Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0-2JgdEpMkfpsDbgMnEE4KfY3gY.roa
File:                     0-2JgdEpMkfpsDbgMnEE4KfY3gY.roa (raw, json)
Hash identifier:          DZkjcnfn1GXTO7RkHo5Mcuz2ZVypMjJgcu8dTDhOuxI=
Subject key identifier:   D3:ED:89:81:D1:29:32:47:E9:B0:36:E0:32:71:04:E0:A7:D8:DE:06
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019536B67AA4BE082CF9DFAAECD97365D917
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0-2JgdEpMkfpsDbgMnEE4KfY3gY.roa
Signing time:             Mon 24 Feb 2025 06:48:03 +0000
ROA not before:           Mon 24 Feb 2025 06:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57014
IP address blocks:        31.57.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:36:b6:7a:a4:be:08:2c:f9:df:aa:ec:d9:73:65:d9:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 24 06:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3ed8981d1293247e9b036e0327104e0a7d8de06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:42:83:7d:13:ce:31:13:c7:bd:f3:a7:76:46:
                    ed:07:93:52:5c:d3:13:3e:48:94:72:33:0e:7b:92:
                    1f:be:2c:31:31:a9:3d:77:fe:da:19:c9:d6:5a:39:
                    ef:12:40:d8:fc:b8:60:6c:fc:2e:4f:77:ca:34:2f:
                    19:65:09:81:6d:06:47:de:c6:00:4b:c0:77:59:20:
                    d9:30:85:b0:b7:f4:6a:b6:45:aa:be:af:93:a3:0a:
                    38:13:a8:ff:d0:2b:f7:fb:74:2b:6e:4f:29:ef:41:
                    1e:c2:97:db:6a:bf:c9:34:87:a3:fa:00:14:5a:03:
                    20:4a:c7:b4:e8:2b:20:a5:d5:15:f9:26:f4:ec:8c:
                    08:13:5a:9f:e0:70:75:cc:b6:4d:c1:f2:2e:4a:b2:
                    e9:7a:8e:98:28:5b:5e:2a:55:03:d0:9e:db:01:ff:
                    41:66:29:e6:f2:79:a4:f3:50:b6:6a:53:c1:89:9b:
                    2b:c6:ad:f8:71:59:cf:bb:d2:b4:27:97:a6:d8:c3:
                    0e:2b:4d:db:24:0b:83:14:a9:a3:5e:73:f3:b5:e6:
                    ac:5e:32:3e:ac:10:f8:c7:14:08:3f:ba:39:a9:6e:
                    76:14:8b:8c:37:74:ee:40:1d:e1:54:08:da:76:67:
                    8a:05:4c:b6:1c:2c:e9:34:5c:01:01:ba:cf:91:a0:
                    32:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:ED:89:81:D1:29:32:47:E9:B0:36:E0:32:71:04:E0:A7:D8:DE:06
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0-2JgdEpMkfpsDbgMnEE4KfY3gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a9:f4:64:ea:62:8a:11:bc:ed:58:c1:15:b8:36:4e:0d:96:
         36:97:e3:75:af:22:84:61:05:1e:39:32:7e:23:b4:ec:e4:45:
         c5:85:59:3c:5a:0b:c6:fe:f6:f4:d2:e7:6c:07:2e:d6:28:3e:
         3f:5e:81:f7:5f:45:b1:cf:8c:2f:bb:63:06:b3:da:b0:85:42:
         1f:6b:73:27:bc:3f:b8:43:28:82:6d:49:63:b6:52:4c:67:4d:
         0e:99:62:5c:55:bb:3e:99:34:c7:7c:23:58:9c:e4:03:60:19:
         66:3e:a8:f7:58:7d:e3:78:de:dc:4a:f6:5d:27:9b:ec:f3:f7:
         02:61:89:30:ce:95:37:80:2f:48:d5:4a:1a:dc:95:5e:40:10:
         35:3b:a2:d6:4d:96:49:d0:f5:70:08:97:34:83:97:13:45:73:
         d1:5a:95:3c:d0:21:49:67:89:18:39:0a:7f:28:b9:3c:df:6f:
         56:74:c8:14:82:20:ff:d7:41:e1:1b:83:64:b0:eb:7e:56:a1:
         b0:1c:f3:d0:22:dd:96:a7:5f:3e:7f:a8:d8:fb:c6:0d:c0:50:
         45:02:cd:e9:00:13:69:2a:7d:09:28:1f:83:49:41:96:47:ce:
         2b:9a:a2:a5:95:78:5d:3a:47:b2:ff:50:e8:d3:53:1f:dd:3a:
         7f:4c:fc:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU2tnqkvggs+d+q7NlzZdkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMjI0MDY0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2VkODk4MWQxMjkzMjQ3ZTliMDM2ZTAzMjcxMDRlMGE3ZDhkZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUKDfRPOMRPHvfOndkbtB5NSXNMT
PkiUcjMOe5IfviwxMak9d/7aGcnWWjnvEkDY/LhgbPwuT3fKNC8ZZQmBbQZH3sYA
S8B3WSDZMIWwt/RqtkWqvq+Towo4E6j/0Cv3+3Qrbk8p70Eewpfbar/JNIej+gAU
WgMgSse06CsgpdUV+Sb07IwIE1qf4HB1zLZNwfIuSrLpeo6YKFteKlUD0J7bAf9B
Zinm8nmk81C2alPBiZsrxq34cVnPu9K0J5em2MMOK03bJAuDFKmjXnPzteasXjI+
rBD4xxQIP7o5qW52FIuMN3TuQB3hVAjadmeKBUy2HCzpNFwBAbrPkaAyGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPtiYHRKTJH6bA24DJxBOCn2N4GMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMC0ySmdkRXBNa2Zwc0RiZ01uRUU0S2ZZM2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlAMA0G
CSqGSIb3DQEBCwUAA4IBAQAPqfRk6mKKEbztWMEVuDZODZY2l+N1ryKEYQUeOTJ+
I7Ts5EXFhVk8WgvG/vb00udsBy7WKD4/XoH3X0Wxz4wvu2MGs9qwhUIfa3MnvD+4
QyiCbUljtlJMZ00OmWJcVbs+mTTHfCNYnOQDYBlmPqj3WH3jeN7cSvZdJ5vs8/cC
YYkwzpU3gC9I1Uoa3JVeQBA1O6LWTZZJ0PVwCJc0g5cTRXPRWpU80CFJZ4kYOQp/
KLk8329WdMgUgiD/10HhG4NksOt+VqGwHPPQIt2Wp18+f6jY+8YNwFBFAs3pABNp
Kn0JKB+DSUGWR84rmqKllXhdOkey/1Do01Mf3Tp/TPxT
-----END CERTIFICATE-----