Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CATssLZc8Mj_THzZj6SReYUTWT4.roa
File:                     CATssLZc8Mj_THzZj6SReYUTWT4.roa (raw, json)
Hash identifier:          lPRKYEpANud5TxMLhs3EB/us0ehEE+wa/RJBE75g6V4=
Subject key identifier:   08:04:EC:B0:B6:5C:F0:C8:FF:4C:7C:D9:8F:A4:91:79:85:13:59:3E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282385A0D9B37D81C94F03E99F86A455
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CATssLZc8Mj_THzZj6SReYUTWT4.roa
Signing time:             Thu 02 Jan 2025 17:50:04 +0000
ROA not before:           Thu 02 Jan 2025 17:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     266400
IP address blocks:        31.57.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:85:a0:d9:b3:7d:81:c9:4f:03:e9:9f:86:a4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0804ecb0b65cf0c8ff4c7cd98fa491798513593e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6e:91:84:f9:5a:eb:cb:5a:06:41:b1:10:c9:
                    ee:16:1d:d6:11:26:c8:5d:e1:c7:86:4e:32:cf:fa:
                    df:32:f0:aa:3a:19:13:5d:83:9f:bf:c1:cd:3b:56:
                    ef:ed:64:8b:32:fe:f1:9c:e3:67:e6:5e:c9:3a:53:
                    7d:88:e8:02:35:4b:e5:95:60:23:df:5a:18:7d:75:
                    86:c1:cb:28:2e:c7:c2:bf:98:b2:b5:ba:dd:0b:41:
                    1a:97:3b:47:eb:21:9d:30:2a:6d:e6:17:a3:cd:e0:
                    19:d5:5d:b5:74:12:91:28:66:d0:88:58:7f:fb:38:
                    3e:97:31:f2:36:86:e7:a3:09:c8:d8:d0:48:94:05:
                    94:73:32:14:c7:61:ac:18:2a:f4:4a:09:11:57:df:
                    29:a6:34:77:df:6a:4e:01:48:53:a2:f3:94:22:1e:
                    ec:4d:e0:fc:2e:ed:58:d4:a5:26:d0:fa:32:40:5f:
                    56:e8:0d:92:47:aa:2b:e1:b8:16:41:db:05:bf:06:
                    7c:c7:1a:0a:51:4b:34:9f:38:92:83:55:e9:e7:30:
                    8b:48:0f:c1:15:4d:c7:b6:2c:b3:82:92:17:b1:24:
                    a1:e8:c8:4a:9c:92:47:48:2d:62:f1:46:81:06:f2:
                    a8:9d:46:1d:d2:dd:1b:2d:e5:ac:ac:55:89:9a:89:
                    6c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:04:EC:B0:B6:5C:F0:C8:FF:4C:7C:D9:8F:A4:91:79:85:13:59:3E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CATssLZc8Mj_THzZj6SReYUTWT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:98:3e:df:5b:75:b9:fb:d5:c1:2c:79:f8:bf:66:a0:0b:6f:
         d2:b2:3f:da:00:e4:58:e7:ec:0e:21:a1:b8:58:30:7f:05:0f:
         47:5a:49:a2:f6:b4:d1:d0:45:48:38:20:9c:d5:f5:45:75:ad:
         d9:31:74:99:28:13:10:d0:c6:3e:a6:dc:01:60:56:75:d8:7e:
         b9:61:6e:31:a1:cf:42:69:03:c3:0c:0d:cd:66:d8:67:da:ae:
         06:17:62:7c:d0:13:a6:1f:8c:84:c0:17:fe:d2:cb:ea:d1:67:
         95:08:1d:23:d2:1d:19:1a:10:4f:a5:b6:b0:e9:b8:b0:71:dc:
         ed:85:07:51:9e:da:b0:b3:a3:0d:f0:7b:a7:b1:f9:b7:ab:84:
         ed:e0:d5:d9:4f:f2:fd:fd:e2:e0:c4:47:f6:ae:31:02:d9:53:
         33:99:d9:11:33:d9:5a:a3:cc:08:7f:13:dd:18:52:c9:48:7d:
         f1:71:61:7e:d6:8b:8e:04:1d:c5:f9:d9:9e:ee:64:38:6d:91:
         92:51:d7:50:ca:f4:5f:a5:ca:25:0d:d0:56:e1:db:cd:a3:d1:
         e9:63:bc:4e:10:6e:e2:dd:0d:9c:40:9b:a1:f9:0a:5a:d6:f5:
         ac:0c:15:d2:df:e5:82:5b:10:e8:15:78:2f:9d:ce:ce:d9:e6:
         1e:ab:7c:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4Wg2bN9gclPA+mfhqRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA0ZWNiMGI2NWNmMGM4ZmY0YzdjZDk4ZmE0OTE3OTg1MTM1OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW6RhPla68taBkGxEMnuFh3WESbI
XeHHhk4yz/rfMvCqOhkTXYOfv8HNO1bv7WSLMv7xnONn5l7JOlN9iOgCNUvllWAj
31oYfXWGwcsoLsfCv5iytbrdC0EalztH6yGdMCpt5hejzeAZ1V21dBKRKGbQiFh/
+zg+lzHyNobnownI2NBIlAWUczIUx2GsGCr0SgkRV98ppjR332pOAUhTovOUIh7s
TeD8Lu1Y1KUm0PoyQF9W6A2SR6or4bgWQdsFvwZ8xxoKUUs0nziSg1Xp5zCLSA/B
FU3HtiyzgpIXsSSh6MhKnJJHSC1i8UaBBvKonUYd0t0bLeWsrFWJmolskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgE7LC2XPDI/0x82Y+kkXmFE1k+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0FUc3NMWmM4TWpfVEh6Wmo2U1JlWVVUV1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzmuMA0G
CSqGSIb3DQEBCwUAA4IBAQCCmD7fW3W5+9XBLHn4v2agC2/Ssj/aAORY5+wOIaG4
WDB/BQ9HWkmi9rTR0EVIOCCc1fVFda3ZMXSZKBMQ0MY+ptwBYFZ12H65YW4xoc9C
aQPDDA3NZthn2q4GF2J80BOmH4yEwBf+0svq0WeVCB0j0h0ZGhBPpbaw6biwcdzt
hQdRntqws6MN8Hunsfm3q4Tt4NXZT/L9/eLgxEf2rjEC2VMzmdkRM9lao8wIfxPd
GFLJSH3xcWF+1ouOBB3F+dme7mQ4bZGSUddQyvRfpcolDdBW4dvNo9HpY7xOEG7i
3Q2cQJuh+Qpa1vWsDBXS3+WCWxDoFXgvnc7O2eYeq3zc
-----END CERTIFICATE-----