc:c7:d2:57:53:40:a6:eb:
         2f:b1:07:2f:78:d1:c1:51:82:81:35:7c:4c:85:10:12:80:0b:
         38:6d:44:5e:36:77:f5:a2:f3:3a:c4:d2:c3:ba:69:79:8b:a9:
         72:ca:f8:b4:57:9f:bf:80:7f:5c:a3:11:1a:6e:a1:bd:8f:0e:
         e0:f4:42:8f:d9:8f:40:74:95:be:33:00:96:3c:fb:7f:ae:5d:
         44:10:9e:ca:80:bf:c4:7a:33:92:39:3e:66:79:c1:c5:bc:e6:
         f5:95:46:25:9f:dc:4e:63:56:b8:18:07:36:60:a0:ca:08:2d:
         21:af:2c:7c:6b:a6:5d:f4:30:74:d0:a8:47:46:1a:d3:b1:cb:
         2e:36:97:30:66:b6:5a:37:0c:f4:ae:74:c1:54:7e:74:53:24:
         e2:60:63:7b:2f:b5:a5:3d:48:f8:a7:a3:81:49:38:e7:8b:24:
         74:64:56:a5:79:cd:f5:fa:bc:58:d1:21:5c:ca:9b:eb:85:c3:
         47:3e:58:49:ee:cf:c4:1c:bb:1a:b3:c4:b2:f2:c7:0b:80:fc:
         16:c5:22:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhkQcrTsFK/9CMZpCwTGbk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAxMDYxMTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWNiN2Y0MWFmOWE4OTg3ZTVjOGNhZDc3ZDU0NThmZDk4YTI5OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmHBonA02UkdxoB8pXpZNQ2/4I3t
pEb0akPOiRk/PUQqbHLbTGw2GIPCbyPSAOXBzFLAzd0w9fAobuvfPhC0JUfhtyRe
YUBhz0gNQFQcOvtRZK14y4IJismWtf/289d616NJK3eT6el0wYVSb6vIG8QJg2XS
vu3/ms8x/48nNH24V5R80vKbs/EdXC8xCfDEIapPn0Zx+1cLbLJ9ECI2EnR51+mE
qYcdtFtQt29Hqm8uOd9AtMc3/gROKO6I32jpMp6KOyq40uvf9tU8MkqoVUam3/tJ
qC2rbo8gxbYbbqj9z9UwJR+0n6TBhPxNwiHmr4Xr4OAmyYHP9D94vDYhOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXLf0GvmomH5cjK131UWP2YopixMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaGN0X1FhLWFpWWZseU1yWGZWUllfWmlpbUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzvWMA0G
CSqGSIb3DQEBCwUAA4IBAQC8+GP2O97RKrKcNVs/e2joufn/4ZVmEN+PXAEU2q3t
d8ouPkS7IkHrn4SCZ7Gl/MfSV1NApusvsQcveNHBUYKBNXxMhRASgAs4bUReNnf1
ovM6xNLDuml5i6lyyvi0V5+/gH9coxEabqG9jw7g9EKP2Y9AdJW+MwCWPPt/rl1E
EJ7KgL/EejOSOT5mecHFvOb1lUYln9xOY1a4GAc2YKDKCC0hryx8a6Zd9DB00KhH
RhrTscsuNpcwZrZaNwz0rnTBVH50UyTiYGN7L7WlPUj4p6OBSTjniyR0ZFalec31
+rxY0SFcypvrhcNHPlhJ7s/EHLsas8Sy8scLgPwWxSIy
-----END CERTIFICATE-----