Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BZYew7BDSNS9MHVZ6IIo9OpKi_w.roa
File:                     BZYew7BDSNS9MHVZ6IIo9OpKi_w.roa (raw, json)
Hash identifier:          /xLQx2IIAFtvzMVMOE+dQWAed3UjvqiaMjaeGkofA7Y=
Subject key identifier:   05:96:1E:C3:B0:43:48:D4:BD:30:75:59:E8:82:28:F4:EA:4A:8B:FC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823872FA06BDCB46A957AB732BCBC3C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BZYew7BDSNS9MHVZ6IIo9OpKi_w.roa
Signing time:             Thu 02 Jan 2025 17:50:04 +0000
ROA not before:           Thu 02 Jan 2025 17:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273034
IP address blocks:        31.56.152.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:87:2f:a0:6b:dc:b4:6a:95:7a:b7:32:bc:bc:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05961ec3b04348d4bd307559e88228f4ea4a8bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:04:1e:73:0a:5c:b6:a2:be:d5:71:d6:a7:e7:
                    66:58:5d:d3:b3:59:5a:2e:b9:36:df:be:61:1e:b7:
                    36:7a:38:c6:fb:2e:ea:c6:c1:39:a1:62:13:0e:c6:
                    28:23:60:49:b7:f3:da:4d:4b:b2:30:da:27:05:4d:
                    b8:2b:45:90:9b:e3:cf:9c:e3:cb:0c:4c:fb:ea:ae:
                    da:8c:9b:9a:20:73:b8:b7:ce:cd:09:35:7f:fd:2d:
                    08:b6:6c:28:3e:f8:bf:bf:39:22:5c:82:b5:eb:67:
                    46:6e:52:e9:dc:df:df:c6:b8:0f:22:64:79:bb:cd:
                    7b:e7:ca:4e:18:2b:6e:af:ba:f3:80:c0:2d:1c:97:
                    e9:5c:d7:d7:02:d5:aa:44:fd:d9:7c:71:14:83:a9:
                    88:fb:87:69:22:93:09:47:5b:83:c9:4b:8e:48:64:
                    68:ba:26:68:aa:2f:01:bb:3b:32:f2:48:a2:85:30:
                    de:9b:ca:4b:ac:cf:8d:f3:25:7a:60:38:ef:89:18:
                    c2:97:d3:11:0c:fe:80:7a:8a:b3:af:b3:e7:be:19:
                    6b:d4:fe:af:9c:ab:6f:46:c9:49:1c:4b:ee:59:04:
                    17:96:0d:ae:aa:6c:e9:71:8f:7d:c2:c5:8a:c9:7b:
                    15:a1:0a:43:d8:1a:d1:e9:db:48:77:e1:26:6f:5b:
                    e8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:96:1E:C3:B0:43:48:D4:BD:30:75:59:E8:82:28:F4:EA:4A:8B:FC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BZYew7BDSNS9MHVZ6IIo9OpKi_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:d0:4c:a0:0d:a6:14:28:21:c1:8e:ef:fc:d1:25:8a:a5:4b:
         5a:c8:02:d6:1e:59:28:d8:25:56:4a:c0:af:4c:d2:33:2c:3a:
         11:e1:47:2d:81:e6:06:07:6e:bf:9e:57:ce:5f:48:37:ae:c2:
         d2:fe:1c:53:f2:c5:e8:68:d3:06:99:b3:79:24:d6:12:e3:4f:
         32:88:5e:ca:22:47:2c:0f:e5:10:da:90:0b:04:ef:89:09:b9:
         86:34:19:0e:6a:f9:e5:b7:a2:23:3e:a5:95:a9:1b:2b:2e:61:
         65:9f:b6:17:dd:71:ec:64:2a:d0:00:6c:9e:96:e6:f0:e0:c7:
         92:45:7e:2a:f7:1e:f9:ae:9f:cc:34:ea:ad:58:a4:03:c8:cc:
         b6:30:68:62:fb:7a:96:56:e5:5d:e9:11:99:75:51:cf:fc:44:
         e1:87:36:c0:6f:f5:cc:79:90:69:fe:9b:0d:de:91:a4:53:8f:
         35:05:c7:4b:07:2f:87:fd:7e:cd:c3:b4:b2:ca:3d:0b:45:2a:
         6c:55:72:6d:c6:fa:98:40:8e:b6:24:5e:41:e3:6b:ea:0b:75:
         2d:68:85:a3:3b:67:f4:95:eb:18:da:e0:e9:52:66:c6:fe:f2:
         08:37:cc:96:e7:02:a4:5d:e0:bc:b4:52:b7:26:ae:c1:12:c6:
         c2:c8:8f:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4cvoGvctGqVercyvLw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk2MWVjM2IwNDM0OGQ0YmQzMDc1NTllODgyMjhmNGVhNGE4YmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwQecwpctqK+1XHWp+dmWF3Ts1la
Lrk2375hHrc2ejjG+y7qxsE5oWITDsYoI2BJt/PaTUuyMNonBU24K0WQm+PPnOPL
DEz76q7ajJuaIHO4t87NCTV//S0ItmwoPvi/vzkiXIK162dGblLp3N/fxrgPImR5
u81758pOGCtur7rzgMAtHJfpXNfXAtWqRP3ZfHEUg6mI+4dpIpMJR1uDyUuOSGRo
uiZoqi8Buzsy8kiihTDem8pLrM+N8yV6YDjviRjCl9MRDP6Aeoqzr7Pnvhlr1P6v
nKtvRslJHEvuWQQXlg2uqmzpcY99wsWKyXsVoQpD2BrR6dtId+Emb1voPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWWHsOwQ0jUvTB1WeiCKPTqSov8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQlpZZXc3QkRTTlM5TUhWWjZJSW85T3BLaV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHziYMA0G
CSqGSIb3DQEBCwUAA4IBAQB30EygDaYUKCHBju/80SWKpUtayALWHlko2CVWSsCv
TNIzLDoR4UctgeYGB26/nlfOX0g3rsLS/hxT8sXoaNMGmbN5JNYS408yiF7KIkcs
D+UQ2pALBO+JCbmGNBkOavnlt6IjPqWVqRsrLmFln7YX3XHsZCrQAGyelubw4MeS
RX4q9x75rp/MNOqtWKQDyMy2MGhi+3qWVuVd6RGZdVHP/EThhzbAb/XMeZBp/psN
3pGkU481BcdLBy+H/X7Nw7Syyj0LRSpsVXJtxvqYQI62JF5B42vqC3UtaIWjO2f0
lesY2uDpUmbG/vIIN8yW5wKkXeC8tFK3Jq7BEsbCyI+b
-----END CERTIFICATE-----