Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0mHxb4vF29m_RgjQ7023Ev6dUJo.roa
File:                     0mHxb4vF29m_RgjQ7023Ev6dUJo.roa (raw, json)
Hash identifier:          dyCKQzEjNTkfZLikRBf+0IqdpMErgI+P4VqmmJYQshs=
Subject key identifier:   D2:61:F1:6F:8B:C5:DB:D9:BF:46:08:D0:EF:4D:B7:12:FE:9D:50:9A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019305A8B246C731F6ECC92340DE1132289D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0mHxb4vF29m_RgjQ7023Ev6dUJo.roa
Signing time:             Thu 07 Nov 2024 08:06:01 +0000
ROA not before:           Thu 07 Nov 2024 08:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        31.57.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:23:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:a8:b2:46:c7:31:f6:ec:c9:23:40:de:11:32:28:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  7 08:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d261f16f8bc5dbd9bf4608d0ef4db712fe9d509a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ae:34:14:88:59:f2:38:82:e2:b8:fd:8d:9c:
                    a1:61:f1:5d:50:60:68:10:42:83:f3:79:c0:f2:23:
                    19:4a:2c:50:c9:2e:01:f6:f1:97:fe:4f:65:15:66:
                    76:89:c4:02:a6:7e:aa:75:10:22:c8:42:4a:f7:4e:
                    95:79:76:8e:85:80:76:a9:26:d9:f3:19:2b:d0:4a:
                    ed:d9:b0:5c:07:36:87:dc:59:f1:a4:b4:0b:4c:bd:
                    28:c0:49:82:a6:1e:c6:4d:fe:54:e5:56:cb:73:e9:
                    30:59:0f:fa:70:29:9a:a4:02:18:f0:d5:8e:49:dc:
                    8f:df:d7:51:ef:90:bb:5b:d4:04:6c:73:76:67:14:
                    fc:c1:c5:ef:d3:4f:65:b9:1b:10:55:94:7b:2e:90:
                    f8:56:01:a7:cd:a9:39:81:ab:75:79:05:f7:80:4f:
                    ea:02:97:3a:f5:ae:4a:3e:c6:07:5d:5d:f9:4c:f4:
                    83:17:a9:91:e5:2e:f6:e1:74:4b:85:b5:e9:31:03:
                    7b:ed:2f:91:d0:22:d7:cb:35:33:1f:f0:8b:1f:e0:
                    17:07:d6:93:26:ab:64:87:1a:fa:df:8f:61:a0:cd:
                    f3:58:d1:b1:f7:5d:80:d7:68:78:13:25:9d:55:f7:
                    5b:cb:de:68:c7:41:73:e6:1c:78:c1:82:39:1b:d9:
                    ee:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:61:F1:6F:8B:C5:DB:D9:BF:46:08:D0:EF:4D:B7:12:FE:9D:50:9A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/0mHxb4vF29m_RgjQ7023Ev6dUJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:d0:96:0f:e5:c2:a8:c2:2f:7a:96:47:e4:83:73:07:bb:e3:
         3d:39:dd:af:ef:cd:e3:9f:b1:5c:37:00:c8:f5:9b:7b:60:ff:
         fa:ca:66:0a:e4:e8:3f:c9:3d:0e:a2:a9:fa:37:7c:86:c3:b5:
         1e:5b:65:fc:a7:bc:94:a6:78:57:f6:bb:88:d1:ff:80:fa:93:
         c0:ee:c4:2b:0e:dc:aa:a7:fa:6e:d6:5e:3d:d4:50:01:1d:b5:
         fd:ef:c7:82:ba:b2:7a:59:97:78:66:b0:75:7f:49:d0:a7:84:
         82:9d:47:24:a2:cb:c7:0b:2d:4b:d7:ef:36:7b:c0:68:f6:c4:
         13:b4:4a:17:9a:e1:0b:b4:16:29:b0:ea:4e:4c:3c:fa:69:21:
         5b:64:a1:fc:92:37:91:9d:64:d6:06:bc:88:f0:36:39:24:f8:
         ca:94:6e:e9:31:96:40:3b:80:97:98:b0:a3:13:51:9d:14:d1:
         a0:11:14:4f:27:c7:4d:2b:01:13:41:74:96:97:67:e3:6e:e5:
         ae:e6:bc:ae:37:fe:77:fc:01:d8:61:2f:8b:f6:6a:a3:c0:c7:
         59:e8:a8:aa:a9:19:58:f7:1d:4c:11:81:19:5d:e6:5d:7a:93:
         46:80:1e:2e:a6:1f:fa:28:46:44:1d:23:90:4b:10:38:b3:8c:
         ea:47:9e:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFqLJGxzH27MkjQN4RMiidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA3MDgwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjYxZjE2ZjhiYzVkYmQ5YmY0NjA4ZDBlZjRkYjcxMmZlOWQ1MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn640FIhZ8jiC4rj9jZyhYfFdUGBo
EEKD83nA8iMZSixQyS4B9vGX/k9lFWZ2icQCpn6qdRAiyEJK906VeXaOhYB2qSbZ
8xkr0Ert2bBcBzaH3FnxpLQLTL0owEmCph7GTf5U5VbLc+kwWQ/6cCmapAIY8NWO
SdyP39dR75C7W9QEbHN2ZxT8wcXv009luRsQVZR7LpD4VgGnzak5gat1eQX3gE/q
Apc69a5KPsYHXV35TPSDF6mR5S724XRLhbXpMQN77S+R0CLXyzUzH/CLH+AXB9aT
Jqtkhxr6349hoM3zWNGx912A12h4EyWdVfdby95ox0Fz5hx4wYI5G9nuKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJh8W+LxdvZv0YI0O9NtxL+nVCaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMG1IeGI0dkYyOW1fUmdqUTcwMjNFdjZkVUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznzMA0G
CSqGSIb3DQEBCwUAA4IBAQCy0JYP5cKowi96lkfkg3MHu+M9Od2v783jn7FcNwDI
9Zt7YP/6ymYK5Og/yT0Ooqn6N3yGw7UeW2X8p7yUpnhX9ruI0f+A+pPA7sQrDtyq
p/pu1l491FABHbX978eCurJ6WZd4ZrB1f0nQp4SCnUckosvHCy1L1+82e8Bo9sQT
tEoXmuELtBYpsOpOTDz6aSFbZKH8kjeRnWTWBryI8DY5JPjKlG7pMZZAO4CXmLCj
E1GdFNGgERRPJ8dNKwETQXSWl2fjbuWu5ryuN/53/AHYYS+L9mqjwMdZ6KiqqRlY
9x1MEYEZXeZdepNGgB4uph/6KEZEHSOQSxA4s4zqR56w
-----END CERTIFICATE-----