Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKu1xYcsjXXymjS5ZKH5WaXwlYE.roa
File:                     CKu1xYcsjXXymjS5ZKH5WaXwlYE.roa (raw, json)
Hash identifier:          dLghf28rUt5ljwZgldr1kVB1WxNC3Bm5zCQTdmtOQDM=
Subject key identifier:   08:AB:B5:C5:87:2C:8D:75:F2:9A:34:B9:64:A1:F9:59:A5:F0:95:81
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192153503726EC270646826F9E0472AE1E5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKu1xYcsjXXymjS5ZKH5WaXwlYE.roa
Signing time:             Sat 21 Sep 2024 15:30:48 +0000
ROA not before:           Sat 21 Sep 2024 15:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        31.56.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:15:35:03:72:6e:c2:70:64:68:26:f9:e0:47:2a:e1:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 21 15:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08abb5c5872c8d75f29a34b964a1f959a5f09581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7e:a1:8a:ac:e0:3e:94:c0:25:3b:95:90:63:
                    87:91:ce:9e:d7:2d:81:0a:a8:c2:f5:c9:88:8c:7c:
                    da:eb:64:58:7e:ae:3b:79:5f:42:da:b3:16:ca:4f:
                    17:0c:5b:ea:46:51:f1:12:82:cf:65:f8:0b:f7:c7:
                    bd:04:c5:0b:bd:03:0e:6e:ce:7a:90:62:cc:29:ca:
                    40:ff:d9:f0:2d:2e:69:b0:60:f6:c3:3d:f0:ab:51:
                    0e:fb:3e:3b:4d:31:73:01:6a:09:a6:56:ef:9a:21:
                    b4:59:4d:ee:27:66:2e:98:5d:2d:80:df:a4:63:41:
                    32:3b:7f:51:4b:cf:ed:b8:59:f9:b3:0b:90:de:c9:
                    eb:b9:02:29:77:6f:a5:0d:6c:62:ca:5a:6a:0b:93:
                    15:b7:d1:1e:f3:08:6e:98:46:2c:91:18:55:19:6e:
                    09:e0:49:b2:fc:54:58:98:08:67:c1:ed:d3:a8:50:
                    0a:f5:df:6a:30:47:1d:ce:f3:d4:69:7c:f5:a6:79:
                    48:68:84:ca:20:f3:4f:55:1c:b8:f0:fa:75:8c:37:
                    71:ba:36:26:a3:d5:85:5c:4f:d1:af:d9:32:94:eb:
                    c2:07:f3:d6:a6:2f:a0:f1:33:c0:48:f1:df:23:d6:
                    17:71:2a:85:5d:33:ec:00:5a:3c:00:44:f2:b3:89:
                    98:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AB:B5:C5:87:2C:8D:75:F2:9A:34:B9:64:A1:F9:59:A5:F0:95:81
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKu1xYcsjXXymjS5ZKH5WaXwlYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:3d:e8:f2:8b:e1:47:9a:d1:12:5e:db:05:6f:bd:d0:68:0f:
         bf:74:ca:ec:86:64:9b:8e:5e:72:25:6b:db:16:c1:45:98:c9:
         39:99:d5:03:e8:88:bc:07:1f:c8:81:ed:b8:ea:1d:2d:0c:45:
         8b:3d:c8:12:3d:ed:26:0c:b1:ee:b9:14:58:cd:3f:43:64:63:
         d9:60:44:f8:99:78:f1:3a:31:17:2d:eb:40:62:9b:0a:63:eb:
         cd:89:cc:83:45:74:3e:7f:57:a7:5a:87:93:f2:52:1b:5f:f0:
         02:2b:a9:c3:14:79:60:34:fb:8e:a6:fc:49:2a:9f:b5:e2:3c:
         0a:cb:55:7d:e6:0c:87:a8:08:36:94:f8:8e:a4:d3:5b:60:8e:
         e8:7b:c1:19:cf:52:b4:da:73:30:a5:86:f0:33:ea:1a:64:6c:
         05:76:5d:59:b4:06:30:10:14:7c:05:67:61:ae:50:a1:5b:23:
         06:45:e0:80:9b:02:cb:f9:90:cd:12:92:8e:4e:51:23:08:fa:
         bf:db:b9:38:e2:22:84:7e:e2:f7:9f:87:9b:5f:a5:10:f0:2c:
         3b:4c:8b:e8:bb:37:d4:33:cc:1f:fd:73:96:3f:6a:1f:b4:77:
         f9:32:b2:03:ef:22:6b:cb:7c:47:79:69:ca:98:e5:39:a6:09:
         9e:0b:7f:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIVNQNybsJwZGgm+eBHKuHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTIxMTUzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFiYjVjNTg3MmM4ZDc1ZjI5YTM0Yjk2NGExZjk1OWE1ZjA5NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2H6hiqzgPpTAJTuVkGOHkc6e1y2B
CqjC9cmIjHza62RYfq47eV9C2rMWyk8XDFvqRlHxEoLPZfgL98e9BMULvQMObs56
kGLMKcpA/9nwLS5psGD2wz3wq1EO+z47TTFzAWoJplbvmiG0WU3uJ2YumF0tgN+k
Y0EyO39RS8/tuFn5swuQ3snruQIpd2+lDWxiylpqC5MVt9Ee8whumEYskRhVGW4J
4Emy/FRYmAhnwe3TqFAK9d9qMEcdzvPUaXz1pnlIaITKIPNPVRy48Pp1jDdxujYm
o9WFXE/Rr9kylOvCB/PWpi+g8TPASPHfI9YXcSqFXTPsAFo8AETys4mYtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAirtcWHLI118po0uWSh+Vml8JWBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0t1MXhZY3NqWFh5bWpTNVpLSDVXYVh3bFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHziNMA0G
CSqGSIb3DQEBCwUAA4IBAQASPejyi+FHmtESXtsFb73QaA+/dMrshmSbjl5yJWvb
FsFFmMk5mdUD6Ii8Bx/Ige246h0tDEWLPcgSPe0mDLHuuRRYzT9DZGPZYET4mXjx
OjEXLetAYpsKY+vNicyDRXQ+f1enWoeT8lIbX/ACK6nDFHlgNPuOpvxJKp+14jwK
y1V95gyHqAg2lPiOpNNbYI7oe8EZz1K02nMwpYbwM+oaZGwFdl1ZtAYwEBR8BWdh
rlChWyMGReCAmwLL+ZDNEpKOTlEjCPq/27k44iKEfuL3n4ebX6UQ8Cw7TIvouzfU
M8wf/XOWP2oftHf5MrID7yJry3xHeWnKmOU5pgmeC39/
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:30:55 2024 by rpki-client on console-ams.rpki-client.org