Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H44ICKeHyf0n363w2Sbn5mKYF9c.roa
File:                     H44ICKeHyf0n363w2Sbn5mKYF9c.roa (raw, json)
Hash identifier:          GzFubp5ljsZq+h8CWvpPGlRdXF/iwwWjL9JZ3GRoT8Y=
Subject key identifier:   1F:8E:08:08:A7:87:C9:FD:27:DF:AD:F0:D9:26:E7:E6:62:98:17:D7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282348CC17C38994D3B8F7D024322AB7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H44ICKeHyf0n363w2Sbn5mKYF9c.roa
Signing time:             Thu 02 Jan 2025 17:49:48 +0000
ROA not before:           Thu 02 Jan 2025 17:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53107
IP address blocks:        31.57.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:48:cc:17:c3:89:94:d3:b8:f7:d0:24:32:2a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f8e0808a787c9fd27dfadf0d926e7e6629817d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:93:26:d5:94:5f:dc:cf:6f:e0:f1:a6:06:d0:
                    50:6e:d9:ba:ef:3d:4d:29:9d:e8:8b:f4:ca:d7:49:
                    25:74:e0:c9:1f:ad:dc:50:12:98:fa:01:cd:78:f2:
                    a0:a3:74:ca:82:ce:40:b3:f1:1e:ed:9b:98:0f:b2:
                    7c:d7:1b:fe:4b:6b:a9:e3:42:b5:95:50:d1:52:3f:
                    f7:2d:d0:f0:e8:6b:4e:fa:ab:0a:bd:25:f9:84:fa:
                    8e:b8:1e:df:6d:3a:5b:ce:76:c7:69:3b:02:bf:9e:
                    eb:7b:77:35:14:37:19:2c:e7:ed:16:da:a8:22:ce:
                    2d:ad:bd:01:a3:7b:af:f8:71:4c:79:7c:97:b3:12:
                    b4:da:31:7e:dc:50:a1:d8:dd:37:aa:3f:f0:c4:64:
                    6c:2b:91:cb:35:2e:e9:60:77:75:29:50:ee:8d:d1:
                    b6:cf:d1:1c:f8:bf:48:4a:f0:c8:c3:b9:d1:1d:75:
                    dd:18:f1:76:5e:a9:ee:22:84:3e:10:52:39:e4:a5:
                    73:72:77:06:b4:1e:4e:cc:4a:e7:69:e8:6b:ba:2b:
                    75:1e:bd:3e:a6:94:c1:5b:21:64:05:78:62:e9:6e:
                    40:ff:ad:e4:f0:d6:c0:9d:c7:08:6a:e9:51:b6:d3:
                    3c:b8:b5:e6:57:cc:6a:74:af:66:57:fc:b2:44:49:
                    86:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8E:08:08:A7:87:C9:FD:27:DF:AD:F0:D9:26:E7:E6:62:98:17:D7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/H44ICKeHyf0n363w2Sbn5mKYF9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:9b:b2:d4:25:9a:d7:43:63:90:8b:87:06:47:e0:a5:ed:6b:
         d1:99:d7:37:e3:84:e6:ee:cb:98:0e:13:1e:19:09:b3:8f:f9:
         a2:24:fe:75:4f:5f:c0:81:2a:ac:f2:ed:62:c5:12:6b:51:70:
         8d:80:84:f6:d6:20:6f:30:8c:c4:50:07:9b:7d:64:6b:0b:69:
         98:8f:65:07:db:c9:a6:f3:ec:fe:df:6c:dd:54:8f:e6:21:89:
         be:76:0f:ca:d2:b6:d3:bd:db:64:d1:35:83:f1:88:38:36:c8:
         b1:c1:87:e1:a8:da:05:8d:d6:19:59:93:c7:80:ff:de:80:2a:
         c9:fd:09:e3:bd:2e:75:45:5f:5c:99:58:0d:7c:42:d2:40:d7:
         54:45:ae:3a:51:9b:52:53:0e:6d:9c:6e:83:57:56:0d:73:7c:
         db:38:ff:55:b4:60:bf:f2:63:7e:1a:f3:1d:5d:ab:3f:d1:12:
         08:d8:00:55:3a:4e:07:72:b4:b6:43:21:bc:0f:d2:a0:65:d1:
         9f:28:91:f4:57:44:97:bb:96:33:53:23:33:01:93:12:94:a1:
         4f:b5:3d:04:ee:1c:d5:0c:08:43:a8:87:40:9b:62:c4:e4:bf:
         c7:a6:81:d9:94:6f:af:8c:c0:8b:ea:b4:c5:83:42:51:7c:58:
         f8:f9:16:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0jMF8OJlNO499AkMiq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhlMDgwOGE3ODdjOWZkMjdkZmFkZjBkOTI2ZTdlNjYyOTgxN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5Mm1ZRf3M9v4PGmBtBQbtm67z1N
KZ3oi/TK10kldODJH63cUBKY+gHNePKgo3TKgs5As/Ee7ZuYD7J81xv+S2up40K1
lVDRUj/3LdDw6GtO+qsKvSX5hPqOuB7fbTpbznbHaTsCv57re3c1FDcZLOftFtqo
Is4trb0Bo3uv+HFMeXyXsxK02jF+3FCh2N03qj/wxGRsK5HLNS7pYHd1KVDujdG2
z9Ec+L9ISvDIw7nRHXXdGPF2XqnuIoQ+EFI55KVzcncGtB5OzErnaehruit1Hr0+
ppTBWyFkBXhi6W5A/63k8NbAnccIaulRttM8uLXmV8xqdK9mV/yyREmGGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+OCAinh8n9J9+t8Nkm5+ZimBfXMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSDQ0SUNLZUh5ZjBuMzYzdzJTYm41bUtZRjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzntMA0G
CSqGSIb3DQEBCwUAA4IBAQAZm7LUJZrXQ2OQi4cGR+Cl7WvRmdc344Tm7suYDhMe
GQmzj/miJP51T1/AgSqs8u1ixRJrUXCNgIT21iBvMIzEUAebfWRrC2mYj2UH28mm
8+z+32zdVI/mIYm+dg/K0rbTvdtk0TWD8Yg4NsixwYfhqNoFjdYZWZPHgP/egCrJ
/QnjvS51RV9cmVgNfELSQNdURa46UZtSUw5tnG6DV1YNc3zbOP9VtGC/8mN+GvMd
Xas/0RII2ABVOk4HcrS2QyG8D9KgZdGfKJH0V0SXu5YzUyMzAZMSlKFPtT0E7hzV
DAhDqIdAm2LE5L/HpoHZlG+vjMCL6rTFg0JRfFj4+RYY
-----END CERTIFICATE-----