Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AzlbTbV8Y_YOkggBUXVy5HRxAH0.roa
File:                     AzlbTbV8Y_YOkggBUXVy5HRxAH0.roa (raw, json)
Hash identifier:          AldJtj+Q3cNwIgz2SgaibgCrlbxru5OJLp0oa71lkdY=
Subject key identifier:   03:39:5B:4D:B5:7C:63:F6:0E:92:08:01:51:75:72:E4:74:71:00:7D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195B2BBDA1796C10C66BC9F773770E35A2C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AzlbTbV8Y_YOkggBUXVy5HRxAH0.roa
Signing time:             Thu 20 Mar 2025 08:46:50 +0000
ROA not before:           Thu 20 Mar 2025 08:46:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215071
IP address blocks:        31.57.230.0/24 maxlen: 24
                          31.57.249.0/24 maxlen: 24
                          31.57.250.0/24 maxlen: 24
                          31.57.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:bb:da:17:96:c1:0c:66:bc:9f:77:37:70:e3:5a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 20 08:46:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03395b4db57c63f60e920801517572e47471007d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:df:77:a7:b2:e2:9d:a4:54:98:c0:24:90:ec:
                    4a:53:db:53:15:fa:8f:74:50:79:3e:e0:42:78:35:
                    52:fe:47:b9:fc:f2:68:e0:8a:ce:12:e2:5c:f7:e9:
                    5f:88:f8:c7:fb:a4:2b:dc:96:9a:c7:19:69:0c:3a:
                    c1:18:56:7c:0b:c8:2e:e8:47:dd:98:8a:f3:d4:37:
                    98:c4:f8:13:21:ac:63:ce:dd:e9:d3:36:f7:1d:70:
                    07:78:4c:fc:b9:0f:66:82:85:11:f8:bd:27:85:5b:
                    1e:2f:80:22:84:e2:d7:57:94:19:5f:d3:fd:92:e0:
                    af:b7:d6:64:bf:11:61:aa:eb:25:77:7e:67:f4:1d:
                    c6:ca:d4:4f:6a:99:7e:7b:86:82:78:b4:80:48:0f:
                    d8:52:49:04:85:b3:ef:da:c7:6d:78:12:26:8b:f4:
                    59:b8:25:a3:d5:15:7b:5d:5c:c2:62:a6:b7:12:6c:
                    0f:ab:8f:c5:6c:d4:95:5d:bf:85:4c:4e:72:9b:e8:
                    7d:ff:20:10:7e:ac:93:28:10:8f:58:65:1a:e6:c5:
                    c2:8a:a9:90:f0:f2:7a:e8:84:c4:38:90:8a:b3:2b:
                    75:20:4f:79:3c:82:65:5a:3a:50:ff:47:93:b0:73:
                    ac:13:15:90:47:74:28:9b:85:f0:8a:29:78:01:88:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:39:5B:4D:B5:7C:63:F6:0E:92:08:01:51:75:72:E4:74:71:00:7D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/AzlbTbV8Y_YOkggBUXVy5HRxAH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.230.0/24
                  31.57.249.0-31.57.251.255

    Signature Algorithm: sha256WithRSAEncryption
         18:58:55:98:bd:0f:bf:e3:0b:02:26:b1:0b:8c:df:29:e3:5c:
         d1:68:fa:04:9a:07:f6:ae:96:31:06:f7:cc:66:25:f4:3e:38:
         d6:ff:58:68:8c:89:8a:2b:a5:e9:72:5b:d3:53:a7:80:f0:c3:
         02:50:37:5c:1f:5e:6c:6b:c9:73:87:78:5c:89:3c:39:e1:7f:
         2b:71:ee:91:08:52:ed:a1:0d:1a:63:82:2e:9f:40:59:f4:80:
         95:10:ac:51:bc:1a:a2:db:53:87:1c:ad:54:be:1a:6e:01:f8:
         c0:11:b2:a8:77:97:b1:23:15:e6:9f:94:aa:0d:38:02:3e:c9:
         4f:7e:af:60:ad:61:b4:6b:72:7b:40:8b:1f:24:84:98:10:b9:
         e5:aa:17:dd:9f:35:75:78:2b:2b:93:e9:ba:f2:e5:c6:c5:52:
         60:67:94:7a:d3:38:fc:09:64:91:e6:5b:b1:a3:b9:9a:a3:00:
         64:e2:0f:c7:dc:4e:34:46:28:44:11:38:38:13:29:34:f3:3d:
         98:c8:33:6b:a1:50:d1:a7:2f:76:33:aa:84:00:ea:ec:63:ff:
         a6:5f:cb:71:36:19:23:c6:f6:e3:79:df:00:e4:af:ec:17:0e:
         f4:16:2f:02:00:1b:71:91:0b:59:d4:9b:e6:30:60:2e:da:f8:
         1e:b5:5d:60
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZWyu9oXlsEMZryfdzdw41osMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzIwMDg0NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM5NWI0ZGI1N2M2M2Y2MGU5MjA4MDE1MTc1NzJlNDc0NzEwMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl993p7LinaRUmMAkkOxKU9tTFfqP
dFB5PuBCeDVS/ke5/PJo4IrOEuJc9+lfiPjH+6Qr3JaaxxlpDDrBGFZ8C8gu6Efd
mIrz1DeYxPgTIaxjzt3p0zb3HXAHeEz8uQ9mgoUR+L0nhVseL4AihOLXV5QZX9P9
kuCvt9ZkvxFhqusld35n9B3GytRPapl+e4aCeLSASA/YUkkEhbPv2sdteBImi/RZ
uCWj1RV7XVzCYqa3EmwPq4/FbNSVXb+FTE5ym+h9/yAQfqyTKBCPWGUa5sXCiqmQ
8PJ66ITEOJCKsyt1IE95PIJlWjpQ/0eTsHOsExWQR3Qom4Xwiil4AYg48QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAM5W021fGP2DpIIAVF1cuR0cQB9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQXpsYlRiVjhZX1lPa2dnQlVYVnk1SFJ4QUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAHznmMAwD
BAAfOfkDBAIfOfgwDQYJKoZIhvcNAQELBQADggEBABhYVZi9D7/jCwImsQuM3ynj
XNFo+gSaB/auljEG98xmJfQ+ONb/WGiMiYorpelyW9NTp4DwwwJQN1wfXmxryXOH
eFyJPDnhfytx7pEIUu2hDRpjgi6fQFn0gJUQrFG8GqLbU4ccrVS+Gm4B+MARsqh3
l7EjFeaflKoNOAI+yU9+r2CtYbRrcntAix8khJgQueWqF92fNXV4KyuT6bry5cbF
UmBnlHrTOPwJZJHmW7GjuZqjAGTiD8fcTjRGKEQRODgTKTTzPZjIM2uhUNGnL3Yz
qoQA6uxj/6Zfy3E2GSPG9uN53wDkr+wXDvQWLwIAG3GRC1nUm+YwYC7a+B61XWA=
-----END CERTIFICATE-----