Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1e_dQnEEmg86QGYqU_4GFkq-G5Y.roa
File:                     1e_dQnEEmg86QGYqU_4GFkq-G5Y.roa (raw, json)
Hash identifier:          ZGKCGcBVdW9yxaqP+B+Mi244Kanm7MIqBKU13TMtEyc=
Subject key identifier:   D5:EF:DD:42:71:04:9A:0F:3A:40:66:2A:53:FE:06:16:4A:BE:1B:96
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019464D16465B5C9DBB6DBAFC2A5DBF6335D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1e_dQnEEmg86QGYqU_4GFkq-G5Y.roa
Signing time:             Tue 14 Jan 2025 12:37:11 +0000
ROA not before:           Tue 14 Jan 2025 12:37:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        31.58.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:d1:64:65:b5:c9:db:b6:db:af:c2:a5:db:f6:33:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 14 12:37:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5efdd4271049a0f3a40662a53fe06164abe1b96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:da:b7:93:84:26:7b:49:38:64:1b:12:01:80:
                    fb:62:05:51:2e:7a:6e:da:1d:bf:fd:7a:dc:08:af:
                    50:d6:14:a5:fe:09:4f:68:d3:8a:e6:6d:26:fc:28:
                    59:28:3a:fb:69:c3:fa:57:35:bb:b6:6b:1c:98:9b:
                    17:35:43:f1:df:5f:17:c6:ec:7e:96:a2:42:fb:63:
                    68:2f:c1:70:34:4b:0e:db:6c:43:8b:73:7a:bf:d5:
                    29:04:0f:32:37:e5:3c:08:d8:07:d0:d9:9e:85:a5:
                    df:b1:d9:0b:e3:02:37:69:55:1e:7c:b6:ff:0a:51:
                    e1:38:33:e8:12:70:3a:58:1c:51:54:89:06:92:69:
                    f1:b3:5b:48:9c:b2:da:42:42:4f:94:d4:08:82:e7:
                    55:de:64:49:af:5b:a4:f8:2b:12:a1:96:89:ae:be:
                    aa:13:00:ea:24:36:b8:32:e5:d9:d5:7c:11:5e:9d:
                    5a:81:86:9a:bb:43:e8:be:11:f6:18:48:d3:22:ec:
                    62:98:bc:63:fc:b8:3f:6a:54:98:f0:01:76:d7:33:
                    39:2d:cf:90:66:0b:a2:b0:13:f5:cb:04:03:3b:ca:
                    06:6d:6c:ef:fd:5a:f4:9c:41:82:30:f6:15:13:2d:
                    b6:e6:ed:ae:d1:b3:b8:83:5b:a1:c2:f3:1a:d0:56:
                    b8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:EF:DD:42:71:04:9A:0F:3A:40:66:2A:53:FE:06:16:4A:BE:1B:96
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1e_dQnEEmg86QGYqU_4GFkq-G5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:05:30:aa:4a:ab:e5:74:54:48:80:10:1c:28:63:5b:5d:47:
         8d:bf:97:e5:fe:2a:f8:96:95:a0:cb:1c:e1:3c:cb:95:89:4e:
         73:50:19:6e:32:bf:d4:25:a8:02:da:16:9a:e9:81:95:17:d4:
         06:4a:8c:85:49:2d:1a:2a:f4:54:ba:64:93:5a:fe:3b:9a:c4:
         14:7b:60:85:c5:2d:d6:77:78:0a:1b:4c:1d:7e:21:78:76:a2:
         f7:51:19:5e:c7:f6:47:25:55:0a:06:b9:22:a4:1e:ad:cb:4c:
         1e:02:81:5f:da:a4:fe:56:c3:41:ed:7b:61:d6:f4:ef:73:c3:
         8a:18:a6:b6:4c:e7:e9:5a:89:3c:a7:5b:be:fe:42:4f:5d:65:
         c5:ef:65:19:74:95:ba:85:96:e1:a2:1c:4d:2d:67:32:c9:33:
         ba:db:f7:41:c4:0b:db:cb:56:35:67:02:61:90:3a:7a:17:19:
         59:7f:13:1e:69:ef:32:f2:9f:85:47:47:eb:98:4d:c5:95:50:
         02:3d:96:d7:35:b8:35:8f:85:1e:82:39:ca:13:21:9d:b5:ad:
         af:72:5f:8d:c7:30:20:05:8e:da:82:f3:30:9d:41:e6:e9:0d:
         24:94:23:c6:10:d1:b4:b5:94:2b:c8:ce:f9:bd:23:b0:27:11:
         6f:23:76:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRk0WRltcnbttuvwqXb9jNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTE0MTIzNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWVmZGQ0MjcxMDQ5YTBmM2E0MDY2MmE1M2ZlMDYxNjRhYmUxYjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9q3k4Qme0k4ZBsSAYD7YgVRLnpu
2h2//XrcCK9Q1hSl/glPaNOK5m0m/ChZKDr7acP6VzW7tmscmJsXNUPx318Xxux+
lqJC+2NoL8FwNEsO22xDi3N6v9UpBA8yN+U8CNgH0NmehaXfsdkL4wI3aVUefLb/
ClHhODPoEnA6WBxRVIkGkmnxs1tInLLaQkJPlNQIgudV3mRJr1uk+CsSoZaJrr6q
EwDqJDa4MuXZ1XwRXp1agYaau0PovhH2GEjTIuximLxj/Lg/alSY8AF21zM5Lc+Q
ZguisBP1ywQDO8oGbWzv/Vr0nEGCMPYVEy225u2u0bO4g1uhwvMa0Fa4EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXv3UJxBJoPOkBmKlP+BhZKvhuWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMWVfZFFuRUVtZzg2UUdZcVVfNEdGa3EtRzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrmMA0G
CSqGSIb3DQEBCwUAA4IBAQBLBTCqSqvldFRIgBAcKGNbXUeNv5fl/ir4lpWgyxzh
PMuViU5zUBluMr/UJagC2haa6YGVF9QGSoyFSS0aKvRUumSTWv47msQUe2CFxS3W
d3gKG0wdfiF4dqL3URlex/ZHJVUKBrkipB6ty0weAoFf2qT+VsNB7Xth1vTvc8OK
GKa2TOfpWok8p1u+/kJPXWXF72UZdJW6hZbhohxNLWcyyTO62/dBxAvby1Y1ZwJh
kDp6FxlZfxMeae8y8p+FR0frmE3FlVACPZbXNbg1j4UegjnKEyGdta2vcl+NxzAg
BY7agvMwnUHm6Q0klCPGENG0tZQryM75vSOwJxFvI3Zc
-----END CERTIFICATE-----