Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/G2-KbWrtv84aXiFmPVD5ptsUSKg.roa
File:                     G2-KbWrtv84aXiFmPVD5ptsUSKg.roa (raw, json)
Hash identifier:          L4hzuPTU/rufr7v/4sZuhOAaRqV9KoMIIphLsOCebYo=
Subject key identifier:   1B:6F:8A:6D:6A:ED:BF:CE:1A:5E:21:66:3D:50:F9:A6:DB:14:48:A8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019470C15973725823B575F27DFA0BE2C7B6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/G2-KbWrtv84aXiFmPVD5ptsUSKg.roa
Signing time:             Thu 16 Jan 2025 20:15:07 +0000
ROA not before:           Thu 16 Jan 2025 20:15:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394104
IP address blocks:        31.56.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:c1:59:73:72:58:23:b5:75:f2:7d:fa:0b:e2:c7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 16 20:15:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b6f8a6d6aedbfce1a5e21663d50f9a6db1448a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5f:22:a9:4a:91:a5:24:f4:e5:94:67:73:39:
                    05:29:c6:67:ce:36:fb:55:1c:f5:2b:a2:8d:2d:36:
                    1e:70:64:0c:55:63:51:ca:f1:a2:e8:cc:47:3b:a0:
                    25:67:a2:41:f0:a0:7d:71:4c:af:bb:48:8d:29:14:
                    c3:74:2b:80:84:da:f1:ce:61:e8:77:0b:93:0e:fe:
                    d5:6e:8a:fb:b0:ba:a8:8d:c1:8e:70:6e:0c:bb:74:
                    b3:28:17:10:1f:2c:f4:f7:5d:32:f7:d0:f8:e4:51:
                    b3:c2:a7:11:03:72:8c:77:bb:7b:6f:f0:58:7f:e5:
                    be:57:37:58:ce:ea:e6:99:4a:32:71:ae:5a:0e:16:
                    06:a9:29:18:4b:62:91:41:01:e0:a1:3f:66:4c:7b:
                    f9:88:2f:28:f7:cd:1f:38:9d:d8:46:21:1a:8d:97:
                    23:9b:d7:78:64:75:e0:76:7f:9f:ba:95:e3:b6:17:
                    d9:ba:62:4f:75:fa:57:cf:14:01:00:15:ac:6b:75:
                    e6:d8:0d:19:cf:6e:4f:83:07:87:35:dd:f0:a2:13:
                    86:d5:87:4e:98:6c:30:e4:3b:da:36:82:5d:19:db:
                    31:f8:86:dd:19:20:9d:b0:4b:dd:f3:fd:65:57:ce:
                    4c:8c:18:90:ae:f3:63:20:bd:53:8c:07:75:77:08:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6F:8A:6D:6A:ED:BF:CE:1A:5E:21:66:3D:50:F9:A6:DB:14:48:A8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/G2-KbWrtv84aXiFmPVD5ptsUSKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3f:5c:b9:69:7a:0f:99:e0:92:87:23:f0:dc:74:e8:d7:e9:
         eb:74:aa:52:89:b6:d1:26:a5:0c:4b:1d:a3:ca:c2:20:37:a3:
         7c:f2:19:2d:e7:18:b1:85:05:6e:24:14:83:ad:60:28:0b:22:
         a4:63:ab:f1:f5:ac:9e:b8:aa:77:b3:b5:f9:ca:83:b3:93:58:
         a6:a5:b1:77:da:65:f9:2a:4a:3c:2d:c7:11:43:99:97:1a:be:
         69:c8:66:f5:0f:74:7f:5c:d1:e5:4f:d9:6a:ff:9d:68:90:f4:
         dd:1f:05:85:71:ab:99:98:2d:31:e0:11:48:79:78:25:50:8b:
         7f:82:ae:55:93:66:00:fa:79:a5:51:b2:d5:ea:53:7a:52:95:
         ca:3e:ce:b3:9e:fc:6d:bf:63:79:83:6b:90:9d:c4:1c:f7:3c:
         0c:26:f0:fb:60:f5:aa:df:86:7d:b3:2f:ca:94:d0:c8:20:a4:
         67:fa:5c:af:bb:19:07:25:d8:8a:70:a3:0b:b3:b3:e7:b3:ae:
         43:34:93:1b:c5:d3:4d:11:36:76:ef:f8:f8:f1:4a:43:b6:39:
         7e:65:a3:63:38:74:bb:01:e5:b0:4d:0e:bb:03:59:fc:bf:78:
         6c:34:dd:69:91:e2:fe:d9:16:a8:f5:0d:49:88:b2:26:a8:d5:
         bf:ea:b7:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRwwVlzclgjtXXyffoL4se2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTE2MjAxNTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZmOGE2ZDZhZWRiZmNlMWE1ZTIxNjYzZDUwZjlhNmRiMTQ0OGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy18iqUqRpST05ZRnczkFKcZnzjb7
VRz1K6KNLTYecGQMVWNRyvGi6MxHO6AlZ6JB8KB9cUyvu0iNKRTDdCuAhNrxzmHo
dwuTDv7Vbor7sLqojcGOcG4Mu3SzKBcQHyz0910y99D45FGzwqcRA3KMd7t7b/BY
f+W+VzdYzurmmUoyca5aDhYGqSkYS2KRQQHgoT9mTHv5iC8o980fOJ3YRiEajZcj
m9d4ZHXgdn+fupXjthfZumJPdfpXzxQBABWsa3Xm2A0Zz25PgweHNd3wohOG1YdO
mGww5DvaNoJdGdsx+IbdGSCdsEvd8/1lV85MjBiQrvNjIL1TjAd1dwiH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtvim1q7b/OGl4hZj1Q+abbFEioMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRzItS2JXcnR2ODRhWGlGbVBWRDVwdHNVU0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhLMA0G
CSqGSIb3DQEBCwUAA4IBAQB+P1y5aXoPmeCShyPw3HTo1+nrdKpSibbRJqUMSx2j
ysIgN6N88hkt5xixhQVuJBSDrWAoCyKkY6vx9ayeuKp3s7X5yoOzk1impbF32mX5
Kko8LccRQ5mXGr5pyGb1D3R/XNHlT9lq/51okPTdHwWFcauZmC0x4BFIeXglUIt/
gq5Vk2YA+nmlUbLV6lN6UpXKPs6znvxtv2N5g2uQncQc9zwMJvD7YPWq34Z9sy/K
lNDIIKRn+lyvuxkHJdiKcKMLs7Pns65DNJMbxdNNETZ27/j48UpDtjl+ZaNjOHS7
AeWwTQ67A1n8v3hsNN1pkeL+2Rao9Q1JiLImqNW/6rdC
-----END CERTIFICATE-----