Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6uhWMnULPRN1o4lSMntbZ-_myEY.roa
File:                     6uhWMnULPRN1o4lSMntbZ-_myEY.roa (raw, json)
Hash identifier:          rCspGFQqwneRapp7dTyR9q8dMNgYxWGrXr/CsOu7KHE=
Subject key identifier:   EA:E8:56:32:75:0B:3D:13:75:A3:89:52:32:7B:5B:67:EF:E6:C8:46
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192D949FB3FC01FC7803837BC7398B44B20
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6uhWMnULPRN1o4lSMntbZ-_myEY.roa
Signing time:             Tue 29 Oct 2024 17:19:17 +0000
ROA not before:           Tue 29 Oct 2024 17:19:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        31.56.41.0/24 maxlen: 24
                          31.58.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:49:fb:3f:c0:1f:c7:80:38:37:bc:73:98:b4:4b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 29 17:19:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eae85632750b3d1375a38952327b5b67efe6c846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:28:02:0c:ac:da:72:eb:9c:61:b3:b1:20:b7:
                    db:c6:99:90:ec:92:37:e1:cb:6a:79:4d:61:d0:de:
                    15:4c:ee:68:93:0c:12:87:68:72:84:6c:92:ba:9a:
                    00:ca:64:b2:06:d8:d8:07:55:36:64:d3:e4:40:ba:
                    20:f8:72:63:64:f9:80:a7:75:1d:bf:bc:4f:d4:1a:
                    02:99:b1:c7:7a:ef:7c:11:b3:4b:91:b5:4d:a3:00:
                    4f:df:22:e4:ec:30:13:77:83:26:05:fe:90:1c:57:
                    38:6f:d9:18:9a:56:ec:01:e1:a6:8b:b1:96:24:d2:
                    5f:43:6d:7a:ba:1f:a7:56:4c:29:b8:d3:d7:7b:b0:
                    22:37:77:e1:48:55:41:91:e9:93:73:83:82:12:22:
                    49:7e:8b:fe:49:b1:38:f7:b3:ed:9d:b6:71:7c:f0:
                    ce:05:42:c9:91:6f:22:3d:55:97:10:57:fd:06:d8:
                    78:64:1e:24:e4:82:a8:52:57:31:c6:01:fa:62:83:
                    41:b7:5f:3c:e9:68:b6:99:1d:65:a3:2f:57:ab:5a:
                    b0:c3:84:0f:0a:0d:a8:c3:c9:a8:84:5b:a2:cb:cf:
                    38:5a:fe:65:db:86:5f:28:22:fd:60:2b:e6:17:8e:
                    95:07:79:b6:a4:d4:14:4a:04:38:37:7b:d5:29:cf:
                    51:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E8:56:32:75:0B:3D:13:75:A3:89:52:32:7B:5B:67:EF:E6:C8:46
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/6uhWMnULPRN1o4lSMntbZ-_myEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.41.0/24
                  31.58.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c3:49:df:93:83:3b:31:89:87:2a:65:a9:34:3f:a6:07:09:
         43:9a:96:79:83:ae:60:f6:e1:80:10:e1:44:a0:39:95:47:32:
         14:6a:73:d1:8e:4a:be:fb:45:ba:23:9a:cc:f6:30:d3:46:ca:
         e2:66:ee:ce:cd:02:25:6f:b8:eb:3d:0b:27:53:06:70:81:71:
         8d:d0:45:db:7e:95:6f:99:18:f3:fb:2c:be:f3:80:73:b0:0d:
         e4:e1:e0:9f:52:c2:15:8b:d5:ab:cf:c0:f4:4e:9e:fb:5b:44:
         59:7d:80:ca:1c:b5:32:4d:34:15:da:ad:91:7d:90:44:4f:61:
         e7:6e:87:ba:75:0c:20:4a:ff:86:ee:42:79:a6:9b:5f:3c:d1:
         89:87:d3:e1:25:7d:88:32:07:b1:d8:c5:e6:49:e9:60:08:f4:
         92:d0:ab:ff:5e:2e:07:ce:54:04:c2:14:b0:0a:0e:31:e7:2f:
         c3:67:af:aa:fb:db:49:fa:6c:8c:ad:b1:f2:6b:b1:02:98:4d:
         02:e6:5f:02:e3:89:57:55:a6:e3:46:61:1f:c1:ff:21:0f:6a:
         82:99:de:45:8d:68:62:29:33:af:63:75:87:bf:e2:03:8f:39:
         5b:ad:b5:e6:f1:47:54:fa:cf:c2:58:db:e8:5a:bc:a5:c2:89:
         13:04:b5:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLZSfs/wB/HgDg3vHOYtEsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDI5MTcxOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWU4NTYzMjc1MGIzZDEzNzVhMzg5NTIzMjdiNWI2N2VmZTZjODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3igCDKzacuucYbOxILfbxpmQ7JI3
4ctqeU1h0N4VTO5okwwSh2hyhGySupoAymSyBtjYB1U2ZNPkQLog+HJjZPmAp3Ud
v7xP1BoCmbHHeu98EbNLkbVNowBP3yLk7DATd4MmBf6QHFc4b9kYmlbsAeGmi7GW
JNJfQ216uh+nVkwpuNPXe7AiN3fhSFVBkemTc4OCEiJJfov+SbE497PtnbZxfPDO
BULJkW8iPVWXEFf9Bth4ZB4k5IKoUlcxxgH6YoNBt1886Wi2mR1loy9Xq1qww4QP
Cg2ow8mohFuiy884Wv5l24ZfKCL9YCvmF46VB3m2pNQUSgQ4N3vVKc9R+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOroVjJ1Cz0TdaOJUjJ7W2fv5shGMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNnVoV01uVUxQUk4xbzRsU01udGJaLV9teUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgpAwQA
HzqDMA0GCSqGSIb3DQEBCwUAA4IBAQAyw0nfk4M7MYmHKmWpND+mBwlDmpZ5g65g
9uGAEOFEoDmVRzIUanPRjkq++0W6I5rM9jDTRsriZu7OzQIlb7jrPQsnUwZwgXGN
0EXbfpVvmRjz+yy+84BzsA3k4eCfUsIVi9Wrz8D0Tp77W0RZfYDKHLUyTTQV2q2R
fZBET2Hnboe6dQwgSv+G7kJ5pptfPNGJh9PhJX2IMgex2MXmSelgCPSS0Kv/Xi4H
zlQEwhSwCg4x5y/DZ6+q+9tJ+myMrbHya7ECmE0C5l8C44lXVabjRmEfwf8hD2qC
md5FjWhiKTOvY3WHv+IDjzlbrbXm8UdU+s/CWNvoWrylwokTBLV1
-----END CERTIFICATE-----