Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1wN3N4V2xz3wbSHN_Q7rZZB1Fto.roa
File:                     1wN3N4V2xz3wbSHN_Q7rZZB1Fto.roa (raw, json)
Hash identifier:          gGvTEx6mvtPi16t4HidwlU0RT0mR6+hP9GAq4QSxjlE=
Subject key identifier:   D7:03:77:37:85:76:C7:3D:F0:6D:21:CD:FD:0E:EB:65:90:75:16:DA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428236F35FE0FB54617F5C677F3B17E64
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1wN3N4V2xz3wbSHN_Q7rZZB1Fto.roa
Signing time:             Thu 02 Jan 2025 17:49:58 +0000
ROA not before:           Thu 02 Jan 2025 17:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214036
IP address blocks:        31.56.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:6f:35:fe:0f:b5:46:17:f5:c6:77:f3:b1:7e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d70377378576c73df06d21cdfd0eeb65907516da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c9:03:03:bb:8c:d6:4e:5f:55:db:c0:25:57:
                    eb:4f:dd:74:7d:f6:b4:4b:1d:44:7e:54:24:60:7e:
                    86:d8:bd:ca:c3:71:df:e0:5f:c1:71:1e:83:80:4c:
                    e0:91:9d:35:39:e9:94:1d:32:bc:76:41:9b:5d:e0:
                    2c:c2:6b:26:0f:e7:dd:59:2d:74:ba:e7:e2:0d:f4:
                    6d:b0:92:ad:1c:df:11:54:86:b7:f3:d1:71:5e:1a:
                    43:17:ec:5d:4b:41:f8:df:2a:d6:92:0e:cf:87:49:
                    cc:d0:08:58:cc:ba:96:26:8b:56:4c:f9:cd:f6:2d:
                    fc:b0:58:2b:50:a4:c0:10:f4:b8:f2:3d:3b:fb:7d:
                    1f:15:e3:89:17:56:68:ff:84:26:9f:bc:71:1a:a4:
                    81:36:a9:b4:74:ce:ea:74:f6:1d:8f:4f:64:c5:76:
                    67:70:f5:77:d2:69:6c:60:09:7a:96:33:1b:dd:dc:
                    d3:63:ff:9d:ac:a8:bb:16:ad:40:73:42:eb:c8:4f:
                    f0:21:3c:9b:a5:7f:76:a5:11:24:ca:5c:6e:ef:a1:
                    41:d2:f8:de:c1:f9:54:a0:14:0e:4b:9e:ec:fa:ae:
                    f1:0c:75:f1:e5:ba:e2:9f:68:f6:95:f7:0e:a1:28:
                    00:3d:59:65:bc:fc:22:02:17:53:3f:14:66:81:f4:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:03:77:37:85:76:C7:3D:F0:6D:21:CD:FD:0E:EB:65:90:75:16:DA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1wN3N4V2xz3wbSHN_Q7rZZB1Fto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:0f:ae:7f:2b:e1:6a:28:ab:c8:98:01:f8:e7:d8:02:d2:86:
         f9:72:9e:14:c5:83:37:fa:f9:95:da:e7:46:12:82:dc:36:a4:
         a4:22:8d:29:c9:e1:09:ca:1d:ff:6d:5f:10:ee:cd:62:e2:46:
         f7:61:a0:1b:8a:df:c4:f8:f8:cb:31:eb:c9:1b:27:fb:55:b0:
         1a:d6:03:dd:31:3f:1d:48:0c:ea:ee:3d:d3:dc:a2:75:a3:ee:
         c2:c4:fe:20:36:03:43:7a:d1:91:53:ce:33:4b:f4:9b:48:d4:
         06:60:2d:f1:4e:33:a5:86:99:a4:da:a0:b4:b3:c8:39:44:ac:
         a2:5f:b0:85:11:fb:08:e8:07:d1:5a:09:03:ea:9b:22:c9:54:
         b7:15:e6:f6:9f:17:d5:c1:81:3d:f7:d3:68:70:44:6b:47:dc:
         44:4a:73:86:b3:7a:9c:9d:23:1e:df:04:25:82:f8:2e:c3:ed:
         f6:ac:1c:7c:90:fa:0d:d7:42:a9:64:bd:60:7f:e2:3f:fe:b7:
         4b:c8:8d:f1:e4:4d:dc:1b:5b:64:31:e9:77:36:7a:0f:b9:47:
         31:a2:67:a0:75:98:ce:a6:8f:f5:04:5f:74:85:d7:5f:d9:48:
         62:23:c7:01:fe:66:c2:0e:51:b5:95:05:80:1e:71:5e:7c:e6:
         e3:d7:b4:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI281/g+1Rhf1xnfzsX5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzAzNzczNzg1NzZjNzNkZjA2ZDIxY2RmZDBlZWI2NTkwNzUxNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MkDA7uM1k5fVdvAJVfrT910ffa0
Sx1EflQkYH6G2L3Kw3Hf4F/BcR6DgEzgkZ01OemUHTK8dkGbXeAswmsmD+fdWS10
uufiDfRtsJKtHN8RVIa389FxXhpDF+xdS0H43yrWkg7Ph0nM0AhYzLqWJotWTPnN
9i38sFgrUKTAEPS48j07+30fFeOJF1Zo/4Qmn7xxGqSBNqm0dM7qdPYdj09kxXZn
cPV30mlsYAl6ljMb3dzTY/+drKi7Fq1Ac0LryE/wITybpX92pREkylxu76FB0vje
wflUoBQOS57s+q7xDHXx5brin2j2lfcOoSgAPVllvPwiAhdTPxRmgfRGgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcDdzeFdsc98G0hzf0O62WQdRbaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMXdOM040VjJ4ejN3YlNITl9RN3JaWkIxRnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzibMA0G
CSqGSIb3DQEBCwUAA4IBAQCLD65/K+FqKKvImAH459gC0ob5cp4UxYM3+vmV2udG
EoLcNqSkIo0pyeEJyh3/bV8Q7s1i4kb3YaAbit/E+PjLMevJGyf7VbAa1gPdMT8d
SAzq7j3T3KJ1o+7CxP4gNgNDetGRU84zS/SbSNQGYC3xTjOlhpmk2qC0s8g5RKyi
X7CFEfsI6AfRWgkD6psiyVS3Feb2nxfVwYE999NocERrR9xESnOGs3qcnSMe3wQl
gvguw+32rBx8kPoN10KpZL1gf+I//rdLyI3x5E3cG1tkMel3NnoPuUcxomegdZjO
po/1BF90hddf2UhiI8cB/mbCDlG1lQWAHnFefObj17SM
-----END CERTIFICATE-----