Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ficq9axu-N9QKXpVtYFp2BQxfdw.roa
File:                     Ficq9axu-N9QKXpVtYFp2BQxfdw.roa (raw, json)
Hash identifier:          CDqcgd3eFGbEAO7r4i++ncOEXVce6/VKq97uZAJvPis=
Subject key identifier:   16:27:2A:F5:AC:6E:F8:DF:50:29:7A:55:B5:81:69:D8:14:31:7D:DC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823740116E63F8EF8A5EA97DFFD7794
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ficq9axu-N9QKXpVtYFp2BQxfdw.roa
Signing time:             Thu 02 Jan 2025 17:49:59 +0000
ROA not before:           Thu 02 Jan 2025 17:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214305
IP address blocks:        31.58.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:74:01:16:e6:3f:8e:f8:a5:ea:97:df:fd:77:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16272af5ac6ef8df50297a55b58169d814317ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8a:d5:57:7d:25:55:64:7b:02:f1:8d:49:0d:
                    af:c4:03:e1:eb:0e:77:f6:60:44:61:df:44:48:c4:
                    50:47:e3:5b:cc:d4:d9:94:99:3d:b4:30:62:a8:53:
                    b6:8d:bd:54:5e:0f:8d:c2:6d:55:b4:94:c4:db:f0:
                    73:e1:26:39:1d:31:ad:42:1e:f8:f9:37:44:ca:bc:
                    0d:d0:db:65:64:25:b6:62:44:be:f3:89:16:f7:76:
                    b9:0d:a5:33:ae:5f:1c:c2:8b:26:16:0f:e2:91:dd:
                    32:4a:c5:fd:3f:c5:05:06:93:be:24:0d:9b:57:aa:
                    51:45:34:87:6d:7a:31:69:6b:50:7f:33:ff:35:82:
                    05:b4:85:b1:e9:90:01:d9:d7:4d:e0:cd:35:5a:18:
                    9f:fe:24:00:67:8b:45:60:f2:5b:81:88:1d:40:9a:
                    e3:cc:fe:f4:c6:29:49:ef:42:40:d9:ce:1d:56:02:
                    cb:c2:28:b1:b6:bd:f1:51:e2:bb:e0:93:66:e5:a0:
                    04:ef:22:fa:64:fa:ba:b9:86:98:bd:b6:6e:a8:07:
                    2d:ac:36:76:6f:4c:e2:e5:70:6f:ef:71:d2:5f:b6:
                    f9:58:60:41:4b:3b:12:f3:71:67:80:a1:85:59:3d:
                    04:14:84:73:d1:b5:af:0e:b1:3d:7c:c1:15:90:43:
                    40:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:27:2A:F5:AC:6E:F8:DF:50:29:7A:55:B5:81:69:D8:14:31:7D:DC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ficq9axu-N9QKXpVtYFp2BQxfdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a0:9d:06:f0:fe:9d:82:91:af:90:b9:e4:6c:71:a7:ad:5a:
         ad:18:62:d6:a2:bb:e5:3e:03:f7:a3:dc:bb:92:75:c9:0d:dc:
         a3:52:e2:bd:d6:df:22:f7:97:08:86:e2:05:29:fc:f2:75:19:
         94:92:5e:9a:32:e1:a2:97:1b:dc:9d:71:ce:1f:4a:a3:fb:94:
         f8:49:6f:41:4e:93:43:b7:84:04:0c:a4:21:31:03:b6:93:8d:
         4d:1c:c5:e1:20:b9:5d:e3:74:56:8d:2d:2a:06:4c:7f:3f:96:
         d0:d0:c7:c1:a3:2e:61:91:a5:e1:74:67:1e:a3:57:35:1a:ad:
         34:77:00:18:07:1b:63:c9:b8:d5:97:78:bc:c8:95:5e:20:23:
         ff:1a:eb:b9:34:a2:1d:fe:0e:68:ab:a6:05:d6:9a:d5:bd:1b:
         eb:4e:fa:38:a6:81:72:bc:a4:50:52:a9:a1:f9:1e:c3:20:49:
         d6:86:11:6f:f3:59:37:d2:ce:e3:4d:51:c1:34:b3:ba:22:72:
         b6:cd:0c:69:d8:d7:c4:68:1c:ef:e8:a8:20:88:83:59:ef:66:
         3e:d3:89:b9:b5:fe:a8:bf:e3:ef:32:61:e7:17:58:72:60:a8:
         30:cb:f2:2a:91:3d:41:82:66:d1:a9:50:fe:0b:e7:f1:b6:1a:
         de:29:41:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3QBFuY/jvil6pff/XeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI3MmFmNWFjNmVmOGRmNTAyOTdhNTViNTgxNjlkODE0MzE3ZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsorVV30lVWR7AvGNSQ2vxAPh6w53
9mBEYd9ESMRQR+NbzNTZlJk9tDBiqFO2jb1UXg+Nwm1VtJTE2/Bz4SY5HTGtQh74
+TdEyrwN0NtlZCW2YkS+84kW93a5DaUzrl8cwosmFg/ikd0ySsX9P8UFBpO+JA2b
V6pRRTSHbXoxaWtQfzP/NYIFtIWx6ZAB2ddN4M01Whif/iQAZ4tFYPJbgYgdQJrj
zP70xilJ70JA2c4dVgLLwiixtr3xUeK74JNm5aAE7yL6ZPq6uYaYvbZuqActrDZ2
b0zi5XBv73HSX7b5WGBBSzsS83FngKGFWT0EFIRz0bWvDrE9fMEVkENAJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYnKvWsbvjfUCl6VbWBadgUMX3cMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRmljcTlheHUtTjlRS1hwVnRZRnAyQlF4ZmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzr4MA0G
CSqGSIb3DQEBCwUAA4IBAQAfoJ0G8P6dgpGvkLnkbHGnrVqtGGLWorvlPgP3o9y7
knXJDdyjUuK91t8i95cIhuIFKfzydRmUkl6aMuGilxvcnXHOH0qj+5T4SW9BTpND
t4QEDKQhMQO2k41NHMXhILld43RWjS0qBkx/P5bQ0MfBoy5hkaXhdGceo1c1Gq00
dwAYBxtjybjVl3i8yJVeICP/Guu5NKId/g5oq6YF1prVvRvrTvo4poFyvKRQUqmh
+R7DIEnWhhFv81k30s7jTVHBNLO6InK2zQxp2NfEaBzv6KggiINZ72Y+04m5tf6o
v+PvMmHnF1hyYKgwy/IqkT1BgmbRqVD+C+fxthreKUFE
-----END CERTIFICATE-----