Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9NEHROwGSfx8F_kkmkW_b6cUmug.roa
File:                     9NEHROwGSfx8F_kkmkW_b6cUmug.roa (raw, json)
Hash identifier:          HS9ncHHYkTzP6PuD0NPpmmG/XdAwV5WSRSZUUjQ+ICQ=
Subject key identifier:   F4:D1:07:44:EC:06:49:FC:7C:17:F9:24:9A:45:BF:6F:A7:14:9A:E8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282381181AC9D5D4B4F443A4C1116131
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9NEHROwGSfx8F_kkmkW_b6cUmug.roa
Signing time:             Thu 02 Jan 2025 17:50:02 +0000
ROA not before:           Thu 02 Jan 2025 17:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215761
IP address blocks:        31.58.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:81:18:1a:c9:d5:d4:b4:f4:43:a4:c1:11:61:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4d10744ec0649fc7c17f9249a45bf6fa7149ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5a:74:c6:59:cd:c7:1b:f7:cf:e7:d6:73:c0:
                    90:d5:6d:15:5d:51:e0:90:15:d3:15:53:a2:dd:6f:
                    3e:d6:41:2f:98:da:12:0f:06:7d:d9:3a:c0:64:f5:
                    04:82:8d:c3:c0:aa:6c:a6:86:9a:ec:f4:f6:b4:e8:
                    69:c8:eb:be:e4:66:2b:60:ba:0f:91:67:94:62:ea:
                    7a:07:46:70:58:06:ca:45:91:65:f8:10:9f:c0:77:
                    e8:54:9a:25:2f:12:9d:34:b1:b1:39:6d:94:94:89:
                    a8:e4:a6:f1:1a:fb:ab:e6:2e:8e:45:b0:88:07:f3:
                    8f:a5:0c:e4:4d:b7:95:5a:ff:10:9a:94:77:f5:97:
                    ca:35:56:15:33:b0:c4:cb:59:2c:fa:e6:32:91:5f:
                    9f:80:67:66:b3:4a:8b:cd:02:4f:92:b3:68:63:75:
                    59:6f:e7:dc:a3:15:8a:ed:b4:09:00:ee:96:94:f4:
                    88:0b:d9:a4:08:a6:7a:32:c5:a9:3d:f8:3d:53:e9:
                    f6:40:ed:7a:1a:93:7f:7a:76:b8:b5:0a:d7:20:39:
                    62:22:78:b5:d0:44:13:a8:d2:03:27:59:98:bd:42:
                    7b:b0:2f:b7:f4:dd:92:bd:e6:61:1d:6a:33:d2:3e:
                    14:af:25:07:1e:ff:af:60:6d:47:ce:7a:7d:e0:ef:
                    e1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D1:07:44:EC:06:49:FC:7C:17:F9:24:9A:45:BF:6F:A7:14:9A:E8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9NEHROwGSfx8F_kkmkW_b6cUmug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ed:a8:4e:d0:4d:f0:24:33:67:88:78:5f:45:f3:c0:2c:25:
         81:f9:56:12:70:f1:aa:68:3a:58:c4:7a:eb:5f:d6:85:cd:f9:
         8a:f2:25:d1:fc:38:96:32:34:7f:e1:c9:ab:53:86:d9:58:eb:
         7b:56:3c:75:2b:ad:76:31:43:27:d5:31:50:20:09:c0:5d:08:
         2c:c3:a3:79:2d:43:21:c2:89:92:da:ce:46:a9:f1:57:6f:29:
         1f:cf:2a:dc:cd:0b:f5:0b:48:80:1c:f6:ce:e7:47:4d:27:5b:
         35:84:cd:f0:12:d5:08:a4:79:5e:da:a2:6b:16:cf:4c:7d:31:
         85:5d:52:b6:6a:c6:81:27:79:1f:b3:1d:89:7e:75:d8:0e:4e:
         ec:54:31:2d:78:e1:6b:80:67:a9:26:ee:8b:c6:43:16:9d:a2:
         2b:28:ad:33:46:da:41:3a:0e:83:dc:7e:14:c4:65:b9:2a:16:
         70:5c:af:d9:93:d7:35:43:30:d1:a1:31:e0:dd:be:f3:2a:eb:
         d7:c9:42:f7:47:db:a1:da:b8:01:d9:ed:29:f3:1c:5b:f6:4e:
         f7:44:13:02:40:83:52:35:d0:b4:84:de:14:ed:15:02:e8:c9:
         e9:bc:15:cf:88:17:d1:b9:ae:e0:46:41:bb:37:99:f4:5e:58:
         4e:cf:81:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4EYGsnV1LT0Q6TBEWExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQxMDc0NGVjMDY0OWZjN2MxN2Y5MjQ5YTQ1YmY2ZmE3MTQ5YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFp0xlnNxxv3z+fWc8CQ1W0VXVHg
kBXTFVOi3W8+1kEvmNoSDwZ92TrAZPUEgo3DwKpspoaa7PT2tOhpyOu+5GYrYLoP
kWeUYup6B0ZwWAbKRZFl+BCfwHfoVJolLxKdNLGxOW2UlImo5KbxGvur5i6ORbCI
B/OPpQzkTbeVWv8QmpR39ZfKNVYVM7DEy1ks+uYykV+fgGdms0qLzQJPkrNoY3VZ
b+fcoxWK7bQJAO6WlPSIC9mkCKZ6MsWpPfg9U+n2QO16GpN/ena4tQrXIDliIni1
0EQTqNIDJ1mYvUJ7sC+39N2SveZhHWoz0j4UryUHHv+vYG1Hznp94O/hHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTRB0TsBkn8fBf5JJpFv2+nFJroMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOU5FSFJPd0dTZng4Rl9ra21rV19iNmNVbXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzr6MA0G
CSqGSIb3DQEBCwUAA4IBAQCb7ahO0E3wJDNniHhfRfPALCWB+VYScPGqaDpYxHrr
X9aFzfmK8iXR/DiWMjR/4cmrU4bZWOt7Vjx1K612MUMn1TFQIAnAXQgsw6N5LUMh
womS2s5GqfFXbykfzyrczQv1C0iAHPbO50dNJ1s1hM3wEtUIpHle2qJrFs9MfTGF
XVK2asaBJ3kfsx2JfnXYDk7sVDEteOFrgGepJu6LxkMWnaIrKK0zRtpBOg6D3H4U
xGW5KhZwXK/Zk9c1QzDRoTHg3b7zKuvXyUL3R9uh2rgB2e0p8xxb9k73RBMCQINS
NdC0hN4U7RUC6MnpvBXPiBfRua7gRkG7N5n0XlhOz4Ex
-----END CERTIFICATE-----