Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7TKXiY4WFzILwuRu8glPUK2-fqQ.roa
File:                     7TKXiY4WFzILwuRu8glPUK2-fqQ.roa (raw, json)
Hash identifier:          dEsia07qZH08532OIkxIFwIblEvQaE1kFfT+HPTFfEY=
Subject key identifier:   ED:32:97:89:8E:16:17:32:0B:C2:E4:6E:F2:09:4F:50:AD:BE:7E:A4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192FD7BE7AC0ED8313E791B546252D47A67
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7TKXiY4WFzILwuRu8glPUK2-fqQ.roa
Signing time:             Tue 05 Nov 2024 18:00:08 +0000
ROA not before:           Tue 05 Nov 2024 18:00:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        31.57.134.0/24 maxlen: 24
                          31.58.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fd:7b:e7:ac:0e:d8:31:3e:79:1b:54:62:52:d4:7a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  5 18:00:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed3297898e1617320bc2e46ef2094f50adbe7ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:fe:80:1b:40:d5:7a:19:b5:a4:73:ee:1c:65:
                    96:ce:cd:19:7e:1f:04:2c:d3:9c:1e:63:91:48:eb:
                    49:51:3b:ea:d1:c7:98:a0:5f:78:ef:2a:c3:6e:ef:
                    73:62:8e:d1:a4:f3:4f:7b:74:4b:69:da:ea:27:ce:
                    62:18:40:65:b9:81:c5:62:e8:83:90:17:d8:e4:e0:
                    e0:49:f3:d8:06:2e:65:de:71:57:cd:c7:1a:a0:d4:
                    d4:9e:70:84:6a:d6:b1:5b:9f:2c:da:c3:48:c6:58:
                    fa:6b:ce:75:e3:7f:da:e9:28:0c:1a:91:71:2f:7a:
                    99:01:a7:91:7a:4d:00:ab:d0:7c:89:8c:da:18:aa:
                    3e:83:41:7d:39:a0:56:eb:3b:46:95:95:f4:32:04:
                    03:9c:66:a3:ee:38:d5:48:74:56:30:33:cc:67:3e:
                    d7:11:95:09:42:87:a4:23:6f:a0:58:54:cd:44:5b:
                    e1:9c:e1:83:cb:ce:fd:75:71:2b:e7:87:da:bf:6e:
                    da:35:68:f3:a5:2f:a0:7d:3f:c9:63:60:6a:93:71:
                    cb:11:02:6f:3d:30:97:18:28:7a:52:63:04:81:58:
                    80:22:4b:df:8d:95:79:92:58:0d:e9:1d:fd:15:c1:
                    a5:da:0f:80:c3:c1:d5:bd:26:8e:50:ca:b8:02:e9:
                    34:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:32:97:89:8E:16:17:32:0B:C2:E4:6E:F2:09:4F:50:AD:BE:7E:A4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7TKXiY4WFzILwuRu8glPUK2-fqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.134.0/24
                  31.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:66:6b:36:6d:37:76:aa:95:e8:0c:51:dd:a7:31:87:71:03:
         ed:5a:28:74:3d:80:88:8f:30:c2:69:fe:4e:e1:61:87:a9:2b:
         f1:d0:93:36:97:82:bd:6b:71:18:ae:b6:7b:83:38:7a:75:74:
         41:1d:60:c8:db:a3:a3:68:2b:69:06:e0:5f:a4:31:cd:e8:3f:
         6f:18:17:91:a6:dc:74:29:e6:cb:3f:b8:8e:a5:4b:95:f3:5a:
         1b:25:5c:4e:56:c6:04:1e:2f:db:6b:cc:ae:ba:d1:69:0d:ef:
         ce:79:58:6b:99:b9:2f:df:96:29:7c:6c:85:ea:1c:5f:15:5a:
         2b:38:2d:0f:e2:47:e0:87:b7:b6:a8:b8:b7:d6:c1:aa:ac:4c:
         aa:40:35:b6:b2:e6:ef:3a:43:e3:b7:1d:7a:2b:e6:8c:98:39:
         8e:d7:7d:a0:ef:ba:f7:3a:17:91:99:f8:9c:14:01:e8:c6:20:
         d5:63:3e:98:7d:a5:54:e6:3b:32:c8:70:31:df:81:e0:ef:8e:
         fb:9f:6b:62:f3:8a:c6:8a:28:0e:92:e6:e7:a5:96:9b:61:ad:
         3d:3e:d8:a8:64:89:e9:c0:74:90:28:f6:fe:92:31:70:ce:0d:
         61:d6:0f:bf:9d:19:6c:a1:47:5e:85:eb:c0:9e:b1:82:81:82:
         c3:7c:4b:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZL9e+esDtgxPnkbVGJS1HpnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA1MTgwMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDMyOTc4OThlMTYxNzMyMGJjMmU0NmVmMjA5NGY1MGFkYmU3ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6f6AG0DVehm1pHPuHGWWzs0Zfh8E
LNOcHmORSOtJUTvq0ceYoF947yrDbu9zYo7RpPNPe3RLadrqJ85iGEBluYHFYuiD
kBfY5ODgSfPYBi5l3nFXzccaoNTUnnCEataxW58s2sNIxlj6a85143/a6SgMGpFx
L3qZAaeRek0Aq9B8iYzaGKo+g0F9OaBW6ztGlZX0MgQDnGaj7jjVSHRWMDPMZz7X
EZUJQoekI2+gWFTNRFvhnOGDy879dXEr54fav27aNWjzpS+gfT/JY2Bqk3HLEQJv
PTCXGCh6UmMEgViAIkvfjZV5klgN6R39FcGl2g+Aw8HVvSaOUMq4Auk0cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO0yl4mOFhcyC8LkbvIJT1Ctvn6kMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvN1RLWGlZNFdGeklMd3VSdThnbFBVSzItZnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmGAwQA
HzqQMA0GCSqGSIb3DQEBCwUAA4IBAQA0Zms2bTd2qpXoDFHdpzGHcQPtWih0PYCI
jzDCaf5O4WGHqSvx0JM2l4K9a3EYrrZ7gzh6dXRBHWDI26OjaCtpBuBfpDHN6D9v
GBeRptx0KebLP7iOpUuV81obJVxOVsYEHi/ba8yuutFpDe/OeVhrmbkv35YpfGyF
6hxfFVorOC0P4kfgh7e2qLi31sGqrEyqQDW2subvOkPjtx16K+aMmDmO132g77r3
OheRmficFAHoxiDVYz6YfaVU5jsyyHAx34Hg7477n2ti84rGiigOkubnpZabYa09
PtioZInpwHSQKPb+kjFwzg1h1g+/nRlsoUdehevAnrGCgYLDfEuA
-----END CERTIFICATE-----