Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ta57yMm0DK78QogPO4YI0K_rXDg.roa
File:                     ta57yMm0DK78QogPO4YI0K_rXDg.roa (raw, json)
Hash identifier:          NM2V0jwWFv3dnYJ3dUjdD2XrXHYR+Cr/eRvELMi5LKQ=
Subject key identifier:   B5:AE:7B:C8:C9:B4:0C:AE:FC:42:88:0F:3B:86:08:D0:AF:EB:5C:38
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A4AE4DC3EAFBE6B6FEC1467AF5DE773B4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ta57yMm0DK78QogPO4YI0K_rXDg.roa
Signing time:             Mon 03 Nov 2025 18:05:03 +0000
ROA not before:           Mon 03 Nov 2025 18:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142561
IP address blocks:        31.59.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:e4:dc:3e:af:be:6b:6f:ec:14:67:af:5d:e7:73:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  3 18:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5ae7bc8c9b40caefc42880f3b8608d0afeb5c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:21:ec:20:f0:24:85:ab:f4:55:c1:08:27:ce:
                    87:10:eb:71:2d:9e:87:e8:34:c1:fd:09:31:64:02:
                    a7:b9:60:d8:bc:6f:d7:16:c1:c5:f9:bf:23:b3:db:
                    7a:61:fa:fc:1a:67:3c:6d:65:a4:91:33:d6:52:2d:
                    8a:de:8c:1f:cb:d3:8a:3a:d0:44:c7:0b:40:a0:13:
                    fa:b9:bc:7e:85:8a:68:a6:da:cc:8f:d3:81:9c:b2:
                    35:b9:2d:fc:63:bb:cd:11:f0:a4:e9:26:4e:61:0e:
                    e5:c5:6b:5d:6d:95:58:a3:fb:dc:be:f8:b3:ca:d3:
                    9e:23:2d:4a:a1:9d:cf:84:36:34:58:bf:9b:6e:22:
                    00:29:a6:53:a4:8d:53:0e:f2:99:b2:59:f0:65:92:
                    f3:a9:ad:7a:5a:fe:47:66:64:e3:47:61:38:6c:a1:
                    8a:fc:da:4f:b5:ae:20:1b:c9:9e:58:d4:6e:06:dc:
                    f0:57:a2:be:cf:bd:0a:e3:a0:fe:89:27:14:7c:0c:
                    d3:81:83:26:49:96:82:d5:e6:0a:53:50:2a:77:78:
                    14:2b:47:2a:db:c2:3b:fb:64:83:4a:84:6c:7d:39:
                    53:d8:61:4a:65:57:bc:f0:d5:ec:14:37:99:1c:e8:
                    bd:15:63:56:6c:fa:79:3f:44:bf:3f:f7:ff:4b:9c:
                    34:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AE:7B:C8:C9:B4:0C:AE:FC:42:88:0F:3B:86:08:D0:AF:EB:5C:38
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ta57yMm0DK78QogPO4YI0K_rXDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:fc:8c:a9:90:86:fa:27:fa:d3:83:3e:a5:f7:5c:c1:17:6f:
         66:29:7d:52:d1:d7:8e:44:57:80:28:c4:85:2f:2d:56:ab:5c:
         c0:f7:22:9b:bb:f7:6c:f3:46:a0:5c:9a:57:f3:47:4a:4d:79:
         33:18:c6:32:dc:13:3f:33:d5:8b:2b:29:c0:ab:22:37:f7:3c:
         d5:47:46:6d:1f:d2:af:48:12:13:57:e3:b2:58:4b:f7:29:e3:
         d2:75:d1:d3:db:7c:00:60:94:ca:e1:ea:2b:91:a6:52:f3:c8:
         db:fb:a8:f6:fc:cf:44:fd:2c:fc:88:15:e7:64:ab:dc:ba:f8:
         52:ce:e8:87:ef:fd:8c:71:44:f8:61:c2:0c:04:52:df:e1:d0:
         e6:8e:cd:23:ba:f8:c9:a5:b8:ce:75:b9:b8:c7:00:44:4b:65:
         d6:a1:98:7a:1c:6c:46:a4:9e:5d:ce:5a:e1:73:ba:1b:2a:45:
         fc:74:30:80:a1:38:a7:51:03:01:2d:ae:29:d1:78:94:35:c1:
         3d:ae:0b:6e:8a:54:ad:69:04:26:3b:87:06:69:b4:a3:f6:0c:
         27:c3:11:17:4a:83:e3:c9:1b:e4:23:ab:ce:21:99:fe:f0:38:
         b7:b0:9d:68:1e:2f:d4:90:29:3a:a2:27:2b:df:bd:8b:f2:dd:
         97:ab:cf:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpK5Nw+r75rb+wUZ69d53O0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTAzMTgwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWFlN2JjOGM5YjQwY2FlZmM0Mjg4MGYzYjg2MDhkMGFmZWI1YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCHsIPAkhav0VcEIJ86HEOtxLZ6H
6DTB/QkxZAKnuWDYvG/XFsHF+b8js9t6Yfr8Gmc8bWWkkTPWUi2K3owfy9OKOtBE
xwtAoBP6ubx+hYpoptrMj9OBnLI1uS38Y7vNEfCk6SZOYQ7lxWtdbZVYo/vcvviz
ytOeIy1KoZ3PhDY0WL+bbiIAKaZTpI1TDvKZslnwZZLzqa16Wv5HZmTjR2E4bKGK
/NpPta4gG8meWNRuBtzwV6K+z70K46D+iScUfAzTgYMmSZaC1eYKU1Aqd3gUK0cq
28I7+2SDSoRsfTlT2GFKZVe88NXsFDeZHOi9FWNWbPp5P0S/P/f/S5w0rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWue8jJtAyu/EKIDzuGCNCv61w4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdGE1N3lNbTBESzc4UW9nUE80WUkwS19yWERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzt1MA0G
CSqGSIb3DQEBCwUAA4IBAQAW/IypkIb6J/rTgz6l91zBF29mKX1S0deORFeAKMSF
Ly1Wq1zA9yKbu/ds80agXJpX80dKTXkzGMYy3BM/M9WLKynAqyI39zzVR0ZtH9Kv
SBITV+OyWEv3KePSddHT23wAYJTK4eorkaZS88jb+6j2/M9E/Sz8iBXnZKvcuvhS
zuiH7/2McUT4YcIMBFLf4dDmjs0juvjJpbjOdbm4xwBES2XWoZh6HGxGpJ5dzlrh
c7obKkX8dDCAoTinUQMBLa4p0XiUNcE9rgtuilStaQQmO4cGabSj9gwnwxEXSoPj
yRvkI6vOIZn+8Di3sJ1oHi/UkCk6oicr372L8t2Xq8/3
-----END CERTIFICATE-----