Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kcj18JbJ2hIyznLQUAxUMIYRkgI.roa
File:                     kcj18JbJ2hIyznLQUAxUMIYRkgI.roa (raw, json)
Hash identifier:          EOfurH0USmk81FvMQqOrCun51qdAsGc9AHPDkF32B5c=
Subject key identifier:   91:C8:F5:F0:96:C9:DA:12:32:CE:72:D0:50:0C:54:30:86:11:92:02
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01975B64BDA5453127463695591E225ACCF9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kcj18JbJ2hIyznLQUAxUMIYRkgI.roa
Signing time:             Tue 10 Jun 2025 19:50:18 +0000
ROA not before:           Tue 10 Jun 2025 19:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213613
IP address blocks:        31.57.12.0/24 maxlen: 24
                          31.57.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:64:bd:a5:45:31:27:46:36:95:59:1e:22:5a:cc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 10 19:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c8f5f096c9da1232ce72d0500c543086119202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3c:d0:d0:2f:27:d4:60:86:38:ae:88:2c:88:
                    9f:be:8f:dd:f9:fe:ee:53:ab:06:f1:8c:70:e6:ec:
                    1c:89:5f:56:07:36:f3:0b:c3:b7:58:8c:9f:66:fb:
                    bb:89:f6:ec:e8:17:dc:c0:a2:36:ca:02:ea:ed:66:
                    8e:81:e4:e4:5b:db:64:d4:ec:14:15:a3:1b:df:84:
                    69:ea:72:5e:17:de:15:56:f4:80:8a:43:78:56:ad:
                    91:ba:d9:56:c8:19:e2:d3:f5:4c:ca:bf:b8:ba:be:
                    c1:aa:49:a1:ad:13:56:bf:71:7e:26:d1:cf:54:4c:
                    7b:44:54:e3:eb:f8:44:34:fd:1a:7a:31:12:10:f8:
                    4c:d9:3a:6a:d8:73:1c:92:0c:7c:5d:8c:90:f1:84:
                    43:8d:d3:52:b2:bf:41:9d:33:8a:e6:cb:af:e7:77:
                    b2:cf:af:ae:45:79:cc:43:76:ab:10:1c:fd:55:92:
                    c5:cf:18:3b:d1:8a:ce:4b:a1:44:b7:fb:38:bd:ef:
                    fe:3b:59:dd:61:9f:a3:06:d8:c5:2c:c5:b7:84:ca:
                    80:d5:fb:01:b2:63:62:3f:f9:bb:cf:65:91:48:70:
                    00:f8:9f:b2:12:81:9f:7c:b5:f3:9d:07:69:7f:55:
                    19:7d:8d:fd:50:27:bb:82:eb:ad:4a:25:c8:70:08:
                    dd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:F5:F0:96:C9:DA:12:32:CE:72:D0:50:0C:54:30:86:11:92:02
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kcj18JbJ2hIyznLQUAxUMIYRkgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:f4:af:d5:6f:47:59:70:89:d3:ae:2b:41:0c:ba:b3:f4:61:
         8c:db:b7:d9:f2:76:bd:9f:94:1c:e4:9f:dc:cc:f6:0c:ce:95:
         ca:d1:da:9c:34:d9:3b:71:8f:24:ec:aa:17:cd:eb:0d:80:43:
         e8:58:65:60:70:b8:e9:5e:82:d5:e0:4e:a6:f1:5f:6d:22:02:
         dc:e2:4d:45:4b:20:8d:75:3c:a6:e6:65:37:3d:45:df:5c:37:
         99:bf:8b:3b:dd:6b:88:42:b4:c1:d2:83:1e:7e:0c:c8:d4:3d:
         53:b4:4d:e1:30:26:59:18:01:e7:9a:07:dc:05:ec:a8:92:6b:
         95:92:e8:5b:d0:86:dd:90:69:5d:03:93:9c:d9:95:fc:f2:46:
         ea:e2:e9:0d:0d:c6:9b:3c:16:fa:22:59:e3:df:9e:68:4a:f2:
         e8:38:13:ca:8b:a4:c2:a8:61:e3:91:97:4a:4f:02:0a:55:fb:
         3a:62:1a:a5:24:99:1b:15:fb:2f:45:5f:3a:be:af:8d:8f:a4:
         3f:77:ee:40:f5:be:82:07:0c:d1:47:17:21:b5:09:76:ac:99:
         02:77:bf:6f:29:27:8f:c1:f3:5b:b4:24:80:7f:fd:4b:18:e7:
         9a:31:0b:d2:a8:7c:3e:6c:25:a4:6e:9a:2d:f8:bf:6f:bb:51:
         50:30:4f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdbZL2lRTEnRjaVWR4iWsz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjEwMTk1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4ZjVmMDk2YzlkYTEyMzJjZTcyZDA1MDBjNTQzMDg2MTE5MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzzQ0C8n1GCGOK6ILIifvo/d+f7u
U6sG8Yxw5uwciV9WBzbzC8O3WIyfZvu7ifbs6BfcwKI2ygLq7WaOgeTkW9tk1OwU
FaMb34Rp6nJeF94VVvSAikN4Vq2RutlWyBni0/VMyr+4ur7BqkmhrRNWv3F+JtHP
VEx7RFTj6/hENP0aejESEPhM2Tpq2HMckgx8XYyQ8YRDjdNSsr9BnTOK5suv53ey
z6+uRXnMQ3arEBz9VZLFzxg70YrOS6FEt/s4ve/+O1ndYZ+jBtjFLMW3hMqA1fsB
smNiP/m7z2WRSHAA+J+yEoGffLXznQdpf1UZfY39UCe7guutSiXIcAjdMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHI9fCWydoSMs5y0FAMVDCGEZICMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva2NqMThKYkoyaEl5em5MUVVBeFVNSVlSa2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzkMMA0G
CSqGSIb3DQEBCwUAA4IBAQBr9K/Vb0dZcInTritBDLqz9GGM27fZ8na9n5Qc5J/c
zPYMzpXK0dqcNNk7cY8k7KoXzesNgEPoWGVgcLjpXoLV4E6m8V9tIgLc4k1FSyCN
dTym5mU3PUXfXDeZv4s73WuIQrTB0oMefgzI1D1TtE3hMCZZGAHnmgfcBeyokmuV
kuhb0IbdkGldA5Oc2ZX88kbq4ukNDcabPBb6Ilnj355oSvLoOBPKi6TCqGHjkZdK
TwIKVfs6YhqlJJkbFfsvRV86vq+Nj6Q/d+5A9b6CBwzRRxchtQl2rJkCd79vKSeP
wfNbtCSAf/1LGOeaMQvSqHw+bCWkbpot+L9vu1FQME9R
-----END CERTIFICATE-----