Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D5vZ83RkdSdRNzZVW8m0lQJH5ms.roa
File:                     D5vZ83RkdSdRNzZVW8m0lQJH5ms.roa (raw, json)
Hash identifier:          iW2Kso8zyM08MoUZ5ln4GhCA380M+jXn6my1c+ZMqwo=
Subject key identifier:   0F:9B:D9:F3:74:64:75:27:51:37:36:55:5B:C9:B4:95:02:47:E6:6B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194B7E41A4D7CE15119A797AEEE885C2660
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D5vZ83RkdSdRNzZVW8m0lQJH5ms.roa
Signing time:             Thu 30 Jan 2025 15:46:06 +0000
ROA not before:           Thu 30 Jan 2025 15:46:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60464
IP address blocks:        31.57.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:e4:1a:4d:7c:e1:51:19:a7:97:ae:ee:88:5c:26:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 30 15:46:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f9bd9f374647527513736555bc9b4950247e66b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b5:9f:11:54:6f:6d:3b:da:c6:48:ed:f4:fc:
                    6b:b6:52:80:2d:6b:b7:de:6f:95:9e:7c:81:bd:64:
                    a4:6c:fd:58:fc:8e:73:31:23:79:46:fb:36:10:31:
                    29:eb:eb:bd:61:20:bf:6d:60:12:92:a6:9e:3e:d8:
                    2a:45:c2:5b:54:b8:e6:ee:1a:ea:57:a7:0b:64:bc:
                    e9:09:26:15:95:75:08:2f:a7:32:28:08:39:3c:4f:
                    a8:5c:d4:f1:87:bc:f8:de:4b:78:bd:72:fa:a1:e2:
                    28:ec:40:85:db:43:78:cb:1b:6e:71:24:1a:4c:e8:
                    a0:52:1a:f2:1b:2a:39:cf:8c:b5:21:43:2a:8b:c0:
                    6d:59:fb:a8:c0:25:24:4a:c7:33:b2:97:9d:58:5c:
                    6d:19:89:8e:c4:f2:a6:a8:75:f4:56:1c:eb:49:26:
                    4f:83:b0:2c:f6:59:4b:3c:cd:ca:ec:5a:b7:4f:f9:
                    47:44:a8:02:51:54:08:e6:89:93:98:84:ed:2d:88:
                    58:62:cd:89:fd:9e:f9:d0:16:67:db:ed:29:24:f5:
                    7b:87:8e:81:e8:1f:53:4c:f5:26:e3:97:75:00:b6:
                    49:d4:b0:b3:69:90:1b:01:c4:e9:9b:75:c2:18:7c:
                    70:9b:fe:0b:4b:21:90:9c:af:ef:28:46:d8:13:94:
                    1e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9B:D9:F3:74:64:75:27:51:37:36:55:5B:C9:B4:95:02:47:E6:6B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D5vZ83RkdSdRNzZVW8m0lQJH5ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:43:6c:8d:d4:48:3e:f6:4d:8f:73:98:8b:ac:c1:18:2a:58:
         45:df:31:6e:24:f2:7a:11:ff:ab:ff:ff:86:bd:1c:59:cc:ed:
         b7:44:43:7a:0e:ba:54:b8:eb:d3:03:83:24:ca:cd:7f:cc:0d:
         ab:3a:8e:57:8e:dd:62:ca:c1:e2:66:00:41:f6:24:5e:93:1a:
         8d:5a:40:95:3c:85:86:3e:93:7a:f4:aa:5d:5e:a4:e4:7e:13:
         a9:3d:dd:d8:14:db:73:40:55:68:e2:9b:17:21:9b:21:eb:f1:
         98:3a:c6:5d:0b:eb:37:56:fc:a9:0c:ba:88:2a:b1:ed:e4:fb:
         d5:4c:fe:b1:96:ce:76:c5:bd:72:1e:e4:9e:d0:1f:1d:ef:23:
         2a:c8:85:77:84:cf:08:08:c3:be:09:4d:b3:a4:23:18:f6:3b:
         c9:e9:77:ed:27:96:af:22:dc:51:50:2b:b0:74:a5:74:1f:7b:
         79:70:fa:7a:ec:84:ed:33:98:13:f0:d9:e3:ae:68:ea:e9:b5:
         ea:d6:0c:3d:03:b5:d5:c8:c1:14:19:26:36:07:26:22:6f:18:
         fd:49:34:9b:a2:77:8c:88:f6:15:2d:43:de:78:1d:53:e7:ea:
         89:c8:df:31:e6:b3:0f:d9:a4:fa:a2:56:d5:d0:b4:9c:3d:e3:
         b3:cd:2f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS35BpNfOFRGaeXru6IXCZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTMwMTU0NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjliZDlmMzc0NjQ3NTI3NTEzNzM2NTU1YmM5YjQ5NTAyNDdlNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLWfEVRvbTvaxkjt9PxrtlKALWu3
3m+VnnyBvWSkbP1Y/I5zMSN5Rvs2EDEp6+u9YSC/bWASkqaePtgqRcJbVLjm7hrq
V6cLZLzpCSYVlXUIL6cyKAg5PE+oXNTxh7z43kt4vXL6oeIo7ECF20N4yxtucSQa
TOigUhryGyo5z4y1IUMqi8BtWfuowCUkSsczspedWFxtGYmOxPKmqHX0VhzrSSZP
g7As9llLPM3K7Fq3T/lHRKgCUVQI5omTmITtLYhYYs2J/Z750BZn2+0pJPV7h46B
6B9TTPUm45d1ALZJ1LCzaZAbAcTpm3XCGHxwm/4LSyGQnK/vKEbYE5Qe3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+b2fN0ZHUnUTc2VVvJtJUCR+ZrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRDV2WjgzUmtkU2RSTnpaVlc4bTBsUUpINW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmLMA0G
CSqGSIb3DQEBCwUAA4IBAQAyQ2yN1Eg+9k2Pc5iLrMEYKlhF3zFuJPJ6Ef+r//+G
vRxZzO23REN6DrpUuOvTA4Mkys1/zA2rOo5Xjt1iysHiZgBB9iRekxqNWkCVPIWG
PpN69KpdXqTkfhOpPd3YFNtzQFVo4psXIZsh6/GYOsZdC+s3VvypDLqIKrHt5PvV
TP6xls52xb1yHuSe0B8d7yMqyIV3hM8ICMO+CU2zpCMY9jvJ6XftJ5avItxRUCuw
dKV0H3t5cPp67ITtM5gT8Nnjrmjq6bXq1gw9A7XVyMEUGSY2ByYibxj9STSboneM
iPYVLUPeeB1T5+qJyN8x5rMP2aT6olbV0LScPeOzzS/c
-----END CERTIFICATE-----