Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BM-2sl3B0Tas6dKGQ17R1WjTaek.roa
File:                     BM-2sl3B0Tas6dKGQ17R1WjTaek.roa (raw, json)
Hash identifier:          s6pRwyirBY3uMHTfGmL0WQ0PH+yedbElzrn8vPCF/lg=
Subject key identifier:   04:CF:B6:B2:5D:C1:D1:36:AC:E9:D2:86:43:5E:D1:D5:68:D3:69:E9
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019224503432F8B06907E52F380119B889DB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BM-2sl3B0Tas6dKGQ17R1WjTaek.roa
Signing time:             Tue 24 Sep 2024 13:54:48 +0000
ROA not before:           Tue 24 Sep 2024 13:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216145
IP address blocks:        31.57.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:50:34:32:f8:b0:69:07:e5:2f:38:01:19:b8:89:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 24 13:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04cfb6b25dc1d136ace9d286435ed1d568d369e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:28:58:72:72:8b:c2:65:ac:51:87:60:02:a0:
                    f9:c1:f0:21:d6:1c:9e:99:c8:70:e7:d4:ac:21:51:
                    3a:01:b2:e3:f9:47:97:8f:99:00:23:71:21:02:b1:
                    d1:93:dc:44:dd:6f:a0:37:6d:e2:c4:ee:49:ec:75:
                    0e:9f:8b:77:33:43:48:af:35:34:9f:bc:77:c3:61:
                    60:d2:2f:7c:6b:2c:d3:d1:76:4b:dc:2c:b6:3d:7f:
                    55:1e:6e:75:08:74:5e:d2:7a:6a:58:ff:f1:9c:75:
                    71:2a:b6:3f:7d:5d:5d:67:bf:2e:2f:06:07:72:3c:
                    cc:71:54:2d:d9:25:01:08:1e:5d:13:c9:8a:ef:89:
                    62:cf:40:10:51:eb:c4:73:36:9c:2e:63:e2:98:f4:
                    fa:3a:0f:a6:84:4c:41:6b:99:84:66:e9:43:3d:f0:
                    3a:bb:d2:60:3e:c8:56:ec:98:b1:6b:14:94:a2:8e:
                    6d:f7:13:18:53:56:38:f4:5f:91:5f:46:1d:b8:0c:
                    a2:76:ff:73:bb:8c:04:a2:9e:6f:0a:75:55:7e:4f:
                    7f:47:bb:27:6a:e6:82:27:70:19:3f:fd:f9:2e:07:
                    9e:0d:8d:ac:66:f9:4c:46:68:13:f1:e6:3f:33:2a:
                    9a:da:56:e7:96:18:32:fb:07:75:3c:bc:e8:d2:25:
                    36:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:CF:B6:B2:5D:C1:D1:36:AC:E9:D2:86:43:5E:D1:D5:68:D3:69:E9
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BM-2sl3B0Tas6dKGQ17R1WjTaek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:5c:f7:b6:78:f7:1f:0a:8d:16:92:66:bf:13:a2:d5:4c:1c:
         3a:f6:16:9f:be:ff:cc:ac:35:c2:49:8e:0b:f2:86:cb:d6:90:
         04:f5:61:64:54:71:12:c4:7b:3c:3f:8c:95:d1:0e:c6:a0:9e:
         31:91:82:0e:0c:44:a8:a2:b7:b4:b1:d6:8a:e9:65:e2:d0:87:
         39:f6:a7:0a:7e:45:f8:08:9f:6a:76:0b:78:8f:2f:fa:e6:f1:
         40:bb:25:2b:46:e7:2b:0e:f3:0c:07:1e:32:36:73:06:64:cf:
         60:2a:1f:15:91:b6:3b:70:21:90:67:1a:73:6e:d2:5c:9f:91:
         11:13:36:62:f2:67:60:4d:82:8f:a7:a0:61:79:94:96:15:3f:
         15:6b:8e:6b:e2:70:46:e8:00:a6:41:24:b1:ea:cb:cf:a1:35:
         f1:a7:63:33:00:ab:43:4c:77:b6:12:ae:d8:a6:e1:d1:42:f2:
         ab:a7:c2:b1:c9:b6:ea:a6:36:69:7b:b9:61:ea:52:e5:bc:6f:
         49:1e:ba:bd:bf:cc:b4:77:77:61:65:83:01:1a:cc:2d:c4:15:
         28:fb:04:66:f5:54:34:f4:e3:7b:82:8a:00:38:ae:1c:44:e4:
         83:a9:ae:c2:83:db:32:17:f0:4b:db:dc:a5:77:2d:a3:08:6a:
         15:87:6c:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkUDQy+LBpB+UvOAEZuInbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTI0MTM1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNmYjZiMjVkYzFkMTM2YWNlOWQyODY0MzVlZDFkNTY4ZDM2OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyhYcnKLwmWsUYdgAqD5wfAh1hye
mchw59SsIVE6AbLj+UeXj5kAI3EhArHRk9xE3W+gN23ixO5J7HUOn4t3M0NIrzU0
n7x3w2Fg0i98ayzT0XZL3Cy2PX9VHm51CHRe0npqWP/xnHVxKrY/fV1dZ78uLwYH
cjzMcVQt2SUBCB5dE8mK74liz0AQUevEczacLmPimPT6Og+mhExBa5mEZulDPfA6
u9JgPshW7JixaxSUoo5t9xMYU1Y49F+RX0YduAyidv9zu4wEop5vCnVVfk9/R7sn
auaCJ3AZP/35LgeeDY2sZvlMRmgT8eY/Myqa2lbnlhgy+wd1PLzo0iU2XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATPtrJdwdE2rOnShkNe0dVo02npMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQk0tMnNsM0IwVGFzNmRLR1ExN1IxV2pUYWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmnMA0G
CSqGSIb3DQEBCwUAA4IBAQB7XPe2ePcfCo0Wkma/E6LVTBw69hafvv/MrDXCSY4L
8obL1pAE9WFkVHESxHs8P4yV0Q7GoJ4xkYIODESoore0sdaK6WXi0Ic59qcKfkX4
CJ9qdgt4jy/65vFAuyUrRucrDvMMBx4yNnMGZM9gKh8VkbY7cCGQZxpzbtJcn5ER
EzZi8mdgTYKPp6BheZSWFT8Va45r4nBG6ACmQSSx6svPoTXxp2MzAKtDTHe2Eq7Y
puHRQvKrp8KxybbqpjZpe7lh6lLlvG9JHrq9v8y0d3dhZYMBGswtxBUo+wRm9VQ0
9ON7gooAOK4cROSDqa7Cg9syF/BL29yldy2jCGoVh2ym
-----END CERTIFICATE-----