Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3zl2hS7rAM3OwNHkKEtr6ji019U.roa
File:                     3zl2hS7rAM3OwNHkKEtr6ji019U.roa (raw, json)
Hash identifier:          Bk31LIu5xpDb9sCpHAV4UVGdycf5QDbJ1TgtuGHON3E=
Subject key identifier:   DF:39:76:85:2E:EB:00:CD:CE:C0:D1:E4:28:4B:6B:EA:38:B4:D7:D5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428236B3671D675CC3B5BCDA4ED85868F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3zl2hS7rAM3OwNHkKEtr6ji019U.roa
Signing time:             Thu 02 Jan 2025 17:49:57 +0000
ROA not before:           Thu 02 Jan 2025 17:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213737
IP address blocks:        31.58.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:6b:36:71:d6:75:cc:3b:5b:cd:a4:ed:85:86:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df3976852eeb00cdcec0d1e4284b6bea38b4d7d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4f:6a:0d:6f:83:ba:9d:13:90:a4:5d:80:e4:
                    c3:c1:7d:d1:41:c8:8d:51:09:a4:54:60:39:e9:09:
                    3a:a4:7c:18:1f:00:3a:93:12:be:8b:ad:b5:11:c9:
                    95:ca:96:ab:42:10:c0:59:90:24:b8:bb:9d:78:9d:
                    9d:cb:63:ea:b2:44:fb:49:a8:43:ca:18:e1:e4:15:
                    03:94:e0:6f:42:e1:22:a2:c1:b4:fc:c8:53:4d:e2:
                    3a:ec:36:a2:9e:be:92:63:7d:ec:94:d4:86:d4:db:
                    83:cb:c1:be:77:a9:ee:81:d4:33:a4:a6:b5:d9:76:
                    d3:e8:7f:52:80:c4:c7:07:46:12:2e:dc:74:3a:de:
                    8c:78:5b:47:a9:c0:b9:20:81:cd:94:8d:fb:d6:49:
                    e1:9a:a6:0f:8f:bd:6a:72:1c:85:cc:33:bd:38:d0:
                    ec:67:5d:ba:ac:35:23:e3:a9:48:28:01:08:20:a9:
                    50:63:99:47:6a:9b:f9:3e:b0:68:b1:a9:89:c9:12:
                    94:da:99:a2:de:da:e5:9a:49:4f:11:64:da:64:05:
                    dd:d9:c1:31:b4:cd:9f:90:35:d5:ff:80:54:81:34:
                    42:9c:aa:27:d5:12:b7:d4:f9:26:0e:49:fc:01:c4:
                    49:3c:1a:2f:5d:78:47:99:1b:a6:79:12:a1:c1:a5:
                    22:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:39:76:85:2E:EB:00:CD:CE:C0:D1:E4:28:4B:6B:EA:38:B4:D7:D5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3zl2hS7rAM3OwNHkKEtr6ji019U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ac:27:ad:87:d5:bc:d7:a1:f5:5b:75:78:10:fa:31:8e:43:
         d6:6f:55:02:aa:19:c0:18:10:60:5d:ff:0c:c2:ee:67:6b:8a:
         37:66:39:9d:e2:75:e5:c0:6e:50:c6:8b:1e:6a:f8:4d:94:a4:
         84:8e:87:a6:2f:1e:91:f0:ab:7a:95:13:d6:28:55:bc:fe:a9:
         74:72:52:70:fe:69:26:3c:10:97:4e:09:ed:fa:2e:83:9b:97:
         0d:9c:99:31:c0:5c:97:45:82:da:1e:40:d7:6e:76:c9:b4:4e:
         05:b4:bd:a9:d8:fc:44:c7:2f:b7:95:f2:a6:be:81:e2:7e:03:
         4b:d3:8b:91:e2:86:d2:af:a4:ec:3a:4e:fb:7f:83:21:56:0f:
         41:ce:b5:20:f0:58:db:52:73:27:10:34:1b:60:ba:cb:94:23:
         ab:73:91:ed:ca:96:5e:d4:33:86:e9:30:aa:0e:4c:e7:59:22:
         80:4d:25:d4:08:c7:e1:b1:f5:20:e5:28:ad:8c:f8:a8:da:fe:
         ac:8f:b0:29:fe:0f:f4:94:22:9a:11:45:b0:4c:fd:fc:78:f3:
         fd:9d:35:19:a5:dc:f7:96:57:d8:22:8a:aa:6a:ea:33:b3:7d:
         ff:3a:82:93:ab:37:84:00:90:c6:6e:c8:90:e3:97:a2:58:e6:
         e8:07:e4:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2s2cdZ1zDtbzaTthYaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjM5NzY4NTJlZWIwMGNkY2VjMGQxZTQyODRiNmJlYTM4YjRkN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E9qDW+Dup0TkKRdgOTDwX3RQciN
UQmkVGA56Qk6pHwYHwA6kxK+i621EcmVyparQhDAWZAkuLudeJ2dy2PqskT7SahD
yhjh5BUDlOBvQuEiosG0/MhTTeI67Dainr6SY33slNSG1NuDy8G+d6nugdQzpKa1
2XbT6H9SgMTHB0YSLtx0Ot6MeFtHqcC5IIHNlI371knhmqYPj71qchyFzDO9ONDs
Z126rDUj46lIKAEIIKlQY5lHapv5PrBosamJyRKU2pmi3trlmklPEWTaZAXd2cEx
tM2fkDXV/4BUgTRCnKon1RK31PkmDkn8AcRJPBovXXhHmRumeRKhwaUi4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN85doUu6wDNzsDR5ChLa+o4tNfVMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM3psMmhTN3JBTTNPd05Ia0tFdHI2amkwMTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrSMA0G
CSqGSIb3DQEBCwUAA4IBAQA6rCeth9W816H1W3V4EPoxjkPWb1UCqhnAGBBgXf8M
wu5na4o3Zjmd4nXlwG5QxoseavhNlKSEjoemLx6R8Kt6lRPWKFW8/ql0clJw/mkm
PBCXTgnt+i6Dm5cNnJkxwFyXRYLaHkDXbnbJtE4FtL2p2PxExy+3lfKmvoHifgNL
04uR4obSr6TsOk77f4MhVg9BzrUg8FjbUnMnEDQbYLrLlCOrc5HtypZe1DOG6TCq
DkznWSKATSXUCMfhsfUg5SitjPio2v6sj7Ap/g/0lCKaEUWwTP38ePP9nTUZpdz3
llfYIoqqauozs33/OoKTqzeEAJDGbsiQ45eiWOboB+Ts
-----END CERTIFICATE-----