Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9QJgCX5pcTQvwSVgSRlMOYPwcGM.roa
File:                     9QJgCX5pcTQvwSVgSRlMOYPwcGM.roa (raw, json)
Hash identifier:          tmGmlaLcHcYPqOtxFxeUrCsckxLwBluPgLlb8uXm9rI=
Subject key identifier:   F5:02:60:09:7E:69:71:34:2F:C1:25:60:49:19:4C:39:83:F0:70:63
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192AF38A32BCA0E99DC854B116F5C982B38
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9QJgCX5pcTQvwSVgSRlMOYPwcGM.roa
Signing time:             Mon 21 Oct 2024 13:16:17 +0000
ROA not before:           Mon 21 Oct 2024 13:16:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        31.56.8.0/21 maxlen: 24
                          31.56.142.0/23 maxlen: 24
                          31.56.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:af:38:a3:2b:ca:0e:99:dc:85:4b:11:6f:5c:98:2b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 21 13:16:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f50260097e6971342fc1256049194c3983f07063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:2d:e6:50:bc:78:6d:37:56:50:b4:6c:b2:
                    77:5a:a9:da:62:fb:94:74:74:79:69:33:0b:ca:49:
                    d7:4a:70:a8:f5:86:c2:f9:69:17:f2:12:b1:67:d2:
                    0b:db:c1:82:f4:f1:85:bc:88:77:e5:24:64:27:a1:
                    49:06:78:b1:cc:83:50:d6:7c:f1:22:23:3d:8a:8c:
                    48:aa:9c:e4:3a:17:b5:39:ff:d7:5a:d1:c5:1d:06:
                    f4:88:27:f5:41:a1:7f:31:31:18:fa:3e:e3:86:40:
                    01:ac:0d:cb:a6:5c:80:05:4f:31:ce:8b:74:13:26:
                    ed:7d:fb:ba:c1:bb:9f:54:f3:27:83:b4:97:d2:17:
                    f1:ad:c8:ce:c1:6c:6d:ed:6e:bd:c6:41:86:90:20:
                    d3:b4:48:a1:33:a0:5f:70:80:e2:2d:9c:46:bd:ae:
                    fe:d1:2d:a6:23:80:02:3c:f1:10:7d:94:32:22:c1:
                    2b:4d:30:bd:47:ac:21:4a:3e:07:d1:71:ab:7e:08:
                    a1:c3:93:c7:77:f5:6e:9d:f7:36:d5:2c:46:a9:05:
                    ad:28:82:a0:9e:b3:23:6a:4f:80:33:b7:c3:21:ba:
                    fa:d5:65:34:44:0e:8f:5c:75:01:39:dc:99:75:d5:
                    f1:7e:60:b7:20:81:fd:88:b2:47:92:3c:fa:4d:8e:
                    ba:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:02:60:09:7E:69:71:34:2F:C1:25:60:49:19:4C:39:83:F0:70:63
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/9QJgCX5pcTQvwSVgSRlMOYPwcGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.8.0/21
                  31.56.142.0/23
                  31.56.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:79:dd:1f:bc:1f:dd:b7:72:03:ab:43:62:03:3a:07:b5:82:
         cc:cc:1f:c3:30:45:3d:eb:e9:95:48:df:66:94:9f:76:03:5d:
         c1:42:28:4b:c6:c3:ec:dc:ba:bb:6f:81:5d:b6:e9:03:70:ca:
         d2:62:7b:30:bc:4a:a3:35:28:28:09:7b:ee:09:6b:16:b2:a1:
         71:b9:31:d3:4c:09:83:6e:ab:26:5b:ee:a8:16:f3:12:8f:30:
         ee:b6:50:f3:18:38:19:4d:22:40:56:2e:d0:bf:1d:b9:9d:89:
         5a:68:44:be:fa:67:26:3e:d8:09:09:55:12:78:55:34:e9:ed:
         a3:18:40:97:a3:10:94:39:9f:dd:e7:54:36:18:96:87:a4:f2:
         0b:16:2b:e9:e2:22:cb:6a:22:ee:58:d4:8b:58:e9:4b:6f:d2:
         c2:38:8a:3d:89:13:62:96:c9:c1:3c:f5:3a:63:16:01:76:ae:
         f1:2f:a1:5a:3a:3b:ba:62:f3:9c:5c:a7:c3:76:70:ca:9e:15:
         fd:22:7e:6c:2d:21:22:77:2d:36:cf:44:76:e5:64:fc:5f:d4:
         18:3f:d6:a7:aa:23:67:5d:88:8e:be:98:b9:46:26:20:f5:08:
         74:49:af:f0:a0:a0:94:28:bd:9d:b2:ed:9b:53:ed:44:45:5a:
         08:c2:3f:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKvOKMryg6Z3IVLEW9cmCs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDIxMTMxNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAyNjAwOTdlNjk3MTM0MmZjMTI1NjA0OTE5NGMzOTgzZjA3MDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ8t5lC8eG03VlC0bLJ3WqnaYvuU
dHR5aTMLyknXSnCo9YbC+WkX8hKxZ9IL28GC9PGFvIh35SRkJ6FJBnixzINQ1nzx
IiM9ioxIqpzkOhe1Of/XWtHFHQb0iCf1QaF/MTEY+j7jhkABrA3LplyABU8xzot0
Eybtffu6wbufVPMng7SX0hfxrcjOwWxt7W69xkGGkCDTtEihM6BfcIDiLZxGva7+
0S2mI4ACPPEQfZQyIsErTTC9R6whSj4H0XGrfgihw5PHd/Vunfc21SxGqQWtKIKg
nrMjak+AM7fDIbr61WU0RA6PXHUBOdyZddXxfmC3IIH9iLJHkjz6TY66PQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUCYAl+aXE0L8ElYEkZTDmD8HBjMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvOVFKZ0NYNXBjVFF2d1NWZ1NSbE1PWVB3Y0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDHzgIAwQB
HziOAwQCHziUMA0GCSqGSIb3DQEBCwUAA4IBAQBaed0fvB/dt3IDq0NiAzoHtYLM
zB/DMEU96+mVSN9mlJ92A13BQihLxsPs3Lq7b4FdtukDcMrSYnswvEqjNSgoCXvu
CWsWsqFxuTHTTAmDbqsmW+6oFvMSjzDutlDzGDgZTSJAVi7Qvx25nYlaaES++mcm
PtgJCVUSeFU06e2jGECXoxCUOZ/d51Q2GJaHpPILFivp4iLLaiLuWNSLWOlLb9LC
OIo9iRNilsnBPPU6YxYBdq7xL6FaOju6YvOcXKfDdnDKnhX9In5sLSEidy02z0R2
5WT8X9QYP9anqiNnXYiOvpi5RiYg9Qh0Sa/woKCUKL2dsu2bU+1ERVoIwj+b
-----END CERTIFICATE-----