Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPg1JvkkDfrZ8Xzjte0irSi-rxM.roa
File:                     CPg1JvkkDfrZ8Xzjte0irSi-rxM.roa (raw, json)
Hash identifier:          kqbrx/DEaGkBRBqKrfdGvTGUYxm2xpjnCxdGI46LoWI=
Subject key identifier:   08:F8:35:26:F9:24:0D:FA:D9:F1:7C:E3:B5:ED:22:AD:28:BE:AF:13
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0190EB4A2B44E99C5863FB27E7B3DF65E8B7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPg1JvkkDfrZ8Xzjte0irSi-rxM.roa
Signing time:             Thu 25 Jul 2024 19:07:04 +0000
ROA not before:           Thu 25 Jul 2024 19:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215886
IP address blocks:        31.56.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:eb:4a:2b:44:e9:9c:58:63:fb:27:e7:b3:df:65:e8:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 25 19:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08f83526f9240dfad9f17ce3b5ed22ad28beaf13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:12:22:52:47:23:95:a1:61:ca:b2:2d:16:2f:
                    ac:aa:03:b6:74:f5:5a:45:a9:96:ee:c9:b2:bf:94:
                    33:94:87:8e:7b:39:06:a5:c5:53:9b:f5:c9:ea:8a:
                    ef:8f:a1:24:7a:55:16:e9:60:1c:2b:3b:26:af:bf:
                    2d:41:5d:33:c9:fb:89:e2:8a:8c:ba:6b:c4:07:27:
                    d6:0d:a1:11:23:21:24:80:ca:97:80:5f:7f:b0:d4:
                    a7:41:c1:ee:7c:24:d6:09:e0:a5:6c:66:60:9d:cf:
                    ca:0d:15:82:8f:9d:bd:fc:40:b4:fb:af:8b:3f:5e:
                    60:62:53:cc:43:c0:ff:5d:30:9f:a7:ce:77:25:60:
                    f1:e0:89:75:3a:d1:e9:dd:59:32:1e:c6:36:70:83:
                    45:ad:85:4d:40:d0:bb:dc:d3:b7:af:7b:82:53:08:
                    26:c3:18:18:b6:35:60:04:14:4f:72:57:03:10:a8:
                    bd:ed:94:1e:0e:d8:2a:ee:9e:61:ba:87:af:a0:97:
                    8d:bc:46:f7:af:47:9f:99:20:97:fa:4d:81:95:a5:
                    bb:1b:61:ec:15:0c:5a:43:90:ae:e4:c1:b6:c9:fe:
                    1b:05:fd:f2:0b:1e:ba:ca:ac:6e:ab:5d:bf:2b:7f:
                    a3:0d:cd:3c:2c:d0:9d:92:60:0d:f8:91:e0:13:2f:
                    05:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F8:35:26:F9:24:0D:FA:D9:F1:7C:E3:B5:ED:22:AD:28:BE:AF:13
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CPg1JvkkDfrZ8Xzjte0irSi-rxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:38:fe:bc:82:9c:74:69:83:e2:64:24:af:0f:51:f0:d3:44:
         2c:79:d8:88:d7:e2:0f:1f:9b:21:a5:a5:89:2e:76:43:7c:ac:
         e4:4e:ef:1b:7c:92:ef:30:03:8b:fa:f4:bb:3d:e6:34:57:9f:
         8c:a0:2c:e5:cb:5c:53:8a:63:ac:2d:55:ae:bf:7f:d6:0b:84:
         86:46:e4:ab:63:82:45:ad:2a:27:04:8f:e0:88:09:83:02:ee:
         a4:53:22:ab:29:59:7d:35:44:c0:4c:7a:a4:a9:69:ae:31:88:
         b4:62:d3:7d:b7:d2:4c:02:56:1f:e3:9a:c4:08:6a:b7:b4:c6:
         07:58:3b:b4:0a:d8:3b:5f:7a:59:8d:91:12:f9:8e:93:ef:f3:
         06:41:69:7d:96:80:e9:a2:69:e2:7c:c4:2b:b6:8d:1a:ca:6d:
         b1:17:b6:b7:75:b1:8f:9d:05:8c:73:15:bb:a4:fe:34:bc:93:
         eb:2d:a1:ea:60:7e:65:cd:e1:91:81:0f:93:59:78:b5:4e:a1:
         b1:34:d2:9e:d5:55:60:1e:c6:bb:e7:93:b6:26:27:23:ef:51:
         76:a4:3f:4c:b6:e5:07:10:a8:8f:56:48:60:7e:55:18:ec:ba:
         a8:bb:30:37:90:39:21:64:fd:38:6b:50:eb:33:6e:4f:49:27:
         78:0f:ff:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDrSitE6ZxYY/sn57PfZei3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwNzI1MTkwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGY4MzUyNmY5MjQwZGZhZDlmMTdjZTNiNWVkMjJhZDI4YmVhZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxIiUkcjlaFhyrItFi+sqgO2dPVa
RamW7smyv5QzlIeOezkGpcVTm/XJ6orvj6EkelUW6WAcKzsmr78tQV0zyfuJ4oqM
umvEByfWDaERIyEkgMqXgF9/sNSnQcHufCTWCeClbGZgnc/KDRWCj529/EC0+6+L
P15gYlPMQ8D/XTCfp853JWDx4Il1OtHp3VkyHsY2cINFrYVNQNC73NO3r3uCUwgm
wxgYtjVgBBRPclcDEKi97ZQeDtgq7p5huoevoJeNvEb3r0efmSCX+k2BlaW7G2Hs
FQxaQ5Cu5MG2yf4bBf3yCx66yqxuq12/K3+jDc08LNCdkmAN+JHgEy8FdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAj4NSb5JA362fF847XtIq0ovq8TMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ1BnMUp2a2tEZnJaOFh6anRlMGlyU2ktcnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzg4MA0G
CSqGSIb3DQEBCwUAA4IBAQCDOP68gpx0aYPiZCSvD1Hw00QsediI1+IPH5shpaWJ
LnZDfKzkTu8bfJLvMAOL+vS7PeY0V5+MoCzly1xTimOsLVWuv3/WC4SGRuSrY4JF
rSonBI/giAmDAu6kUyKrKVl9NUTATHqkqWmuMYi0YtN9t9JMAlYf45rECGq3tMYH
WDu0Ctg7X3pZjZES+Y6T7/MGQWl9loDpomnifMQrto0aym2xF7a3dbGPnQWMcxW7
pP40vJPrLaHqYH5lzeGRgQ+TWXi1TqGxNNKe1VVgHsa755O2Jicj71F2pD9MtuUH
EKiPVkhgflUY7LqouzA3kDkhZP04a1DrM25PSSd4D/+4
-----END CERTIFICATE-----