Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8Uq71LAy4edlEC3glRwKDs8KW1o.roa
File:                     8Uq71LAy4edlEC3glRwKDs8KW1o.roa (raw, json)
Hash identifier:          AM9b1cBNhcomqXiCw0MMsDxBmJW6/IX5fxh0ahI9H6I=
Subject key identifier:   F1:4A:BB:D4:B0:32:E1:E7:65:10:2D:E0:95:1C:0A:0E:CF:0A:5B:5A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823365BA7269D18280D4E8FE260E32F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8Uq71LAy4edlEC3glRwKDs8KW1o.roa
Signing time:             Thu 02 Jan 2025 17:49:43 +0000
ROA not before:           Thu 02 Jan 2025 17:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9232
IP address blocks:        31.59.109.0/24 maxlen: 24
                          31.59.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:36:5b:a7:26:9d:18:28:0d:4e:8f:e2:60:e3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f14abbd4b032e1e765102de0951c0a0ecf0a5b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:21:df:7d:5f:2f:d0:f5:df:9f:0a:fe:13:
                    c6:6b:fa:4e:a5:78:81:25:9d:43:48:0f:0e:0b:1c:
                    d9:2e:26:7f:03:7f:50:bc:90:46:9d:46:ee:24:25:
                    f2:1d:92:5d:a3:89:22:29:80:ac:2b:61:c7:62:43:
                    31:fb:0d:96:ce:5c:6f:12:9a:d6:29:53:9b:7b:71:
                    cb:3c:8c:5e:74:38:ff:7e:a8:2e:54:59:37:1c:76:
                    36:99:f5:b7:2e:23:00:23:ea:0f:1c:ed:ea:e3:4a:
                    d7:b8:38:36:94:1c:ea:92:37:38:97:a1:00:0f:23:
                    ca:27:28:a5:49:f5:3e:e0:e2:63:34:a3:e4:1c:7e:
                    7a:8c:31:5b:db:ad:77:17:b6:3d:76:7d:16:c0:cb:
                    a3:09:dc:1f:f2:6d:17:7a:a9:55:6c:d6:7e:c1:f8:
                    66:37:36:54:d3:d6:86:0f:72:60:f5:d7:4a:e7:0e:
                    24:a7:b7:88:96:68:00:7c:7f:85:28:fe:b1:00:4b:
                    68:05:49:cf:27:0c:73:7b:c1:ea:09:89:04:c4:0c:
                    76:ae:aa:04:c4:49:3a:b1:7b:71:3d:91:01:26:c4:
                    8f:19:1c:34:3a:12:5f:01:a1:79:6e:20:b5:d1:7b:
                    7d:f5:51:fb:68:20:db:25:8d:ef:8e:0d:3e:88:a6:
                    d4:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:4A:BB:D4:B0:32:E1:E7:65:10:2D:E0:95:1C:0A:0E:CF:0A:5B:5A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8Uq71LAy4edlEC3glRwKDs8KW1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.109.0-31.59.110.255

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:d9:13:1a:cc:a1:54:61:ac:da:56:73:65:d5:ae:43:80:
         59:b7:d0:8d:6c:c2:15:53:1f:00:5e:f4:80:2e:67:a7:d8:35:
         d9:82:bd:9b:cb:03:c3:b7:25:91:f1:7a:11:cc:86:6a:1e:67:
         56:2f:4f:54:55:d0:74:14:94:61:d3:be:56:6f:b7:04:d2:68:
         66:fc:3f:59:63:fa:32:b7:f3:f8:a5:b0:c4:1d:56:b1:ba:4e:
         bc:f4:33:b1:d6:95:69:4e:fe:24:3b:39:48:8a:5b:27:e0:2d:
         cd:aa:f5:90:9c:65:6a:7d:0c:89:97:5c:78:1e:1f:35:af:20:
         9f:6c:2e:f5:37:e1:7d:97:36:c5:f4:14:cd:16:2e:3c:d7:08:
         85:0e:f6:39:4f:66:7a:59:0f:87:50:8d:81:6f:9c:15:d1:9b:
         cb:dd:d9:7a:5a:82:a9:69:87:cb:7c:81:cd:3e:9a:2f:66:ec:
         84:bd:7f:1a:28:82:e8:0b:d3:c3:5b:2d:ae:8d:95:26:56:b1:
         b2:69:19:04:60:28:9b:04:59:de:8f:e5:96:ce:d5:1d:04:1e:
         4f:c8:2e:d9:9f:ad:f8:08:2a:49:da:e5:f5:72:92:d9:5a:b6:
         0b:95:89:80:0a:18:f0:90:fe:87:15:8c:af:50:23:c2:a2:46:
         b5:be:fd:47
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoIzZbpyadGCgNTo/iYOMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTRhYmJkNGIwMzJlMWU3NjUxMDJkZTA5NTFjMGEwZWNmMGE1YjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnQh331fL9D1358K/hPGa/pOpXiB
JZ1DSA8OCxzZLiZ/A39QvJBGnUbuJCXyHZJdo4kiKYCsK2HHYkMx+w2WzlxvEprW
KVObe3HLPIxedDj/fqguVFk3HHY2mfW3LiMAI+oPHO3q40rXuDg2lBzqkjc4l6EA
DyPKJyilSfU+4OJjNKPkHH56jDFb2613F7Y9dn0WwMujCdwf8m0XeqlVbNZ+wfhm
NzZU09aGD3Jg9ddK5w4kp7eIlmgAfH+FKP6xAEtoBUnPJwxze8HqCYkExAx2rqoE
xEk6sXtxPZEBJsSPGRw0OhJfAaF5biC10Xt99VH7aCDbJY3vjg0+iKbUcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPFKu9SwMuHnZRAt4JUcCg7PCltaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOFVxNzFMQXk0ZWRsRUMzZ2xSd0tEczhLVzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfO20D
BAAfO24wDQYJKoZIhvcNAQELBQADggEBADXt2RMazKFUYazaVnNl1a5DgFm30I1s
whVTHwBe9IAuZ6fYNdmCvZvLA8O3JZHxehHMhmoeZ1YvT1RV0HQUlGHTvlZvtwTS
aGb8P1lj+jK38/ilsMQdVrG6Trz0M7HWlWlO/iQ7OUiKWyfgLc2q9ZCcZWp9DImX
XHgeHzWvIJ9sLvU34X2XNsX0FM0WLjzXCIUO9jlPZnpZD4dQjYFvnBXRm8vd2Xpa
gqlph8t8gc0+mi9m7IS9fxoogugL08NbLa6NlSZWsbJpGQRgKJsEWd6P5ZbO1R0E
Hk/ILtmfrfgIKkna5fVyktlatguViYAKGPCQ/ocVjK9QI8KiRrW+/Uc=
-----END CERTIFICATE-----