Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ALPXmzDUNs_LWhlDCEutwzkdrr4.roa
File:                     ALPXmzDUNs_LWhlDCEutwzkdrr4.roa (raw, json)
Hash identifier:          jkjWNxS7bfVfB0nmyYawu9pCiDOOjJwxyinFtOgZr84=
Subject key identifier:   00:B3:D7:9B:30:D4:36:CF:CB:5A:19:43:08:4B:AD:C3:39:1D:AE:BE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428233ECE5625C25385A91F6D39EC1710
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ALPXmzDUNs_LWhlDCEutwzkdrr4.roa
Signing time:             Thu 02 Jan 2025 17:49:45 +0000
ROA not before:           Thu 02 Jan 2025 17:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        31.57.119.0/24 maxlen: 24
                          31.58.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3e:ce:56:25:c2:53:85:a9:1f:6d:39:ec:17:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00b3d79b30d436cfcb5a1943084badc3391daebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c5:f7:2b:cc:6f:61:b1:d4:4a:e9:e9:06:e6:
                    0c:a3:d6:df:78:9a:39:60:e7:b9:1c:6a:b5:c8:c1:
                    5b:76:9e:ce:da:fb:d1:b3:85:ba:cb:d4:fb:7f:53:
                    d4:b2:f8:f4:e2:26:94:f2:2e:e4:ad:c6:bf:21:a7:
                    af:ac:12:b1:9e:49:b1:ac:51:f5:cc:a2:30:55:f4:
                    73:d9:4b:f0:2e:98:42:d7:f8:91:e3:3a:75:8d:b4:
                    09:79:75:a6:03:be:97:d8:4b:2b:f2:6c:19:bf:34:
                    89:d1:1b:50:33:66:a3:cf:17:56:f2:b1:fd:6b:70:
                    57:c4:b3:26:a7:76:ff:2e:64:c8:95:56:aa:28:1e:
                    f2:63:de:27:97:46:03:4c:5e:df:9e:6f:8a:a7:2f:
                    60:b3:ea:1b:df:b4:b8:ea:aa:67:9d:bc:2a:c8:56:
                    23:21:23:8f:7e:27:02:f7:61:c8:60:89:c2:bd:5f:
                    56:76:2c:a6:92:78:a4:e8:cc:49:32:be:50:d8:64:
                    ba:83:fd:9e:5f:64:48:62:a0:12:d4:72:02:c0:d5:
                    31:c7:e3:08:9d:37:70:f8:d6:22:de:9a:76:5d:ed:
                    ba:25:e9:00:3a:45:62:f1:0a:c2:d4:5d:c9:eb:80:
                    f1:cf:70:f5:65:ca:70:d5:67:dc:f9:14:ae:d8:d3:
                    89:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B3:D7:9B:30:D4:36:CF:CB:5A:19:43:08:4B:AD:C3:39:1D:AE:BE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ALPXmzDUNs_LWhlDCEutwzkdrr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.119.0/24
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ad:89:76:6d:da:4e:d4:12:0c:d2:1a:07:93:03:24:c7:b0:
         2c:17:56:96:82:ea:ef:5b:fa:24:0d:71:e7:42:00:6f:59:62:
         ef:61:d4:48:43:eb:4d:49:90:9c:20:bf:bb:0a:90:d3:75:c9:
         85:06:f7:ec:36:4d:62:ac:e1:f5:e8:41:9a:8f:81:12:cd:9d:
         3b:83:e8:e0:05:7f:5e:a2:de:17:ae:9e:af:a0:f1:1a:10:63:
         4f:74:0c:66:0e:d0:28:a2:97:7a:b3:dd:9c:39:d2:5c:5d:83:
         b6:d5:df:d4:b7:cc:12:8c:0a:c7:65:dc:4c:21:67:d3:5d:25:
         6d:b6:3b:15:58:c9:5c:5b:b5:2a:50:87:9b:88:1b:47:52:40:
         c4:2f:b3:76:19:45:68:83:40:0e:66:3e:d6:c3:fc:a5:41:5f:
         e2:f5:f3:59:e5:fc:35:85:8b:65:a3:45:db:49:f5:79:92:b5:
         5e:a1:b9:5f:1f:99:3e:ad:16:a4:a0:2e:37:62:eb:87:8a:6b:
         db:42:c4:33:f8:4f:98:5a:a3:1e:c7:1d:49:d2:2f:19:0b:af:
         c7:f7:cf:ae:53:4b:72:0f:d2:40:06:8b:45:e6:5c:d5:8e:e2:
         a7:f6:cc:54:11:bd:a0:45:3c:b6:55:9e:9f:1f:1f:d9:e3:e3:
         78:a0:82:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoIz7OViXCU4WpH2057BcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGIzZDc5YjMwZDQzNmNmY2I1YTE5NDMwODRiYWRjMzM5MWRhZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscX3K8xvYbHUSunpBuYMo9bfeJo5
YOe5HGq1yMFbdp7O2vvRs4W6y9T7f1PUsvj04iaU8i7krca/IaevrBKxnkmxrFH1
zKIwVfRz2UvwLphC1/iR4zp1jbQJeXWmA76X2Esr8mwZvzSJ0RtQM2ajzxdW8rH9
a3BXxLMmp3b/LmTIlVaqKB7yY94nl0YDTF7fnm+Kpy9gs+ob37S46qpnnbwqyFYj
ISOPficC92HIYInCvV9Wdiymknik6MxJMr5Q2GS6g/2eX2RIYqAS1HICwNUxx+MI
nTdw+NYi3pp2Xe26JekAOkVi8QrC1F3J64Dxz3D1Zcpw1Wfc+RSu2NOJFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFACz15sw1DbPy1oZQwhLrcM5Ha6+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQUxQWG16RFVOc19MV2hsRENFdXR3emtkcnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzl3AwQA
HzqCMA0GCSqGSIb3DQEBCwUAA4IBAQBqrYl2bdpO1BIM0hoHkwMkx7AsF1aWgurv
W/okDXHnQgBvWWLvYdRIQ+tNSZCcIL+7CpDTdcmFBvfsNk1irOH16EGaj4ESzZ07
g+jgBX9eot4Xrp6voPEaEGNPdAxmDtAoopd6s92cOdJcXYO21d/Ut8wSjArHZdxM
IWfTXSVttjsVWMlcW7UqUIebiBtHUkDEL7N2GUVog0AOZj7Ww/ylQV/i9fNZ5fw1
hYtlo0XbSfV5krVeoblfH5k+rRakoC43YuuHimvbQsQz+E+YWqMexx1J0i8ZC6/H
98+uU0tyD9JABotF5lzVjuKn9sxUEb2gRTy2VZ6fHx/Z4+N4oIJS
-----END CERTIFICATE-----