Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BrfaH-acuGkLt4iYhBYZOkrWUhg.roa
File:                     BrfaH-acuGkLt4iYhBYZOkrWUhg.roa (raw, json)
Hash identifier:          DjuKyFGw8Tx9gej4pgpyIB7WvGJEjhIoBTfe5FpDxDU=
Subject key identifier:   06:B7:DA:1F:E6:9C:B8:69:0B:B7:88:98:84:16:19:3A:4A:D6:52:18
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428237176CA85DD4390C5423A6748AF5E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BrfaH-acuGkLt4iYhBYZOkrWUhg.roa
Signing time:             Thu 02 Jan 2025 17:49:58 +0000
ROA not before:           Thu 02 Jan 2025 17:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214159
IP address blocks:        31.57.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:71:76:ca:85:dd:43:90:c5:42:3a:67:48:af:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b7da1fe69cb8690bb788988416193a4ad65218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:67:28:68:55:92:eb:1f:33:67:48:8c:58:26:
                    96:1e:63:d5:f6:12:03:54:c6:41:ce:cf:f0:03:5b:
                    42:f4:60:28:5c:52:71:86:98:c2:f0:b3:1c:a8:28:
                    ed:9d:9a:0c:e0:ff:72:a8:45:e6:88:1d:41:40:ce:
                    15:e8:83:6b:38:c3:3e:33:ed:91:57:b5:38:5f:a8:
                    ad:b4:ae:44:fa:56:ba:be:30:d0:9d:14:a3:98:7f:
                    b9:81:89:f6:59:de:30:19:84:0e:cf:8e:02:cc:c0:
                    10:90:ac:1f:49:ae:49:d7:95:04:09:74:2a:c0:f6:
                    6d:8e:86:5c:92:76:ca:da:00:5d:1b:a9:6d:6a:0a:
                    75:35:bd:d7:98:ab:4e:1c:bc:38:7a:62:be:4f:b1:
                    94:de:90:b3:1d:3f:8b:a1:a4:46:ba:64:2f:b8:bd:
                    5f:50:d1:7e:47:51:ab:64:c8:15:26:17:bc:65:3d:
                    bd:f1:ec:5b:26:4d:fb:03:de:47:99:a9:0d:41:4a:
                    85:8c:68:19:88:30:28:fa:0e:ef:1d:26:48:a9:b5:
                    cd:9d:a6:2b:b5:e4:55:45:a7:8c:0a:da:e8:f0:20:
                    c6:a8:d0:05:04:70:f2:dd:49:d6:f4:fe:b0:94:27:
                    08:7f:b1:98:63:d3:38:12:52:2e:b7:63:4f:25:7c:
                    fa:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B7:DA:1F:E6:9C:B8:69:0B:B7:88:98:84:16:19:3A:4A:D6:52:18
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BrfaH-acuGkLt4iYhBYZOkrWUhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:bd:2f:a4:15:65:9e:47:e5:1f:75:15:a7:ee:18:cd:95:9f:
         e7:bb:a7:77:2f:62:9e:82:9b:f8:40:1c:40:81:e8:b1:1f:55:
         7a:c6:e2:29:a9:15:3c:a9:41:38:2a:48:c7:1e:a3:a8:e3:ed:
         27:41:40:96:c7:40:cd:6d:63:e3:70:c0:dd:2e:91:4a:ab:b0:
         fa:0a:a3:38:6f:e1:96:ef:d4:04:1c:03:49:60:fc:18:6b:b9:
         43:d1:0c:53:f2:77:46:54:a7:b1:5f:a6:ae:1d:c2:aa:10:1b:
         8c:06:9b:77:5e:c7:ae:33:25:9e:0f:5d:73:97:12:73:55:b7:
         e6:e4:0c:47:d7:f4:6e:db:26:60:1a:8b:68:78:d7:d8:72:8e:
         5e:cc:8a:bd:8d:5b:b3:8f:2d:10:18:d8:b7:58:9b:04:17:18:
         07:77:ef:41:7d:03:e1:94:90:a9:3c:25:55:71:2f:99:df:e5:
         58:32:f5:89:9a:ac:5c:a0:c1:43:58:0f:6c:c2:b6:d3:55:0c:
         16:30:9b:39:10:0a:ff:46:d2:4f:bc:45:55:1d:9e:1d:79:e5:
         93:88:bb:eb:3a:7f:20:20:18:f5:cd:86:c1:3d:c9:a7:e5:f7:
         16:c7:13:75:86:8d:a9:d7:cf:4c:d4:01:a5:02:fe:a5:3c:1a:
         fa:96:b3:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3F2yoXdQ5DFQjpnSK9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI3ZGExZmU2OWNiODY5MGJiNzg4OTg4NDE2MTkzYTRhZDY1MjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWcoaFWS6x8zZ0iMWCaWHmPV9hID
VMZBzs/wA1tC9GAoXFJxhpjC8LMcqCjtnZoM4P9yqEXmiB1BQM4V6INrOMM+M+2R
V7U4X6ittK5E+la6vjDQnRSjmH+5gYn2Wd4wGYQOz44CzMAQkKwfSa5J15UECXQq
wPZtjoZcknbK2gBdG6ltagp1Nb3XmKtOHLw4emK+T7GU3pCzHT+LoaRGumQvuL1f
UNF+R1GrZMgVJhe8ZT298exbJk37A95HmakNQUqFjGgZiDAo+g7vHSZIqbXNnaYr
teRVRaeMCtro8CDGqNAFBHDy3UnW9P6wlCcIf7GYY9M4ElIut2NPJXz6OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa32h/mnLhpC7eImIQWGTpK1lIYMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQnJmYUgtYWN1R2tMdDRpWWhCWVpPa3JXVWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznMMA0G
CSqGSIb3DQEBCwUAA4IBAQCkvS+kFWWeR+UfdRWn7hjNlZ/nu6d3L2Kegpv4QBxA
geixH1V6xuIpqRU8qUE4KkjHHqOo4+0nQUCWx0DNbWPjcMDdLpFKq7D6CqM4b+GW
79QEHANJYPwYa7lD0QxT8ndGVKexX6auHcKqEBuMBpt3XseuMyWeD11zlxJzVbfm
5AxH1/Ru2yZgGotoeNfYco5ezIq9jVuzjy0QGNi3WJsEFxgHd+9BfQPhlJCpPCVV
cS+Z3+VYMvWJmqxcoMFDWA9swrbTVQwWMJs5EAr/RtJPvEVVHZ4deeWTiLvrOn8g
IBj1zYbBPcmn5fcWxxN1ho2p189M1AGlAv6lPBr6lrMC
-----END CERTIFICATE-----