Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8pUuif728EG3MN3epwI6_JCKbu0.roa
File:                     8pUuif728EG3MN3epwI6_JCKbu0.roa (raw, json)
Hash identifier:          lQDBPKm6S7SsO9xmNyJcbsM4daseYjSyZ+Zs0gPA/ls=
Subject key identifier:   F2:95:2E:89:FE:F6:F0:41:B7:30:DD:DE:A7:02:3A:FC:90:8A:6E:ED
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823631C2CD3D096EF61C29C55B56BAE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8pUuif728EG3MN3epwI6_JCKbu0.roa
Signing time:             Thu 02 Jan 2025 17:49:55 +0000
ROA not before:           Thu 02 Jan 2025 17:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205733
IP address blocks:        31.57.134.0/24 maxlen: 24
                          31.58.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:63:1c:2c:d3:d0:96:ef:61:c2:9c:55:b5:6b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2952e89fef6f041b730dddea7023afc908a6eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6f:26:9f:30:74:9c:b6:67:4d:0f:f3:62:7e:
                    e0:90:5f:cb:ec:3a:e3:26:28:6d:c5:83:62:a9:a9:
                    82:27:57:e9:03:55:23:99:ba:f4:91:8c:54:32:74:
                    23:46:9b:e3:dc:7a:ac:7d:f5:8d:09:90:36:7c:9c:
                    12:3e:69:6e:5d:4d:f7:83:ec:39:0a:46:f8:89:87:
                    bd:2b:d4:58:2f:6a:9e:65:14:c5:e4:e0:56:2a:4a:
                    68:92:48:d2:9d:e8:73:b9:1a:c0:f0:02:21:bc:69:
                    88:1b:0b:a4:7a:8f:61:ba:f3:c6:0d:a3:ce:2c:bf:
                    da:db:84:83:74:29:00:c2:bf:5e:7c:1b:d0:22:a8:
                    e8:26:da:ca:68:d5:66:f4:5d:3c:7b:28:b7:a3:9d:
                    2c:0b:75:f7:44:65:cb:d8:ee:c5:52:4c:dc:eb:0c:
                    37:7f:46:3f:d9:56:a6:dd:56:3b:94:73:40:9b:43:
                    09:d1:a3:df:e9:2c:96:f1:26:bf:b7:c4:be:91:4c:
                    cb:a1:67:53:29:a7:73:c6:85:81:e8:7c:40:bc:95:
                    d0:d0:a8:94:30:fd:4e:80:bd:fb:fb:a9:54:5a:b0:
                    bc:61:29:06:d7:ab:50:de:7b:37:75:0b:64:b9:18:
                    4f:1b:fe:ba:7b:97:2c:ab:33:6a:71:b5:71:e5:66:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:95:2E:89:FE:F6:F0:41:B7:30:DD:DE:A7:02:3A:FC:90:8A:6E:ED
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/8pUuif728EG3MN3epwI6_JCKbu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.134.0/24
                  31.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c5:78:77:8d:fd:bf:47:79:cd:be:05:ad:0e:08:ed:f4:fb:
         63:32:ed:2a:d4:3b:60:cc:b2:eb:d6:08:de:63:ef:00:ec:b1:
         d9:5e:7a:05:8b:10:91:6e:66:d3:89:14:0f:1f:46:4d:85:eb:
         aa:3e:a9:94:a9:9c:d6:f5:74:0d:a7:af:a9:f4:3b:92:97:9a:
         bf:61:bb:c6:fd:6b:5f:dd:6b:4b:3d:15:a8:08:84:26:84:57:
         45:07:79:62:45:e6:3c:f7:ca:e5:5a:78:80:4b:7a:2c:2f:a1:
         e1:d8:ee:f2:35:5c:09:90:6a:2d:0e:6c:21:57:a9:eb:6b:b2:
         f4:7d:84:aa:d6:b1:48:bd:35:89:73:a3:ad:16:fd:2c:32:13:
         dc:46:e2:4e:6e:05:b5:45:35:7f:17:7e:3f:86:77:7b:83:33:
         92:75:f1:f0:ef:27:06:13:44:c9:6d:21:56:25:e8:db:e8:bc:
         ad:bb:ed:b0:3d:9b:0e:d3:1c:36:30:ff:ab:35:48:b8:9a:1c:
         cd:48:7c:a0:6b:a6:dc:c0:7a:db:44:a1:c4:2b:d4:89:e1:e9:
         28:ed:85:40:c6:0d:a6:73:75:d4:72:ad:a8:40:e2:25:55:53:
         f1:92:4a:dc:17:e8:23:53:4f:f4:19:5f:82:d1:6c:b9:d0:3d:
         43:10:04:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI2McLNPQlu9hwpxVtWuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjk1MmU4OWZlZjZmMDQxYjczMGRkZGVhNzAyM2FmYzkwOGE2ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG8mnzB0nLZnTQ/zYn7gkF/L7Drj
JihtxYNiqamCJ1fpA1Ujmbr0kYxUMnQjRpvj3HqsffWNCZA2fJwSPmluXU33g+w5
Ckb4iYe9K9RYL2qeZRTF5OBWKkpokkjSnehzuRrA8AIhvGmIGwukeo9huvPGDaPO
LL/a24SDdCkAwr9efBvQIqjoJtrKaNVm9F08eyi3o50sC3X3RGXL2O7FUkzc6ww3
f0Y/2Vam3VY7lHNAm0MJ0aPf6SyW8Sa/t8S+kUzLoWdTKadzxoWB6HxAvJXQ0KiU
MP1OgL37+6lUWrC8YSkG16tQ3ns3dQtkuRhPG/66e5csqzNqcbVx5WZsyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPKVLon+9vBBtzDd3qcCOvyQim7tMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOHBVdWlmNzI4RUczTU4zZXB3STZfSkNLYnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmGAwQA
HzqQMA0GCSqGSIb3DQEBCwUAA4IBAQCZxXh3jf2/R3nNvgWtDgjt9PtjMu0q1Dtg
zLLr1gjeY+8A7LHZXnoFixCRbmbTiRQPH0ZNheuqPqmUqZzW9XQNp6+p9DuSl5q/
YbvG/Wtf3WtLPRWoCIQmhFdFB3liReY898rlWniAS3osL6Hh2O7yNVwJkGotDmwh
V6nra7L0fYSq1rFIvTWJc6OtFv0sMhPcRuJObgW1RTV/F34/hnd7gzOSdfHw7ycG
E0TJbSFWJejb6Lytu+2wPZsO0xw2MP+rNUi4mhzNSHyga6bcwHrbRKHEK9SJ4eko
7YVAxg2mc3XUcq2oQOIlVVPxkkrcF+gjU0/0GV+C0Wy50D1DEARr
-----END CERTIFICATE-----