Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7QJIJ4mg_XuVBc-r4r05MFPMJI8.roa
File:                     7QJIJ4mg_XuVBc-r4r05MFPMJI8.roa (raw, json)
Hash identifier:          7TFFtX4UniQNR2iUDWlvSNpb2oVdUtepwXt/9Hn3gf4=
Subject key identifier:   ED:02:48:27:89:A0:FD:7B:95:05:CF:AB:E2:BD:39:30:53:CC:24:8F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282360AEE9BCE634386FC766B9F3BDB8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7QJIJ4mg_XuVBc-r4r05MFPMJI8.roa
Signing time:             Thu 02 Jan 2025 17:49:54 +0000
ROA not before:           Thu 02 Jan 2025 17:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204044
IP address blocks:        31.59.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:60:ae:e9:bc:e6:34:38:6f:c7:66:b9:f3:bd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed02482789a0fd7b9505cfabe2bd393053cc248f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:92:5f:c9:fb:86:9a:61:0a:bb:aa:26:85:db:
                    f1:b2:8a:b4:ae:1c:ad:c0:80:7f:90:6e:31:ce:6d:
                    ab:3c:43:52:7d:f4:cf:0f:f1:b1:41:c3:15:92:8d:
                    bc:f6:72:ad:65:77:c5:88:61:8f:de:6d:1f:91:9c:
                    e9:63:dd:8d:fe:d4:6d:7f:e8:10:09:9a:1f:83:16:
                    30:11:23:21:83:5e:23:3e:e3:2d:65:4e:8d:df:c7:
                    d9:42:a5:9c:b7:cb:ee:ca:23:11:30:ac:24:ee:08:
                    23:9f:a6:bc:0c:c2:79:a4:55:7d:f2:60:1a:05:b6:
                    f2:a3:a0:82:20:6b:53:a8:26:2f:84:ac:53:18:be:
                    54:e9:85:8d:1f:26:b6:9a:a5:63:16:58:96:58:cd:
                    f1:40:8a:db:d4:24:e1:0c:e5:e7:d5:5b:55:b3:bc:
                    c4:db:ef:91:8b:5b:b5:f7:2d:dc:9f:e5:19:4a:16:
                    08:0d:f3:8a:12:18:c4:c3:6b:ee:3d:7d:ab:55:04:
                    28:ca:60:a7:fd:45:44:e2:de:65:c5:12:3b:f7:25:
                    41:6e:9d:f8:9e:b1:fa:8b:e8:bd:23:58:06:ac:b6:
                    d9:d8:96:63:ad:68:95:c9:67:55:36:63:b3:2d:56:
                    2f:30:0e:fe:83:1c:67:44:9e:70:de:7d:07:21:19:
                    f4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:02:48:27:89:A0:FD:7B:95:05:CF:AB:E2:BD:39:30:53:CC:24:8F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7QJIJ4mg_XuVBc-r4r05MFPMJI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:9f:fe:c7:b6:d8:4e:04:3f:f7:32:0b:17:ea:6f:84:92:72:
         b0:39:ed:bb:1a:00:11:58:dd:42:20:50:1e:b9:0e:0c:87:03:
         48:d4:92:5f:98:83:ba:4a:cf:53:e1:d5:49:96:de:80:ae:aa:
         3b:17:b3:45:30:2c:ae:33:a1:2a:11:fd:12:2e:c7:5f:93:3c:
         6d:28:4f:df:a4:c1:da:5c:8e:2c:f0:bf:b1:b2:68:30:d1:ff:
         85:83:12:c8:b4:51:1d:c2:f9:58:32:ef:6b:e8:a1:cf:5f:6d:
         a5:06:97:e8:90:cf:dc:43:28:8c:35:8c:2f:27:d0:f2:21:75:
         24:e0:bb:0a:cf:52:05:a4:00:04:6d:54:98:75:0f:ae:00:c3:
         55:86:11:ed:a4:98:ea:80:20:ef:d3:5e:63:34:5d:a2:7e:8d:
         d9:b0:7e:0f:15:c2:00:0e:85:f3:d9:17:43:9e:d2:ba:c0:a8:
         89:f6:30:e5:42:7a:4c:3c:2b:10:97:f7:e5:1e:fe:47:3a:26:
         13:40:c0:67:66:51:3e:40:10:10:2a:da:f3:4b:72:6d:d6:4f:
         58:c0:f0:27:2e:f3:3f:da:89:60:c3:dd:28:af:40:e8:70:1b:
         1c:c9:ea:d8:7f:9c:ef:12:68:46:2e:30:36:79:50:be:74:09:
         40:29:b4:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2Cu6bzmNDhvx2a58724MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDAyNDgyNzg5YTBmZDdiOTUwNWNmYWJlMmJkMzkzMDUzY2MyNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5JfyfuGmmEKu6omhdvxsoq0rhyt
wIB/kG4xzm2rPENSffTPD/GxQcMVko289nKtZXfFiGGP3m0fkZzpY92N/tRtf+gQ
CZofgxYwESMhg14jPuMtZU6N38fZQqWct8vuyiMRMKwk7ggjn6a8DMJ5pFV98mAa
Bbbyo6CCIGtTqCYvhKxTGL5U6YWNHya2mqVjFliWWM3xQIrb1CThDOXn1VtVs7zE
2++Ri1u19y3cn+UZShYIDfOKEhjEw2vuPX2rVQQoymCn/UVE4t5lxRI79yVBbp34
nrH6i+i9I1gGrLbZ2JZjrWiVyWdVNmOzLVYvMA7+gxxnRJ5w3n0HIRn0iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0CSCeJoP17lQXPq+K9OTBTzCSPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvN1FKSUo0bWdfWHVWQmMtcjRyMDVNRlBNSkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHztIMA0G
CSqGSIb3DQEBCwUAA4IBAQCXn/7HtthOBD/3MgsX6m+EknKwOe27GgARWN1CIFAe
uQ4MhwNI1JJfmIO6Ss9T4dVJlt6Arqo7F7NFMCyuM6EqEf0SLsdfkzxtKE/fpMHa
XI4s8L+xsmgw0f+FgxLItFEdwvlYMu9r6KHPX22lBpfokM/cQyiMNYwvJ9DyIXUk
4LsKz1IFpAAEbVSYdQ+uAMNVhhHtpJjqgCDv015jNF2ifo3ZsH4PFcIADoXz2RdD
ntK6wKiJ9jDlQnpMPCsQl/flHv5HOiYTQMBnZlE+QBAQKtrzS3Jt1k9YwPAnLvM/
2olgw90or0DocBscyerYf5zvEmhGLjA2eVC+dAlAKbRT
-----END CERTIFICATE-----