Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CSgoL8siyluhZJC24G81we6SZ60.roa
File:                     CSgoL8siyluhZJC24G81we6SZ60.roa (raw, json)
Hash identifier:          OJcDWwCIJOjkVAl2Y1upoln0aT23p2scPvxs7ly7YAI=
Subject key identifier:   09:28:28:2F:CB:22:CA:5B:A1:64:90:B6:E0:6F:35:C1:EE:92:67:AD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01947DD0D95A8E7874E79C8567CBFA13A058
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CSgoL8siyluhZJC24G81we6SZ60.roa
Signing time:             Sun 19 Jan 2025 09:07:06 +0000
ROA not before:           Sun 19 Jan 2025 09:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47741
IP address blocks:        31.58.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7d:d0:d9:5a:8e:78:74:e7:9c:85:67:cb:fa:13:a0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 19 09:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0928282fcb22ca5ba16490b6e06f35c1ee9267ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2b:46:a8:2c:84:01:8d:8d:db:4e:1e:a7:81:
                    d1:f2:ca:22:21:02:72:e6:2a:99:32:41:03:06:24:
                    e8:48:0a:eb:3c:a0:85:ec:87:fb:1c:f6:82:ec:b1:
                    f3:6c:64:1f:05:10:f3:f8:cd:bd:5e:03:e0:5f:36:
                    49:ed:1e:57:38:31:64:49:e1:ee:41:e8:2c:3d:0e:
                    7a:a0:c4:af:e2:73:30:29:02:ea:91:bb:3b:0c:17:
                    42:96:68:dc:e5:51:f4:00:16:bd:bf:d4:80:2f:e4:
                    6e:e1:3f:3c:33:2e:6a:87:85:05:68:55:68:5c:d5:
                    b1:98:e3:ae:91:75:33:31:10:79:b1:79:05:fb:93:
                    40:63:b7:08:4e:fa:32:28:bc:9e:6a:70:a4:bb:da:
                    7d:93:52:27:be:60:d9:bc:33:a7:c0:23:ff:78:1d:
                    2b:18:85:b0:45:18:d7:35:b2:c3:19:14:6f:0f:46:
                    96:38:97:52:b1:7d:bc:9d:c1:f8:46:71:03:0d:d3:
                    07:81:16:3b:d9:d2:d5:5a:de:15:f9:51:dd:e2:17:
                    e1:0d:31:a1:6f:48:d8:4d:2f:51:d1:1a:a4:35:43:
                    6f:ae:ac:b0:3d:92:e2:3b:2b:31:78:5b:4a:31:0e:
                    cb:f7:a8:12:75:b7:b9:e4:1a:82:a0:05:8e:b6:28:
                    32:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:28:28:2F:CB:22:CA:5B:A1:64:90:B6:E0:6F:35:C1:EE:92:67:AD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CSgoL8siyluhZJC24G81we6SZ60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:63:68:34:a3:e7:63:9c:40:18:c9:da:41:4e:3f:5b:70:af:
         ab:1b:56:89:e3:0f:79:67:2e:a9:0b:0b:4c:7b:44:39:98:43:
         3f:6c:f8:7b:8f:dd:1d:08:64:17:f2:4d:08:69:43:bd:5f:c6:
         a9:9a:f5:ad:93:83:e4:df:9c:de:87:a8:e5:95:29:81:f7:db:
         bd:43:1b:94:91:27:d0:f3:1e:6b:81:47:e4:51:91:11:00:92:
         84:d0:84:76:6e:83:c3:a9:eb:02:9b:b9:31:0c:81:e6:ca:2d:
         fe:4c:a5:cb:86:5a:17:93:8d:72:cf:15:05:b9:c7:68:eb:34:
         fa:cf:9a:c0:0d:d5:3b:0c:f9:12:ae:40:63:e9:53:39:3f:4e:
         15:44:f4:8f:1f:a0:2f:f5:ed:b0:02:4e:78:91:0c:91:1f:22:
         be:6e:fd:3c:43:0b:9e:94:dd:30:93:1e:e7:33:00:0f:fd:3e:
         4a:7a:54:16:90:aa:6a:7d:72:f2:24:e7:73:c1:3e:85:f8:89:
         d1:2e:a6:29:bd:8a:b3:9d:ac:56:dd:e1:f9:14:89:0c:fb:0f:
         dc:f1:0b:cc:29:fd:d9:01:a2:f7:98:f9:01:26:d5:62:f0:05:
         d7:3a:24:eb:6c:93:b7:99:ff:09:4a:af:c9:73:fb:4f:a1:a4:
         73:86:28:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR90Nlajnh055yFZ8v6E6BYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTE5MDkwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI4MjgyZmNiMjJjYTViYTE2NDkwYjZlMDZmMzVjMWVlOTI2N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqytGqCyEAY2N204ep4HR8soiIQJy
5iqZMkEDBiToSArrPKCF7If7HPaC7LHzbGQfBRDz+M29XgPgXzZJ7R5XODFkSeHu
QegsPQ56oMSv4nMwKQLqkbs7DBdClmjc5VH0ABa9v9SAL+Ru4T88My5qh4UFaFVo
XNWxmOOukXUzMRB5sXkF+5NAY7cITvoyKLyeanCku9p9k1InvmDZvDOnwCP/eB0r
GIWwRRjXNbLDGRRvD0aWOJdSsX28ncH4RnEDDdMHgRY72dLVWt4V+VHd4hfhDTGh
b0jYTS9R0RqkNUNvrqywPZLiOysxeFtKMQ7L96gSdbe55BqCoAWOtigy7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkoKC/LIspboWSQtuBvNcHukmetMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ1Nnb0w4c2l5bHVoWkpDMjRHODF3ZTZTWjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqdMA0G
CSqGSIb3DQEBCwUAA4IBAQCPY2g0o+djnEAYydpBTj9bcK+rG1aJ4w95Zy6pCwtM
e0Q5mEM/bPh7j90dCGQX8k0IaUO9X8apmvWtk4Pk35zeh6jllSmB99u9QxuUkSfQ
8x5rgUfkUZERAJKE0IR2boPDqesCm7kxDIHmyi3+TKXLhloXk41yzxUFucdo6zT6
z5rADdU7DPkSrkBj6VM5P04VRPSPH6Av9e2wAk54kQyRHyK+bv08QwuelN0wkx7n
MwAP/T5KelQWkKpqfXLyJOdzwT6F+InRLqYpvYqznaxW3eH5FIkM+w/c8QvMKf3Z
AaL3mPkBJtVi8AXXOiTrbJO3mf8JSq/Jc/tPoaRzhihP
-----END CERTIFICATE-----