Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AjNOGRntjtHDycVdfaWZV_c1eXo.roa
File:                     AjNOGRntjtHDycVdfaWZV_c1eXo.roa (raw, json)
Hash identifier:          8b7IXisKCIuNKMnkGcVZJWk2UYMvQRvhx4LjCfZuaDE=
Subject key identifier:   02:33:4E:19:19:ED:8E:D1:C3:C9:C5:5D:7D:A5:99:57:F7:35:79:7A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428235DDFA66AF28CA7EA2D9F0DD43EE4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AjNOGRntjtHDycVdfaWZV_c1eXo.roa
Signing time:             Thu 02 Jan 2025 17:49:53 +0000
ROA not before:           Thu 02 Jan 2025 17:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200436
IP address blocks:        31.58.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:5d:df:a6:6a:f2:8c:a7:ea:2d:9f:0d:d4:3e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02334e1919ed8ed1c3c9c55d7da59957f735797a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2d:3f:75:32:47:38:ff:e7:10:a2:e2:66:67:
                    e9:f7:01:be:3f:41:24:16:a9:a4:66:81:d5:dd:1f:
                    5b:8e:a0:b0:cc:0a:0f:30:19:5d:25:6c:19:36:ef:
                    d2:73:86:8b:64:7c:f4:eb:ed:c6:43:f0:e1:94:74:
                    01:93:9a:82:35:a0:80:3d:15:4f:d5:8e:2a:78:87:
                    b5:dd:50:bd:c1:14:fe:23:10:d3:55:a3:34:29:d3:
                    4c:16:b3:c3:64:e4:c4:8e:b4:d6:b6:79:af:4d:de:
                    d6:21:a4:b9:aa:78:a1:ac:38:05:6c:39:6a:42:13:
                    e2:ff:7a:cd:2d:14:97:a6:26:6a:fd:b7:16:8c:d1:
                    70:6d:66:d8:f8:89:65:66:23:35:ac:80:4e:87:8f:
                    83:56:75:e7:3c:cc:c1:98:e6:0a:fb:0c:9d:60:79:
                    f5:75:a0:c9:50:28:10:bf:31:ad:4d:cd:4e:30:38:
                    52:93:1e:f9:fd:98:8d:59:47:a7:49:e9:06:71:20:
                    f4:cc:89:9f:7a:90:89:83:e1:07:b9:a8:a2:ca:1d:
                    36:1e:61:cf:3f:6e:97:55:f5:74:b5:27:fb:1c:a8:
                    f7:37:d1:a2:f0:73:b0:b7:e5:c1:3e:f0:a7:5e:6d:
                    c1:ab:81:f8:86:48:39:db:f7:63:6b:46:d6:a2:72:
                    28:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:33:4E:19:19:ED:8E:D1:C3:C9:C5:5D:7D:A5:99:57:F7:35:79:7A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AjNOGRntjtHDycVdfaWZV_c1eXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:04:88:85:64:74:eb:08:f8:37:14:e1:0c:39:dd:eb:4d:b4:
         08:fe:e1:ef:1b:d4:8c:aa:3b:8a:a4:df:5d:8a:d3:f8:4a:70:
         f1:06:b8:6c:5e:f3:43:7d:95:46:d5:25:a9:27:7b:75:c8:6c:
         31:ef:0f:f9:21:0a:ee:3e:2f:d4:2d:df:7a:07:7c:5d:34:b3:
         65:79:e0:82:4e:b0:11:79:30:51:d5:46:a2:f7:81:9f:52:bc:
         36:a8:c2:31:e5:fb:0f:ac:00:cb:18:52:f5:62:25:2c:1b:a6:
         15:d6:5a:35:b8:18:46:66:c5:ea:38:ba:b6:26:39:94:48:81:
         af:5e:38:e1:8f:9e:c2:69:ea:e1:99:3e:60:b4:63:f2:a4:ea:
         14:ea:0c:70:1b:97:c3:be:01:01:39:f2:74:44:0b:48:b4:92:
         37:44:21:5d:5f:40:fc:d1:ce:3c:da:ee:b1:c2:32:14:25:fb:
         ff:90:fa:3f:3f:66:ec:d2:e8:df:a3:a3:4f:0a:5c:8a:c6:1b:
         d2:88:b3:c0:9f:4f:6e:48:c3:14:03:84:6f:0e:db:94:7d:19:
         40:5b:a4:3f:ce:2c:70:0c:18:a0:fd:85:22:c8:57:78:a6:f4:
         eb:c6:7a:bf:6b:4c:a6:72:e0:62:8d:92:1b:bc:80:e3:e3:db:
         97:b0:d5:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI13fpmryjKfqLZ8N1D7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMzNGUxOTE5ZWQ4ZWQxYzNjOWM1NWQ3ZGE1OTk1N2Y3MzU3OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3S0/dTJHOP/nEKLiZmfp9wG+P0Ek
FqmkZoHV3R9bjqCwzAoPMBldJWwZNu/Sc4aLZHz06+3GQ/DhlHQBk5qCNaCAPRVP
1Y4qeIe13VC9wRT+IxDTVaM0KdNMFrPDZOTEjrTWtnmvTd7WIaS5qnihrDgFbDlq
QhPi/3rNLRSXpiZq/bcWjNFwbWbY+IllZiM1rIBOh4+DVnXnPMzBmOYK+wydYHn1
daDJUCgQvzGtTc1OMDhSkx75/ZiNWUenSekGcSD0zImfepCJg+EHuaiiyh02HmHP
P26XVfV0tSf7HKj3N9Gi8HOwt+XBPvCnXm3Bq4H4hkg52/dja0bWonIosQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIzThkZ7Y7Rw8nFXX2lmVf3NXl6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQWpOT0dSbnRqdEhEeWNWZGZhV1pWX2MxZVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrtMA0G
CSqGSIb3DQEBCwUAA4IBAQA5BIiFZHTrCPg3FOEMOd3rTbQI/uHvG9SMqjuKpN9d
itP4SnDxBrhsXvNDfZVG1SWpJ3t1yGwx7w/5IQruPi/ULd96B3xdNLNleeCCTrAR
eTBR1Uai94GfUrw2qMIx5fsPrADLGFL1YiUsG6YV1lo1uBhGZsXqOLq2JjmUSIGv
Xjjhj57CaerhmT5gtGPypOoU6gxwG5fDvgEBOfJ0RAtItJI3RCFdX0D80c482u6x
wjIUJfv/kPo/P2bs0ujfo6NPClyKxhvSiLPAn09uSMMUA4RvDtuUfRlAW6Q/zixw
DBig/YUiyFd4pvTrxnq/a0ymcuBijZIbvIDj49uXsNW1
-----END CERTIFICATE-----