Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ftl3xom6q5b6PYoEr12hIZXxhT0.roa
File:                     Ftl3xom6q5b6PYoEr12hIZXxhT0.roa (raw, json)
Hash identifier:          eAsFkCNhE/FmIBF943dAjuaDWb2ymjxZhgMuwpVLWHA=
Subject key identifier:   16:D9:77:C6:89:BA:AB:96:FA:3D:8A:04:AF:5D:A1:21:95:F1:85:3D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282380011F965FF0891790113F1F71EB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ftl3xom6q5b6PYoEr12hIZXxhT0.roa
Signing time:             Thu 02 Jan 2025 17:50:02 +0000
ROA not before:           Thu 02 Jan 2025 17:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215528
IP address blocks:        31.58.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:80:01:1f:96:5f:f0:89:17:90:11:3f:1f:71:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16d977c689baab96fa3d8a04af5da12195f1853d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:84:d2:04:8a:41:21:05:c6:1f:77:bb:c1:83:
                    24:7d:2a:48:ef:62:f4:bd:ef:69:7e:e6:76:ff:fb:
                    66:69:09:c9:07:ae:8f:8e:8a:89:a1:c5:1e:07:08:
                    8c:a4:7c:7d:86:3e:22:e5:d3:ec:6d:25:92:96:76:
                    51:0e:24:22:1f:67:31:d5:b9:56:6b:d6:2a:71:65:
                    0d:80:89:b8:a7:16:dc:e8:07:da:f9:3e:e3:df:93:
                    9f:c1:ff:50:aa:31:b1:8c:b2:3f:de:f1:c5:d8:ac:
                    fe:de:e2:24:71:8a:39:6f:d0:db:00:d7:30:65:1f:
                    37:14:45:40:39:dd:82:70:b0:eb:c6:ba:9a:13:71:
                    9e:3d:78:a7:f1:e7:c2:f4:52:ec:d0:40:95:bf:53:
                    fc:1b:86:68:22:05:1b:25:40:83:ce:30:25:17:3d:
                    bc:35:9b:40:9c:f9:b1:49:14:02:c2:ec:e9:56:f1:
                    89:05:ba:fe:50:fd:ae:ce:ea:5d:e6:8a:9e:a4:79:
                    c2:0e:47:09:bb:13:a8:d2:ff:01:b5:7e:cc:0d:02:
                    60:c1:95:a5:d1:05:62:d5:33:ad:dd:57:c4:54:c7:
                    31:2d:6a:e8:1d:03:d9:21:74:73:10:77:b2:44:49:
                    d2:45:2b:ea:1a:0c:78:c0:8f:01:d3:1d:e6:00:81:
                    ee:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D9:77:C6:89:BA:AB:96:FA:3D:8A:04:AF:5D:A1:21:95:F1:85:3D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Ftl3xom6q5b6PYoEr12hIZXxhT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:23:ec:f0:a0:61:ca:dc:ae:d3:43:90:d2:3e:2f:88:ec:9d:
         fb:77:9c:aa:72:4f:ff:6f:a0:4c:0b:6f:45:37:00:62:5f:59:
         d3:1f:10:75:55:d3:0a:15:d0:ee:70:b6:3d:bc:76:cd:1b:3e:
         78:d7:d2:c0:ae:d4:19:82:5f:27:eb:a7:bc:b8:5c:bf:5b:aa:
         98:d2:56:65:be:52:ea:ce:6f:c9:eb:46:6c:27:a1:98:de:15:
         2b:ae:4a:cf:31:6c:6a:e7:d6:cf:ae:37:ff:4a:11:f3:9b:b1:
         11:25:a8:67:11:e1:b9:6b:d0:e7:59:f7:73:52:db:20:c5:c7:
         b3:fb:af:7d:d8:34:f7:c1:fa:79:8f:d3:54:f0:ee:5f:bf:d8:
         f5:5c:e2:85:52:50:7a:74:0b:82:b1:11:f8:8f:22:44:db:4c:
         da:73:67:99:c8:07:ac:0a:50:8a:8d:a1:ce:39:ab:b0:bf:b8:
         60:e7:29:eb:b4:e4:d6:23:59:25:d3:2f:28:91:dd:f2:d4:76:
         4e:a8:82:ab:77:31:29:15:9b:3b:0c:c4:f8:16:4d:2a:67:da:
         74:a8:c7:08:40:d7:11:58:fc:aa:62:92:59:da:a0:42:f5:eb:
         a9:ec:67:61:8c:97:39:1a:ad:75:c0:1e:9f:42:69:b3:ec:ee:
         c3:29:8b:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4ABH5Zf8IkXkBE/H3HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ5NzdjNjg5YmFhYjk2ZmEzZDhhMDRhZjVkYTEyMTk1ZjE4NTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YTSBIpBIQXGH3e7wYMkfSpI72L0
ve9pfuZ2//tmaQnJB66PjoqJocUeBwiMpHx9hj4i5dPsbSWSlnZRDiQiH2cx1blW
a9YqcWUNgIm4pxbc6Afa+T7j35Ofwf9QqjGxjLI/3vHF2Kz+3uIkcYo5b9DbANcw
ZR83FEVAOd2CcLDrxrqaE3GePXin8efC9FLs0ECVv1P8G4ZoIgUbJUCDzjAlFz28
NZtAnPmxSRQCwuzpVvGJBbr+UP2uzupd5oqepHnCDkcJuxOo0v8BtX7MDQJgwZWl
0QVi1TOt3VfEVMcxLWroHQPZIXRzEHeyREnSRSvqGgx4wI8B0x3mAIHuqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbZd8aJuquW+j2KBK9doSGV8YU9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRnRsM3hvbTZxNWI2UFlvRXIxMmhJWlh4aFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqbMA0G
CSqGSIb3DQEBCwUAA4IBAQCRI+zwoGHK3K7TQ5DSPi+I7J37d5yqck//b6BMC29F
NwBiX1nTHxB1VdMKFdDucLY9vHbNGz5419LArtQZgl8n66e8uFy/W6qY0lZlvlLq
zm/J60ZsJ6GY3hUrrkrPMWxq59bPrjf/ShHzm7ERJahnEeG5a9DnWfdzUtsgxcez
+6992DT3wfp5j9NU8O5fv9j1XOKFUlB6dAuCsRH4jyJE20zac2eZyAesClCKjaHO
Oauwv7hg5ynrtOTWI1kl0y8okd3y1HZOqIKrdzEpFZs7DMT4Fk0qZ9p0qMcIQNcR
WPyqYpJZ2qBC9eup7GdhjJc5Gq11wB6fQmmz7O7DKYvr
-----END CERTIFICATE-----