Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IoXoQiwGug-Z9Jgd3PUn6E93YuA.roa
File:                     IoXoQiwGug-Z9Jgd3PUn6E93YuA.roa (raw, json)
Hash identifier:          Wdvl6MZzc/yyrGFpmvHHUvc3W4V3tiIaYy1s36BKcv4=
Subject key identifier:   22:85:E8:42:2C:06:BA:0F:99:F4:98:1D:DC:F5:27:E8:4F:77:62:E0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192AE73CB66AE27EF26D1CDCAD5FB236993
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IoXoQiwGug-Z9Jgd3PUn6E93YuA.roa
Signing time:             Mon 21 Oct 2024 09:41:17 +0000
ROA not before:           Mon 21 Oct 2024 09:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214941
IP address blocks:        31.57.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 19:58:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:73:cb:66:ae:27:ef:26:d1:cd:ca:d5:fb:23:69:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 21 09:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2285e8422c06ba0f99f4981ddcf527e84f7762e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:07:57:56:8d:57:0d:ea:5f:59:39:94:a5:55:
                    71:0c:11:c3:78:f7:96:26:8c:b7:37:b0:70:53:80:
                    c6:df:ca:a9:62:4e:f1:39:86:e1:40:0e:dd:74:25:
                    90:3c:30:ff:0e:0b:35:71:f0:b1:93:99:7c:14:42:
                    db:00:10:55:79:db:c4:32:0b:3a:42:e5:45:a1:71:
                    4a:4c:95:9e:8b:1b:d6:4d:f1:b9:e7:c7:ae:5c:d7:
                    75:69:e1:e0:0b:a9:8d:dd:d1:5a:60:4b:af:34:af:
                    83:27:26:fa:78:4e:d4:f5:bc:cd:f4:25:2d:05:55:
                    eb:27:45:81:93:87:46:00:db:e1:ab:00:c9:d3:7a:
                    e5:5e:28:97:45:cb:0d:9f:c4:b3:f6:ab:87:be:48:
                    a9:10:7e:50:2e:a2:01:57:d7:f4:2f:2f:ed:2a:5a:
                    82:bc:74:59:c0:8b:6d:0e:f9:82:81:3b:5f:f5:06:
                    bc:6c:5a:72:95:3b:6a:91:7f:46:f1:4d:b7:0e:f3:
                    3a:28:13:61:ce:35:e1:50:4e:ed:b7:ab:da:7d:68:
                    57:2d:ed:6c:a5:ab:df:22:e0:1b:ea:3a:3e:83:2f:
                    64:8c:6c:5a:12:9e:51:f3:f9:c3:cf:5c:a5:85:43:
                    81:64:88:e9:33:34:e8:95:a2:ff:64:f8:71:c4:08:
                    7e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:85:E8:42:2C:06:BA:0F:99:F4:98:1D:DC:F5:27:E8:4F:77:62:E0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IoXoQiwGug-Z9Jgd3PUn6E93YuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:be:d5:5b:5c:2d:30:cc:dc:ec:30:4e:4d:2b:c6:69:ac:7a:
         23:bf:b1:1d:73:e1:1c:c3:44:c2:fc:d3:84:41:fe:29:28:ee:
         72:a4:85:fc:f7:3d:b2:ee:2d:f2:09:25:3f:5c:94:44:f4:ff:
         5d:45:8f:f1:96:95:39:71:06:a6:0f:70:0e:ca:b2:a8:bb:38:
         bb:b7:1b:d0:20:b7:39:b6:08:1b:c8:0e:9c:dc:a1:ec:77:cd:
         1c:3e:1e:a7:ac:61:40:50:e7:6d:0b:2c:4d:a4:b0:34:3f:a4:
         17:72:92:f0:c6:39:ee:10:3a:43:93:de:80:ec:03:20:64:f8:
         4e:fe:4d:c8:3a:10:6e:ff:ff:8f:6a:84:b4:e0:2a:72:73:49:
         0e:f6:ab:6c:b2:85:fc:c2:e1:7c:72:c3:c6:b7:ad:f1:c3:3a:
         44:2c:1f:81:33:07:64:c4:99:41:ac:09:75:9e:19:1b:64:3f:
         65:ee:92:a2:51:7a:1d:68:fa:58:fc:96:ad:d1:df:d8:21:8d:
         03:e6:f1:8c:d9:e1:ce:81:6a:33:93:5f:ba:51:4e:22:47:60:
         2e:66:dd:b2:ec:61:6e:c3:d1:44:5b:fb:1b:93:7f:1e:44:ca:
         fe:61:8a:3a:02:b2:93:67:00:1b:c3:cf:e7:4b:6e:f3:c7:d9:
         28:8d:35:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKuc8tmrifvJtHNytX7I2mTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDIxMDk0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg1ZTg0MjJjMDZiYTBmOTlmNDk4MWRkY2Y1MjdlODRmNzc2MmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwdXVo1XDepfWTmUpVVxDBHDePeW
Joy3N7BwU4DG38qpYk7xOYbhQA7ddCWQPDD/Dgs1cfCxk5l8FELbABBVedvEMgs6
QuVFoXFKTJWeixvWTfG558euXNd1aeHgC6mN3dFaYEuvNK+DJyb6eE7U9bzN9CUt
BVXrJ0WBk4dGANvhqwDJ03rlXiiXRcsNn8Sz9quHvkipEH5QLqIBV9f0Ly/tKlqC
vHRZwIttDvmCgTtf9Qa8bFpylTtqkX9G8U23DvM6KBNhzjXhUE7tt6vafWhXLe1s
pavfIuAb6jo+gy9kjGxaEp5R8/nDz1ylhUOBZIjpMzTolaL/ZPhxxAh+qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKF6EIsBroPmfSYHdz1J+hPd2LgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSW9Yb1Fpd0d1Zy1aOUpnZDNQVW42RTkzWXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmHMA0G
CSqGSIb3DQEBCwUAA4IBAQA8vtVbXC0wzNzsME5NK8ZprHojv7Edc+Ecw0TC/NOE
Qf4pKO5ypIX89z2y7i3yCSU/XJRE9P9dRY/xlpU5cQamD3AOyrKouzi7txvQILc5
tggbyA6c3KHsd80cPh6nrGFAUOdtCyxNpLA0P6QXcpLwxjnuEDpDk96A7AMgZPhO
/k3IOhBu//+PaoS04Cpyc0kO9qtssoX8wuF8csPGt63xwzpELB+BMwdkxJlBrAl1
nhkbZD9l7pKiUXodaPpY/Jat0d/YIY0D5vGM2eHOgWozk1+6UU4iR2AuZt2y7GFu
w9FEW/sbk38eRMr+YYo6ArKTZwAbw8/nS27zx9kojTWx
-----END CERTIFICATE-----