Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0FMnK9N1aibdpZA_tOH7FT-7n_o.roa
File:                     0FMnK9N1aibdpZA_tOH7FT-7n_o.roa (raw, json)
Hash identifier:          VXbuGdhjya4EfZkSM3x9QcMFUE/HxuIB8pTZHH0z8SQ=
Subject key identifier:   D0:53:27:2B:D3:75:6A:26:DD:A5:90:3F:B4:E1:FB:15:3F:BB:9F:FA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01924BFFCEE77B56ABBA73D5E2E7FCF7987E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0FMnK9N1aibdpZA_tOH7FT-7n_o.roa
Signing time:             Wed 02 Oct 2024 06:51:48 +0000
ROA not before:           Wed 02 Oct 2024 06:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        31.57.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4b:ff:ce:e7:7b:56:ab:ba:73:d5:e2:e7:fc:f7:98:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  2 06:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d053272bd3756a26dda5903fb4e1fb153fbb9ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:26:c0:75:a6:98:9a:43:e8:5c:a0:2c:11:f9:
                    bd:ef:85:23:b8:c2:be:65:f3:ea:f2:09:6b:1a:dc:
                    37:f2:f6:bf:0d:7e:0a:1b:0b:92:5a:07:87:9a:12:
                    b8:34:45:08:b0:7d:98:b0:37:e3:b1:d9:77:ee:19:
                    88:f6:78:f6:5e:92:4e:dd:f9:3f:f1:55:df:11:29:
                    37:16:88:57:c4:50:96:d6:f5:64:6e:cd:7b:81:2a:
                    2c:2f:04:76:5a:1f:79:d3:c4:44:49:26:20:4f:30:
                    1d:6b:ef:2d:20:62:68:40:13:e4:cc:42:4b:a4:5b:
                    d2:06:29:ed:24:ba:f5:e2:b3:11:bd:5b:1d:57:b4:
                    7a:e1:fc:6c:45:c8:25:08:c7:7e:12:cf:94:9d:7e:
                    88:17:02:f4:e3:10:b0:18:df:3a:b3:e2:ce:c1:dd:
                    d7:a4:ec:ff:37:c0:c3:1d:6e:e0:e0:ed:6d:1e:ff:
                    80:73:22:a9:11:88:20:55:1f:3c:1a:72:cf:ee:28:
                    00:45:f5:f0:bd:56:76:61:04:4b:89:5d:be:22:9e:
                    0b:33:36:6e:2a:0f:90:af:a8:99:67:22:e7:a2:43:
                    5e:86:d5:a4:14:a1:79:50:b0:79:4f:6d:c5:a1:a1:
                    d0:79:7b:67:5a:02:d1:d3:85:5d:d2:bd:cc:08:8c:
                    5e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:53:27:2B:D3:75:6A:26:DD:A5:90:3F:B4:E1:FB:15:3F:BB:9F:FA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0FMnK9N1aibdpZA_tOH7FT-7n_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:c8:d5:9a:21:8b:4a:29:de:d9:49:27:1d:4c:fd:80:3b:4f:
         7e:d5:c9:fd:bb:bf:86:21:e7:80:52:7f:68:6b:8d:e3:17:21:
         32:93:fe:ac:a9:e3:f8:d7:93:a7:64:f5:3c:b4:c0:b5:29:96:
         6d:a2:14:3c:db:50:c6:50:e5:9c:5f:c5:42:b4:f1:f5:36:47:
         d0:27:3a:f4:5b:c5:3e:c1:b5:c5:43:2e:92:23:f2:6a:4a:e2:
         50:26:70:1b:b4:9e:db:41:07:4d:81:bb:23:98:36:1d:f7:a3:
         fc:fa:0a:e6:a3:73:0a:84:c2:ae:05:29:fb:8c:de:98:f9:79:
         32:6d:4f:27:b8:1c:86:4b:30:82:cd:e0:c5:1f:f0:81:e7:f1:
         36:29:b4:ef:e7:08:76:57:5a:ab:4f:10:2f:35:c8:d8:f2:72:
         22:0f:ec:65:97:62:6c:a9:1e:e4:bd:e9:eb:ea:d8:b9:bb:f9:
         4e:92:3b:c6:dc:e4:9d:28:75:00:cd:0d:6e:2b:94:dd:09:8d:
         9f:db:fb:98:45:12:37:19:4d:a7:24:20:7d:14:ba:6d:22:dc:
         ad:32:69:c4:45:ac:cf:5a:11:e8:43:55:bb:b3:e1:51:23:87:
         69:c3:81:26:c1:1e:7b:73:8e:43:84:f9:c4:80:35:40:26:ab:
         17:dd:23:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJL/87ne1arunPV4uf895h+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDAyMDY1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDUzMjcyYmQzNzU2YTI2ZGRhNTkwM2ZiNGUxZmIxNTNmYmI5ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCbAdaaYmkPoXKAsEfm974UjuMK+
ZfPq8glrGtw38va/DX4KGwuSWgeHmhK4NEUIsH2YsDfjsdl37hmI9nj2XpJO3fk/
8VXfESk3FohXxFCW1vVkbs17gSosLwR2Wh9508RESSYgTzAda+8tIGJoQBPkzEJL
pFvSBintJLr14rMRvVsdV7R64fxsRcglCMd+Es+UnX6IFwL04xCwGN86s+LOwd3X
pOz/N8DDHW7g4O1tHv+AcyKpEYggVR88GnLP7igARfXwvVZ2YQRLiV2+Ip4LMzZu
Kg+Qr6iZZyLnokNehtWkFKF5ULB5T23FoaHQeXtnWgLR04Vd0r3MCIxeHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBTJyvTdWom3aWQP7Th+xU/u5/6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMEZNbks5TjFhaWJkcFpBX3RPSDdGVC03bl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmmMA0G
CSqGSIb3DQEBCwUAA4IBAQAxyNWaIYtKKd7ZSScdTP2AO09+1cn9u7+GIeeAUn9o
a43jFyEyk/6sqeP415OnZPU8tMC1KZZtohQ821DGUOWcX8VCtPH1NkfQJzr0W8U+
wbXFQy6SI/JqSuJQJnAbtJ7bQQdNgbsjmDYd96P8+grmo3MKhMKuBSn7jN6Y+Xky
bU8nuByGSzCCzeDFH/CB5/E2KbTv5wh2V1qrTxAvNcjY8nIiD+xll2JsqR7kvenr
6ti5u/lOkjvG3OSdKHUAzQ1uK5TdCY2f2/uYRRI3GU2nJCB9FLptItytMmnERazP
WhHoQ1W7s+FRI4dpw4EmwR57c45DhPnEgDVAJqsX3SNo
-----END CERTIFICATE-----