Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYZz2btZjjncp1ARVadxuu668UQ.roa
File:                     HYZz2btZjjncp1ARVadxuu668UQ.roa (raw, json)
Hash identifier:          WFvATM8ZnlXg7+y95Q4EKR+yWliT2ASr5LlK2ruxUUM=
Subject key identifier:   1D:86:73:D9:BB:59:8E:39:DC:A7:50:11:55:A7:71:BA:EE:BA:F1:44
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0193405E2013F5D06C96D1DE32AFCD56AAF9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYZz2btZjjncp1ARVadxuu668UQ.roa
Signing time:             Mon 18 Nov 2024 17:42:10 +0000
ROA not before:           Mon 18 Nov 2024 17:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214353
IP address blocks:        31.59.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:40:5e:20:13:f5:d0:6c:96:d1:de:32:af:cd:56:aa:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 18 17:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d8673d9bb598e39dca7501155a771baeebaf144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7f:46:99:9e:c4:ed:ff:6c:6d:48:f4:e0:f7:
                    fa:01:0b:68:84:49:41:0d:21:65:41:8b:7d:34:72:
                    5f:06:ee:0e:d2:0c:74:7c:b2:94:fe:c9:b3:59:bf:
                    cb:ed:39:a9:59:d3:8a:58:5e:83:d7:6e:bc:2c:33:
                    f1:4d:5a:88:a4:5d:54:92:c9:35:1d:86:53:19:c1:
                    b3:f4:51:11:5e:b4:f8:08:e7:09:66:8e:bc:a6:d3:
                    c3:dd:ab:32:60:cf:e5:98:0f:d4:45:17:c5:08:2b:
                    f6:29:b5:9a:4f:20:ce:9c:bc:48:d7:45:6b:6c:92:
                    c5:7c:80:18:bb:6c:38:b1:34:4f:fe:38:43:b5:6e:
                    6b:0c:01:28:7e:da:84:82:9e:a7:4b:0c:a6:cd:77:
                    3d:7e:fb:91:29:21:7f:e3:ad:f3:a7:b5:d2:59:97:
                    2e:fc:21:70:75:9b:32:ae:47:8e:28:e0:a9:4e:19:
                    6b:c2:1b:37:59:94:f7:6a:1a:72:83:21:a8:bd:91:
                    41:64:e4:22:49:ab:88:72:e0:e0:fd:e1:81:da:3f:
                    10:ad:f0:29:1d:e3:8e:f9:72:68:ae:50:5c:2d:a4:
                    93:c7:d7:e8:01:cf:c6:11:29:05:e4:75:81:e5:f7:
                    cc:15:29:07:d7:4a:20:0e:7a:f0:44:a7:0d:5e:cb:
                    ea:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:86:73:D9:BB:59:8E:39:DC:A7:50:11:55:A7:71:BA:EE:BA:F1:44
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HYZz2btZjjncp1ARVadxuu668UQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:e1:ec:e3:ec:10:9c:62:4f:8b:ed:13:2f:72:b9:d0:31:74:
         f9:ce:b9:95:3a:2e:fd:0f:ac:c5:34:18:bb:c9:aa:c0:d4:f5:
         88:da:f4:9e:4a:45:1c:b4:13:61:d0:b9:e7:5f:ee:7c:a8:d1:
         6f:cc:6f:a0:6b:ae:48:4b:a1:66:d8:2a:48:ae:9e:44:82:4c:
         f6:a7:ff:3c:e3:2d:50:df:35:68:85:8b:53:d9:34:f1:bf:04:
         16:cf:51:aa:5b:9f:ee:9b:4c:53:e6:1c:72:0c:cc:2e:39:82:
         75:3b:f3:4b:b1:cf:4f:be:8f:d0:c9:12:48:ce:43:df:da:32:
         d5:f8:bc:77:31:0c:01:1e:c9:59:07:4e:19:fc:57:89:05:ba:
         58:e1:d6:50:8b:58:d4:ed:9d:9d:62:38:f0:6b:c9:c2:6b:7a:
         31:8d:38:0d:39:b0:95:bb:53:5a:d9:16:a7:72:3b:3e:8f:33:
         20:b3:20:7b:38:a1:73:40:0d:81:f7:35:87:bb:1b:d2:8d:a0:
         07:6e:0c:69:09:11:d4:ef:f2:a1:66:df:42:63:c2:ab:c8:83:
         ff:c6:23:28:69:a4:68:51:f7:5c:a5:ed:51:45:04:71:92:3a:
         21:b6:73:5b:51:41:4f:9b:bb:e1:c0:6d:7c:3f:e0:2d:66:2b:
         1b:1e:6d:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNAXiAT9dBsltHeMq/NVqr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTE4MTc0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg2NzNkOWJiNTk4ZTM5ZGNhNzUwMTE1NWE3NzFiYWVlYmFmMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n9GmZ7E7f9sbUj04Pf6AQtohElB
DSFlQYt9NHJfBu4O0gx0fLKU/smzWb/L7TmpWdOKWF6D1268LDPxTVqIpF1Uksk1
HYZTGcGz9FERXrT4COcJZo68ptPD3asyYM/lmA/URRfFCCv2KbWaTyDOnLxI10Vr
bJLFfIAYu2w4sTRP/jhDtW5rDAEoftqEgp6nSwymzXc9fvuRKSF/463zp7XSWZcu
/CFwdZsyrkeOKOCpThlrwhs3WZT3ahpygyGovZFBZOQiSauIcuDg/eGB2j8QrfAp
HeOO+XJorlBcLaSTx9foAc/GESkF5HWB5ffMFSkH10ogDnrwRKcNXsvqiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2Gc9m7WY453KdQEVWncbruuvFEMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSFlaejJidFpqam5jcDFBUlZhZHh1dTY2OFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzuCMA0G
CSqGSIb3DQEBCwUAA4IBAQBx4ezj7BCcYk+L7RMvcrnQMXT5zrmVOi79D6zFNBi7
yarA1PWI2vSeSkUctBNh0LnnX+58qNFvzG+ga65IS6Fm2CpIrp5Egkz2p/884y1Q
3zVohYtT2TTxvwQWz1GqW5/um0xT5hxyDMwuOYJ1O/NLsc9Pvo/QyRJIzkPf2jLV
+Lx3MQwBHslZB04Z/FeJBbpY4dZQi1jU7Z2dYjjwa8nCa3oxjTgNObCVu1Na2Ran
cjs+jzMgsyB7OKFzQA2B9zWHuxvSjaAHbgxpCRHU7/KhZt9CY8KryIP/xiMoaaRo
Ufdcpe1RRQRxkjohtnNbUUFPm7vhwG18P+AtZisbHm3P
-----END CERTIFICATE-----