Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2V56iF0H8Hpnbbvd-yD8iM6HHAA.roa
File:                     2V56iF0H8Hpnbbvd-yD8iM6HHAA.roa (raw, json)
Hash identifier:          tDlLBK43soTnVEThMyFb+Gq/RoFP+710k00MCyo7ELQ=
Subject key identifier:   D9:5E:7A:88:5D:07:F0:7A:67:6D:BB:DD:FB:20:FC:88:CE:87:1C:00
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195A4F452DE49E65B6E81586E305E9B1657
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2V56iF0H8Hpnbbvd-yD8iM6HHAA.roa
Signing time:             Mon 17 Mar 2025 16:33:50 +0000
ROA not before:           Mon 17 Mar 2025 16:33:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        31.58.100.0/22 maxlen: 24
                          31.58.103.0/24 maxlen: 24
                          31.59.29.0/24 maxlen: 24
                          31.59.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a4:f4:52:de:49:e6:5b:6e:81:58:6e:30:5e:9b:16:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 17 16:33:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d95e7a885d07f07a676dbbddfb20fc88ce871c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d3:f0:52:2c:f7:2e:ad:90:9c:4d:12:0a:19:
                    53:1a:73:b9:3c:51:db:80:7c:d1:e3:b2:ba:dc:e7:
                    6a:35:72:1e:ca:d1:49:95:72:9d:94:2d:52:67:1a:
                    27:c2:85:67:56:4d:ab:4d:b5:b4:ac:27:91:3e:8d:
                    a2:43:8f:e1:d6:28:2c:bf:b5:4b:60:4d:e1:13:ef:
                    ad:5c:82:69:78:1e:28:87:33:47:0b:84:60:0e:09:
                    48:29:2b:f4:95:f2:d4:5e:5e:c3:69:24:85:d3:de:
                    a1:ae:8c:96:33:30:5b:f8:2e:ff:ff:0b:b4:cb:f2:
                    58:76:c1:a4:be:5f:82:2c:74:73:00:bd:dc:5b:73:
                    c8:6a:b7:01:58:4e:75:1d:34:7c:9e:73:11:22:24:
                    33:df:01:76:6f:56:bc:12:1e:b7:26:15:56:41:0a:
                    8b:e7:a0:5c:b9:31:66:10:50:ef:fa:af:b1:2b:4c:
                    36:7d:3f:17:50:e1:c9:fd:4b:b3:8d:1c:a2:70:1d:
                    6d:d6:f1:f6:55:34:91:7b:6b:8c:ee:87:c6:8d:86:
                    34:12:25:56:64:52:38:e6:a6:7b:c9:ea:d9:f3:6d:
                    a8:6e:46:ff:0b:53:8f:d3:84:87:f5:1d:e6:f3:c8:
                    f2:29:fd:5c:18:e1:5c:de:49:59:70:b9:3f:fb:66:
                    38:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5E:7A:88:5D:07:F0:7A:67:6D:BB:DD:FB:20:FC:88:CE:87:1C:00
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2V56iF0H8Hpnbbvd-yD8iM6HHAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.100.0/22
                  31.59.29.0/24
                  31.59.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:bb:2d:6c:0c:4f:53:a4:73:9c:56:e8:8f:cf:e3:d5:30:aa:
         a5:3d:5c:e7:37:7b:af:27:da:4c:6f:f6:e6:a6:8c:b0:31:8c:
         42:4b:66:18:22:82:30:a1:0d:8d:c8:8a:ec:36:a0:f4:15:01:
         70:71:34:5a:f6:ee:11:a3:d1:e7:35:fe:f5:76:ec:05:35:60:
         4e:7f:40:93:df:4e:9a:e3:2c:47:23:a6:0b:f6:73:be:88:01:
         d1:4b:42:59:69:19:0c:cf:e5:55:70:5e:26:37:b1:00:01:cd:
         ee:74:e6:74:03:50:8b:6c:f3:7e:fe:49:b7:d1:95:35:57:92:
         15:6d:0d:04:3a:df:12:05:8d:3f:54:7a:05:5d:7f:28:db:59:
         52:18:50:d8:2b:e4:61:df:26:f8:3e:e8:b1:b2:15:ba:b5:05:
         ea:29:dc:8e:ee:99:4a:c1:cc:20:43:a7:7f:21:8f:41:02:d4:
         ba:a6:a2:aa:f1:32:f9:51:d5:20:b2:35:87:bf:a3:b4:85:2d:
         97:ee:99:e3:a7:7c:c2:6e:6a:f9:03:15:eb:ba:c7:4d:55:0e:
         f3:d3:fc:47:d2:08:d3:06:c6:ce:d0:70:15:b9:a4:28:09:a5:
         a9:38:9c:50:1a:31:6e:2c:58:79:97:ca:66:2d:a6:70:91:b6:
         f3:cd:cb:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWk9FLeSeZbboFYbjBemxZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzE3MTYzMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTVlN2E4ODVkMDdmMDdhNjc2ZGJiZGRmYjIwZmM4OGNlODcxYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNPwUiz3Lq2QnE0SChlTGnO5PFHb
gHzR47K63OdqNXIeytFJlXKdlC1SZxonwoVnVk2rTbW0rCeRPo2iQ4/h1igsv7VL
YE3hE++tXIJpeB4ohzNHC4RgDglIKSv0lfLUXl7DaSSF096hroyWMzBb+C7//wu0
y/JYdsGkvl+CLHRzAL3cW3PIarcBWE51HTR8nnMRIiQz3wF2b1a8Eh63JhVWQQqL
56BcuTFmEFDv+q+xK0w2fT8XUOHJ/UuzjRyicB1t1vH2VTSRe2uM7ofGjYY0EiVW
ZFI45qZ7yerZ822obkb/C1OP04SH9R3m88jyKf1cGOFc3klZcLk/+2Y4SwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNleeohdB/B6Z2273fsg/IjOhxwAMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMlY1NmlGMEg4SHBuYmJ2ZC15RDhpTTZISEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCHzpkAwQA
HzsdAwQAHzsiMA0GCSqGSIb3DQEBCwUAA4IBAQAXuy1sDE9TpHOcVuiPz+PVMKql
PVznN3uvJ9pMb/bmpoywMYxCS2YYIoIwoQ2NyIrsNqD0FQFwcTRa9u4Ro9HnNf71
duwFNWBOf0CT306a4yxHI6YL9nO+iAHRS0JZaRkMz+VVcF4mN7EAAc3udOZ0A1CL
bPN+/km30ZU1V5IVbQ0EOt8SBY0/VHoFXX8o21lSGFDYK+Rh3yb4PuixshW6tQXq
KdyO7plKwcwgQ6d/IY9BAtS6pqKq8TL5UdUgsjWHv6O0hS2X7pnjp3zCbmr5AxXr
usdNVQ7z0/xH0gjTBsbO0HAVuaQoCaWpOJxQGjFuLFh5l8pmLaZwkbbzzctO
-----END CERTIFICATE-----