Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1Sw15QK3WJ8xTlDhDm1J9tvq5UQ.roa
File:                     1Sw15QK3WJ8xTlDhDm1J9tvq5UQ.roa (raw, json)
Hash identifier:          RSOixO24b7tJl3uvnKxV1LuCjOgx4bU+Q0IJxuji6oo=
Subject key identifier:   D5:2C:35:E5:02:B7:58:9F:31:4E:50:E1:0E:6D:49:F6:DB:EA:E5:44
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195803129449E361CAC160F56A49C3B5AC1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1Sw15QK3WJ8xTlDhDm1J9tvq5UQ.roa
Signing time:             Mon 10 Mar 2025 13:14:20 +0000
ROA not before:           Mon 10 Mar 2025 13:14:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214375
IP address blocks:        31.56.46.0/24 maxlen: 24
                          31.57.157.0/24 maxlen: 24
                          31.57.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:80:31:29:44:9e:36:1c:ac:16:0f:56:a4:9c:3b:5a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 10 13:14:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d52c35e502b7589f314e50e10e6d49f6dbeae544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:06:d2:3e:7f:f0:8b:17:55:b4:71:44:5d:0e:
                    f7:48:25:16:39:59:0b:db:c7:37:ff:c3:16:fa:4e:
                    80:a4:ea:3c:c8:07:33:da:82:cb:4c:ef:f7:4a:bb:
                    6f:2d:ca:05:df:ae:2b:7e:af:ff:3a:6c:ba:1f:7c:
                    42:68:95:74:eb:8b:30:2a:2a:be:a1:46:ee:27:44:
                    d0:49:66:3d:f0:cc:7c:c1:20:a1:80:9d:08:2c:11:
                    61:b2:69:56:b9:e9:0a:63:84:f9:02:30:cc:ff:61:
                    0a:93:15:d6:a1:14:db:09:76:82:a8:18:eb:cb:23:
                    f4:24:bd:1e:ab:b3:55:0e:60:fc:7a:8c:35:e9:40:
                    16:41:dc:03:dc:be:0a:c8:92:ef:40:46:9b:40:5a:
                    c0:5d:67:77:e5:66:2f:cb:b3:fb:b9:f6:73:b2:d2:
                    ad:5f:27:39:62:6a:88:80:55:31:da:5a:3d:34:f8:
                    a2:47:7b:c2:15:04:6a:c0:27:0b:fe:ec:f2:02:12:
                    27:ca:c8:27:c7:77:7a:05:b2:7e:c0:8a:f6:14:82:
                    a6:da:e7:76:41:6a:23:19:a4:78:d7:82:33:c7:f4:
                    99:67:d2:4a:43:2f:c9:4c:e3:00:56:db:52:70:2e:
                    a0:60:1c:c1:06:94:77:63:f5:f4:f5:d4:23:24:f1:
                    d2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2C:35:E5:02:B7:58:9F:31:4E:50:E1:0E:6D:49:F6:DB:EA:E5:44
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1Sw15QK3WJ8xTlDhDm1J9tvq5UQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.46.0/24
                  31.57.157.0-31.57.158.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:c9:ec:d4:05:92:dd:ea:c7:af:ae:97:dc:b0:a6:d2:85:6e:
         2d:3e:f5:50:43:1a:aa:09:41:64:07:73:70:e4:79:45:1f:a2:
         e9:9d:c4:33:7c:ff:42:f6:ef:34:b5:13:34:29:fb:dd:0c:74:
         28:55:5e:4c:a2:d2:61:aa:0c:df:7a:70:f9:52:a5:1e:b3:cb:
         81:0c:72:7e:27:5e:94:28:3f:f7:e3:69:99:89:e4:ab:ef:5e:
         5d:f6:fc:a8:12:a7:36:a5:f3:c8:64:b8:17:58:70:1e:32:36:
         0c:ff:13:30:d3:cb:a3:60:1a:b7:58:2d:94:40:e5:60:2b:fb:
         c3:7a:b6:07:97:14:03:95:fe:a2:77:e0:e4:8a:f8:66:74:e5:
         4b:e2:1e:b0:3e:ce:8b:c0:f7:47:33:5f:da:83:16:3f:41:24:
         88:bb:6e:0d:9a:b8:3d:3a:fe:d3:cc:aa:f7:b0:d9:f3:a4:82:
         ff:49:c9:12:e4:cb:d5:69:88:e4:93:54:73:3c:73:8e:aa:0a:
         6b:12:a4:3e:7b:cd:de:c1:23:43:34:e3:10:7c:60:c3:e2:15:
         b3:4e:ad:06:74:7b:c0:ac:7b:a0:de:0f:8a:80:99:86:db:4c:
         02:34:2d:9c:71:cf:9c:d8:b9:4c:5f:5b:2d:56:8d:4d:1d:1a:
         2f:c6:f9:9d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZWAMSlEnjYcrBYPVqScO1rBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzEwMTMxNDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTJjMzVlNTAyYjc1ODlmMzE0ZTUwZTEwZTZkNDlmNmRiZWFlNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQbSPn/wixdVtHFEXQ73SCUWOVkL
28c3/8MW+k6ApOo8yAcz2oLLTO/3SrtvLcoF364rfq//Omy6H3xCaJV064swKiq+
oUbuJ0TQSWY98Mx8wSChgJ0ILBFhsmlWuekKY4T5AjDM/2EKkxXWoRTbCXaCqBjr
yyP0JL0eq7NVDmD8eow16UAWQdwD3L4KyJLvQEabQFrAXWd35WYvy7P7ufZzstKt
Xyc5YmqIgFUx2lo9NPiiR3vCFQRqwCcL/uzyAhInysgnx3d6BbJ+wIr2FIKm2ud2
QWojGaR414Izx/SZZ9JKQy/JTOMAVttScC6gYBzBBpR3Y/X09dQjJPHShwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNUsNeUCt1ifMU5Q4Q5tSfbb6uVEMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMVN3MTVRSzNXSjh4VGxEaERtMUo5dHZxNVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAHzguMAwD
BAAfOZ0DBAAfOZ4wDQYJKoZIhvcNAQELBQADggEBAHrJ7NQFkt3qx6+ul9ywptKF
bi0+9VBDGqoJQWQHc3DkeUUfoumdxDN8/0L27zS1EzQp+90MdChVXkyi0mGqDN96
cPlSpR6zy4EMcn4nXpQoP/fjaZmJ5KvvXl32/KgSpzal88hkuBdYcB4yNgz/EzDT
y6NgGrdYLZRA5WAr+8N6tgeXFAOV/qJ34OSK+GZ05UviHrA+zovA90czX9qDFj9B
JIi7bg2auD06/tPMqvew2fOkgv9JyRLky9VpiOSTVHM8c46qCmsSpD57zd7BI0M0
4xB8YMPiFbNOrQZ0e8Cse6DeD4qAmYbbTAI0LZxxz5zYuUxfWy1WjU0dGi/G+Z0=
-----END CERTIFICATE-----