Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E8TZV8R8_Sp47AVdnGtGFyGwzPo.roa
File:                     E8TZV8R8_Sp47AVdnGtGFyGwzPo.roa (raw, json)
Hash identifier:          Vq02rIj6u02BTQsDIiQHkIe1lsPsKg2qhM39j/IDB/E=
Subject key identifier:   13:C4:D9:57:C4:7C:FD:2A:78:EC:05:5D:9C:6B:46:17:21:B0:CC:FA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234694378086DAD3680E59B1C71854
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E8TZV8R8_Sp47AVdnGtGFyGwzPo.roa
Signing time:             Thu 02 Jan 2025 17:49:47 +0000
ROA not before:           Thu 02 Jan 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49123
IP address blocks:        31.56.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:46:94:37:80:86:da:d3:68:0e:59:b1:c7:18:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13c4d957c47cfd2a78ec055d9c6b461721b0ccfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6f:1f:8d:5d:63:3d:69:7f:f4:10:32:ab:a0:
                    09:9a:03:66:73:ae:eb:95:46:f8:b6:3b:52:4a:6d:
                    fa:0e:d4:40:ca:9a:43:78:90:56:f7:9a:d1:b1:9b:
                    24:fd:a1:84:4e:32:8a:c3:17:5f:51:bd:4b:de:df:
                    88:11:fe:d0:d2:5d:df:80:22:d0:a6:72:eb:04:90:
                    69:76:c4:76:c8:3f:3b:bd:f3:b6:19:5a:2b:43:d7:
                    6e:f9:77:dd:d4:20:98:b6:24:76:6a:ca:c1:ef:5d:
                    29:bb:21:04:0b:a5:91:a2:f5:4c:be:c0:c5:ef:e9:
                    b0:d6:65:c5:60:63:a7:7e:bc:83:26:e8:6e:06:47:
                    35:e9:ea:25:f4:03:ad:55:38:a9:c2:99:e4:a9:44:
                    6e:80:bd:a4:c5:32:98:d2:a6:4e:9a:e6:a3:c9:ee:
                    39:07:57:0f:62:79:46:df:e5:d7:5e:1a:b7:67:59:
                    37:35:61:43:16:3f:8a:15:d1:73:58:61:42:de:01:
                    7d:63:06:67:b3:48:8b:fa:2b:05:b5:bc:5d:c2:52:
                    67:1a:4a:64:73:d5:0b:af:2f:9b:44:12:c8:ae:4e:
                    ed:0e:42:ec:e5:bb:a7:5d:ea:6c:50:cd:ca:9c:4a:
                    2d:77:f0:34:32:ce:30:4b:8b:6c:1c:41:a0:db:14:
                    00:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C4:D9:57:C4:7C:FD:2A:78:EC:05:5D:9C:6B:46:17:21:B0:CC:FA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/E8TZV8R8_Sp47AVdnGtGFyGwzPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:8c:db:65:f8:fc:9e:11:74:26:c4:54:45:6c:eb:f7:6f:2a:
         69:f7:d9:ce:cb:04:36:5f:84:11:e5:8e:f5:08:25:25:2f:78:
         e6:3d:45:26:5c:2a:19:ea:d0:5f:4c:0a:f8:b6:f8:b6:f9:29:
         d5:39:eb:11:bf:c3:eb:09:72:60:cb:25:29:c7:c9:41:aa:b2:
         e9:1e:1e:0a:00:f6:84:62:ee:eb:aa:47:22:f6:38:01:81:a1:
         de:c0:fe:48:1c:6e:82:3d:8a:60:20:36:6b:50:8c:33:41:60:
         db:cf:df:78:30:38:a9:65:0b:b0:58:3b:87:48:cc:c1:10:2a:
         ad:17:d6:ec:79:b9:aa:36:4f:45:c3:c3:58:09:66:fb:0a:1a:
         f9:db:a9:f5:ef:12:cc:98:9d:4c:9b:ff:4d:d2:c1:79:9f:c2:
         c7:07:87:c6:c4:6e:26:95:fb:c4:c3:1c:25:2e:ba:be:6b:9e:
         05:44:4d:a6:d7:8a:6f:01:a2:a9:73:a3:8f:d3:95:4c:a9:b5:
         7c:be:82:e3:30:23:6d:7a:08:d3:36:78:73:d7:3e:ac:c0:33:
         65:16:ca:f5:c7:83:e1:4f:ce:5c:4f:3d:aa:ed:9c:91:68:fd:
         76:40:01:6e:a2:ce:4c:a8:76:89:c4:2e:a5:3a:ad:a1:36:f6:
         d2:62:db:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0aUN4CG2tNoDlmxxxhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2M0ZDk1N2M0N2NmZDJhNzhlYzA1NWQ5YzZiNDYxNzIxYjBjY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAym8fjV1jPWl/9BAyq6AJmgNmc67r
lUb4tjtSSm36DtRAyppDeJBW95rRsZsk/aGETjKKwxdfUb1L3t+IEf7Q0l3fgCLQ
pnLrBJBpdsR2yD87vfO2GVorQ9du+Xfd1CCYtiR2asrB710puyEEC6WRovVMvsDF
7+mw1mXFYGOnfryDJuhuBkc16eol9AOtVTipwpnkqURugL2kxTKY0qZOmuajye45
B1cPYnlG3+XXXhq3Z1k3NWFDFj+KFdFzWGFC3gF9YwZns0iL+isFtbxdwlJnGkpk
c9ULry+bRBLIrk7tDkLs5bunXepsUM3KnEotd/A0Ms4wS4tsHEGg2xQAywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPE2VfEfP0qeOwFXZxrRhchsMz6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRThUWlY4UjhfU3A0N0FWZG5HdEdGeUd3elBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzibMA0G
CSqGSIb3DQEBCwUAA4IBAQASjNtl+PyeEXQmxFRFbOv3bypp99nOywQ2X4QR5Y71
CCUlL3jmPUUmXCoZ6tBfTAr4tvi2+SnVOesRv8PrCXJgyyUpx8lBqrLpHh4KAPaE
Yu7rqkci9jgBgaHewP5IHG6CPYpgIDZrUIwzQWDbz994MDipZQuwWDuHSMzBECqt
F9bsebmqNk9Fw8NYCWb7Chr526n17xLMmJ1Mm/9N0sF5n8LHB4fGxG4mlfvEwxwl
Lrq+a54FRE2m14pvAaKpc6OP05VMqbV8voLjMCNtegjTNnhz1z6swDNlFsr1x4Ph
T85cTz2q7ZyRaP12QAFuos5MqHaJxC6lOq2hNvbSYtts
-----END CERTIFICATE-----