Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-OQlQCno3eCyvuL9fF1hMtF2FRM.roa
File:                     1-OQlQCno3eCyvuL9fF1hMtF2FRM.roa (raw, json)
Hash identifier:          aD/X4VbjQVX/Qazth95UpvucVJB9gXbtMcJhK2HYKqY=
Subject key identifier:   F8:E4:25:40:29:E8:DD:E0:B2:BE:E2:FD:7C:5D:61:32:D1:76:15:13
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234560A8E38F4DEB9601FA16769B29
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-OQlQCno3eCyvuL9fF1hMtF2FRM.roa
Signing time:             Thu 02 Jan 2025 17:49:47 +0000
ROA not before:           Thu 02 Jan 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47585
IP address blocks:        31.57.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:45:60:a8:e3:8f:4d:eb:96:01:fa:16:76:9b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8e4254029e8dde0b2bee2fd7c5d6132d1761513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:06:2f:08:71:da:8b:b6:52:64:c2:d2:bd:37:
                    a6:c8:c6:aa:d6:c2:58:b4:63:2d:16:ab:96:d7:70:
                    b4:12:15:f8:dc:d0:4f:f0:7c:25:54:47:18:fc:d1:
                    83:ba:17:78:44:25:8a:a5:84:21:f4:f3:2f:29:ee:
                    3c:44:57:36:68:fb:23:5d:b5:80:5e:f2:0d:86:da:
                    36:ec:d7:32:77:fb:4e:8d:06:bb:e8:27:f5:70:f8:
                    90:49:da:e0:a8:55:84:27:13:71:b8:d4:43:59:6f:
                    5d:e0:8c:1e:e1:2d:1c:75:91:45:79:ad:a7:70:8e:
                    77:f3:d3:38:fa:4c:2b:88:10:b6:80:a3:2d:ba:98:
                    4e:86:64:b1:ab:b6:e7:00:4b:6f:27:c4:b1:a6:21:
                    3d:70:30:42:b2:8d:06:7a:c4:d5:27:25:93:9b:c4:
                    ba:7b:e8:05:21:ff:bb:c5:75:6a:9f:d0:98:3f:62:
                    52:8b:c9:0a:86:c8:b4:3f:8d:32:c4:6c:39:1b:29:
                    e4:e3:5b:34:f6:6d:cb:07:60:7d:85:4b:fe:65:c6:
                    ec:08:09:e5:46:f0:da:e8:88:4c:44:05:6e:60:d8:
                    c0:e1:ad:93:7f:42:f3:25:57:93:43:13:dd:87:c9:
                    a7:a5:d1:1f:94:d2:17:cd:b2:44:e9:35:20:fb:5b:
                    ea:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E4:25:40:29:E8:DD:E0:B2:BE:E2:FD:7C:5D:61:32:D1:76:15:13
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-OQlQCno3eCyvuL9fF1hMtF2FRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:36:ec:9a:96:31:68:3a:b4:81:20:bf:2c:ea:0b:5b:48:b9:
         4e:c0:e7:0a:16:e3:86:ca:11:ab:7b:57:0f:e8:56:b4:b6:5f:
         29:5e:e1:bb:48:1b:53:a5:c5:94:ee:4e:fd:e8:36:d5:1b:19:
         52:72:d3:af:b5:11:49:35:a7:5c:9b:c0:40:d6:01:37:70:3f:
         b9:1c:df:32:4f:5e:3b:85:c8:6b:f5:58:17:39:4a:ce:cf:32:
         27:f6:2a:8a:1a:be:1a:95:c4:3f:5b:1b:73:85:bf:21:f4:28:
         a3:9f:35:e9:1a:83:31:07:53:8f:80:9c:60:6f:ab:6d:2b:3e:
         5c:19:15:a8:e0:59:9f:de:e1:b0:10:ef:18:11:d5:47:40:83:
         8c:91:b0:e0:64:e5:1c:e5:b9:da:02:cc:b4:cd:b0:db:1a:52:
         13:31:f4:38:05:f9:b0:b8:73:56:15:37:85:fb:fb:fc:7a:81:
         2d:04:82:9b:e8:2a:f8:1d:3c:5d:7d:49:47:24:c8:d8:76:19:
         53:8a:25:22:1e:04:e8:c5:7b:b4:65:98:25:96:1a:03:65:c8:
         2e:4d:40:0f:6e:da:1b:26:f2:2c:ee:07:95:20:4f:2a:e5:c5:
         c9:47:44:66:69:91:5a:9f:14:5f:fe:d3:19:15:55:93:c0:62:
         17:7d:b5:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQoI0VgqOOPTeuWAfoWdpspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGU0MjU0MDI5ZThkZGUwYjJiZWUyZmQ3YzVkNjEzMmQxNzYxNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AYvCHHai7ZSZMLSvTemyMaq1sJY
tGMtFquW13C0EhX43NBP8HwlVEcY/NGDuhd4RCWKpYQh9PMvKe48RFc2aPsjXbWA
XvINhto27Ncyd/tOjQa76Cf1cPiQSdrgqFWEJxNxuNRDWW9d4Iwe4S0cdZFFea2n
cI5389M4+kwriBC2gKMtuphOhmSxq7bnAEtvJ8SxpiE9cDBCso0GesTVJyWTm8S6
e+gFIf+7xXVqn9CYP2JSi8kKhsi0P40yxGw5Gynk41s09m3LB2B9hUv+ZcbsCAnl
RvDa6IhMRAVuYNjA4a2Tf0LzJVeTQxPdh8mnpdEflNIXzbJE6TUg+1vqKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjkJUAp6N3gsr7i/XxdYTLRdhUTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS1PUWxRQ25vM2VDeXZ1TDlmRjFoTXRGMkZSTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB85CjAN
BgkqhkiG9w0BAQsFAAOCAQEAKTbsmpYxaDq0gSC/LOoLW0i5TsDnChbjhsoRq3tX
D+hWtLZfKV7hu0gbU6XFlO5O/eg21RsZUnLTr7URSTWnXJvAQNYBN3A/uRzfMk9e
O4XIa/VYFzlKzs8yJ/Yqihq+GpXEP1sbc4W/IfQoo5816RqDMQdTj4CcYG+rbSs+
XBkVqOBZn97hsBDvGBHVR0CDjJGw4GTlHOW52gLMtM2w2xpSEzH0OAX5sLhzVhU3
hfv7/HqBLQSCm+gq+B08XX1JRyTI2HYZU4olIh4E6MV7tGWYJZYaA2XILk1AD27a
GybyLO4HlSBPKuXFyUdEZmmRWp8UX/7TGRVVk8BiF321Yw==
-----END CERTIFICATE-----