Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FOcRe1xBC5Th5tbFgoi7B_KMEzE.roa
File:                     FOcRe1xBC5Th5tbFgoi7B_KMEzE.roa (raw, json)
Hash identifier:          vF34nOUvz19H83Pt4O2/eJL6sBWO28VL+y2lMEPZiGY=
Subject key identifier:   14:E7:11:7B:5C:41:0B:94:E1:E6:D6:C5:82:88:BB:07:F2:8C:13:31
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019343CA4786C1385CAF072BC01E5485C92F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FOcRe1xBC5Th5tbFgoi7B_KMEzE.roa
Signing time:             Tue 19 Nov 2024 09:39:10 +0000
ROA not before:           Tue 19 Nov 2024 09:39:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     148987
IP address blocks:        31.56.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:ca:47:86:c1:38:5c:af:07:2b:c0:1e:54:85:c9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 19 09:39:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e7117b5c410b94e1e6d6c58288bb07f28c1331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:94:c5:8a:4a:a1:89:5f:ee:d9:ce:dd:d0:81:
                    27:eb:e8:4e:3e:c2:a6:64:69:1e:58:56:8f:4b:c7:
                    b4:60:69:6c:3a:f5:0b:83:38:70:24:ef:36:a4:5c:
                    a7:0e:69:08:c1:dd:44:57:81:59:69:8b:fd:87:2f:
                    5b:2e:5b:2b:cf:34:b1:91:50:b2:ee:5e:cc:88:98:
                    0d:b6:cd:45:59:16:73:a0:eb:a2:30:ce:9f:25:98:
                    8a:aa:38:65:12:55:ef:77:0a:e6:4b:51:a5:83:14:
                    6e:f1:5b:5a:9d:16:9c:ca:a2:44:d8:2d:d0:a6:09:
                    87:e3:6e:2e:8e:89:9d:b2:ab:bf:dc:4c:5f:f4:91:
                    b9:2f:04:f7:f0:a4:08:d5:b4:0d:7e:47:c0:f3:df:
                    88:11:26:bb:88:a0:b4:17:64:51:8e:f4:c3:22:3b:
                    0c:1c:e5:31:e0:fe:0d:46:04:7d:33:e6:b1:e0:00:
                    68:a8:ef:3b:15:d5:fd:0b:ca:4d:5b:5f:02:33:ef:
                    43:cc:6d:9c:c5:d0:b8:01:fa:4d:8d:73:63:2d:d6:
                    7b:4b:0e:ed:2a:88:90:6c:54:8a:c7:db:a1:f9:37:
                    5f:d2:55:f3:fe:84:59:3c:b0:fd:a0:a1:fa:59:27:
                    22:a8:56:11:80:bd:43:b5:c8:78:0a:59:40:a4:6b:
                    f7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E7:11:7B:5C:41:0B:94:E1:E6:D6:C5:82:88:BB:07:F2:8C:13:31
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FOcRe1xBC5Th5tbFgoi7B_KMEzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:73:91:d4:27:97:01:1b:8f:71:c0:14:6c:5d:83:5b:96:fc:
         b7:d4:42:1d:74:02:ba:7d:38:0d:77:64:25:5d:4f:ef:0e:d6:
         b1:80:22:73:d3:18:cb:1f:d1:6f:0a:af:6a:10:81:32:a7:ef:
         5b:82:d8:af:86:4f:32:df:be:94:37:b4:8e:03:31:93:de:a8:
         f5:b9:f0:2c:2f:98:32:78:0d:c9:f8:b8:74:c2:cb:69:44:52:
         11:bf:e4:19:cc:47:9c:ec:b5:28:c1:e8:6a:33:38:2c:b2:d0:
         8e:ee:a9:b5:75:5d:e6:79:2a:5f:ea:a2:65:e7:98:47:cb:d8:
         0f:6e:80:f8:b9:68:c5:a1:04:44:96:30:bd:7c:c6:11:77:40:
         1d:a2:88:59:b7:32:10:35:c9:52:a1:4b:87:c1:e4:8a:26:ff:
         b8:80:e6:05:fc:ac:19:db:a7:60:58:0e:43:d3:47:47:40:30:
         6a:80:c0:7f:15:7d:93:a5:40:6c:39:11:3c:eb:22:a3:61:b4:
         c4:27:28:6b:d6:5a:47:ca:51:d0:22:bd:eb:27:e8:dd:65:7f:
         f3:b2:5a:a2:ee:9d:63:2b:9e:3b:f2:37:9a:8a:4a:c9:8c:a6:
         44:8d:d7:a9:f6:91:16:08:50:5a:50:f8:82:8d:23:ce:e2:34:
         8d:49:37:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNDykeGwThcrwcrwB5UhckvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTE5MDkzOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGU3MTE3YjVjNDEwYjk0ZTFlNmQ2YzU4Mjg4YmIwN2YyOGMxMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5TFikqhiV/u2c7d0IEn6+hOPsKm
ZGkeWFaPS8e0YGlsOvULgzhwJO82pFynDmkIwd1EV4FZaYv9hy9bLlsrzzSxkVCy
7l7MiJgNts1FWRZzoOuiMM6fJZiKqjhlElXvdwrmS1GlgxRu8VtanRacyqJE2C3Q
pgmH424ujomdsqu/3Exf9JG5LwT38KQI1bQNfkfA89+IESa7iKC0F2RRjvTDIjsM
HOUx4P4NRgR9M+ax4ABoqO87FdX9C8pNW18CM+9DzG2cxdC4AfpNjXNjLdZ7Sw7t
KoiQbFSKx9uh+Tdf0lXz/oRZPLD9oKH6WSciqFYRgL1Dtch4CllApGv38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTnEXtcQQuU4ebWxYKIuwfyjBMxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRk9jUmUxeEJDNVRoNXRiRmdvaTdCX0tNRXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhVMA0G
CSqGSIb3DQEBCwUAA4IBAQC3c5HUJ5cBG49xwBRsXYNblvy31EIddAK6fTgNd2Ql
XU/vDtaxgCJz0xjLH9FvCq9qEIEyp+9bgtivhk8y376UN7SOAzGT3qj1ufAsL5gy
eA3J+Lh0wstpRFIRv+QZzEec7LUowehqMzgsstCO7qm1dV3meSpf6qJl55hHy9gP
boD4uWjFoQREljC9fMYRd0AdoohZtzIQNclSoUuHweSKJv+4gOYF/KwZ26dgWA5D
00dHQDBqgMB/FX2TpUBsORE86yKjYbTEJyhr1lpHylHQIr3rJ+jdZX/zslqi7p1j
K5478jeaikrJjKZEjdep9pEWCFBaUPiCjSPO4jSNSTe7
-----END CERTIFICATE-----