Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ch8Ng9TM4cWMUs7Y1gFv3mozhwI.roa
File:                     Ch8Ng9TM4cWMUs7Y1gFv3mozhwI.roa (raw, json)
Hash identifier:          FmkbKJSH1npDIzyx3Sr7rrHl/JLKl89nq8CmjBo+12w=
Subject key identifier:   0A:1F:0D:83:D4:CC:E1:C5:8C:52:CE:D8:D6:01:6F:DE:6A:33:87:02
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01931FC16D9B87A1CDF6A1042528A57B2991
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ch8Ng9TM4cWMUs7Y1gFv3mozhwI.roa
Signing time:             Tue 12 Nov 2024 09:43:10 +0000
ROA not before:           Tue 12 Nov 2024 09:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214481
IP address blocks:        31.59.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:c1:6d:9b:87:a1:cd:f6:a1:04:25:28:a5:7b:29:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 12 09:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a1f0d83d4cce1c58c52ced8d6016fde6a338702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7f:d0:7c:9f:d8:dc:0c:41:93:86:f0:0f:6a:
                    6c:97:3b:1b:93:9a:a4:2e:de:48:ef:bd:8a:ee:ca:
                    57:81:c3:aa:b9:8a:99:f0:4b:9c:ad:ff:5a:e3:39:
                    a8:58:40:87:ef:b4:f9:98:bf:68:0b:f8:69:78:4d:
                    66:92:d2:c5:ce:fc:fb:38:e6:f7:2f:ac:a3:b8:4c:
                    c1:46:75:31:27:79:35:8a:dc:da:5e:eb:1a:f4:4a:
                    a6:b0:34:38:e6:eb:3a:17:9a:15:5f:31:42:81:06:
                    99:56:80:83:52:be:e0:08:b2:2e:12:e7:f7:09:58:
                    6e:b5:91:ee:f1:17:db:71:34:97:8d:cd:c1:af:f0:
                    6d:21:55:0f:1e:8c:e1:7c:41:a3:e7:44:77:31:54:
                    ce:87:38:89:00:f2:84:8b:9c:96:06:50:8e:5c:ec:
                    8e:9b:a4:d9:f2:9a:fb:40:8d:0e:2c:31:96:86:f0:
                    4d:9c:35:45:e0:71:fa:8d:dc:b7:8e:22:48:47:eb:
                    87:72:28:f7:57:9f:86:e2:47:7e:1e:7a:bd:09:99:
                    78:22:92:03:22:ca:e9:5d:49:cc:4b:03:56:e4:78:
                    32:82:60:63:1a:08:dd:15:c7:7a:ca:9f:8a:a0:73:
                    ff:7a:c5:10:a6:b9:87:8d:8d:56:3b:0f:9b:46:ab:
                    0b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1F:0D:83:D4:CC:E1:C5:8C:52:CE:D8:D6:01:6F:DE:6A:33:87:02
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ch8Ng9TM4cWMUs7Y1gFv3mozhwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e8:e6:cb:4c:25:57:b4:de:06:80:e9:5b:c5:56:3c:f3:9c:
         d8:c7:4b:ab:62:fe:c1:64:80:71:b4:59:8d:c7:7c:83:d9:34:
         50:47:af:14:75:d7:c8:7d:15:ef:d9:ec:fd:f3:f0:9b:4c:3a:
         b7:1c:35:35:02:ee:1d:7b:3d:55:c5:5d:a8:37:98:9e:33:ce:
         b9:4a:4f:b5:e0:3b:70:b3:50:ed:17:d8:71:8c:7c:fa:03:84:
         75:61:18:f2:42:ab:7d:8f:bb:a1:98:1d:c1:80:d5:b0:7b:cd:
         ad:e4:c6:58:84:a4:7b:49:47:c7:ec:a6:fc:6b:37:c0:a2:11:
         a2:38:0d:8a:58:cd:62:d3:94:f9:79:c5:4c:e4:a5:59:7a:ba:
         e0:ca:84:a5:cc:2d:02:49:d8:4e:af:7b:51:61:b7:de:59:ef:
         e6:cc:47:7a:6c:00:c7:9c:ed:24:bc:76:bc:af:26:41:b5:76:
         36:fb:0e:8a:ea:64:48:1b:5f:c7:c3:94:f2:bc:ab:1b:4d:28:
         59:68:7c:34:b1:2a:73:c6:c1:17:2d:39:82:22:db:5b:3b:35:
         77:dc:c6:12:d1:e2:56:d7:39:81:e1:50:5a:c8:e2:bf:71:b8:
         6e:87:5c:f5:2a:37:33:12:dc:c0:18:19:88:5e:fa:ee:9d:cf:
         32:93:39:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMfwW2bh6HN9qEEJSileymRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTEyMDk0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTFmMGQ4M2Q0Y2NlMWM1OGM1MmNlZDhkNjAxNmZkZTZhMzM4NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn/QfJ/Y3AxBk4bwD2pslzsbk5qk
Lt5I772K7spXgcOquYqZ8Eucrf9a4zmoWECH77T5mL9oC/hpeE1mktLFzvz7OOb3
L6yjuEzBRnUxJ3k1itzaXusa9EqmsDQ45us6F5oVXzFCgQaZVoCDUr7gCLIuEuf3
CVhutZHu8RfbcTSXjc3Br/BtIVUPHozhfEGj50R3MVTOhziJAPKEi5yWBlCOXOyO
m6TZ8pr7QI0OLDGWhvBNnDVF4HH6jdy3jiJIR+uHcij3V5+G4kd+Hnq9CZl4IpID
IsrpXUnMSwNW5HgygmBjGgjdFcd6yp+KoHP/esUQprmHjY1WOw+bRqsLaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAofDYPUzOHFjFLO2NYBb95qM4cCMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ2g4Tmc5VE00Y1dNVXM3WTFnRnYzbW96aHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzuBMA0G
CSqGSIb3DQEBCwUAA4IBAQAM6ObLTCVXtN4GgOlbxVY885zYx0urYv7BZIBxtFmN
x3yD2TRQR68UddfIfRXv2ez98/CbTDq3HDU1Au4dez1VxV2oN5ieM865Sk+14Dtw
s1DtF9hxjHz6A4R1YRjyQqt9j7uhmB3BgNWwe82t5MZYhKR7SUfH7Kb8azfAohGi
OA2KWM1i05T5ecVM5KVZerrgyoSlzC0CSdhOr3tRYbfeWe/mzEd6bADHnO0kvHa8
ryZBtXY2+w6K6mRIG1/Hw5TyvKsbTShZaHw0sSpzxsEXLTmCIttbOzV33MYS0eJW
1zmB4VBayOK/cbhuh1z1KjczEtzAGBmIXvrunc8ykzkz
-----END CERTIFICATE-----