Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JH77xt1dGfFiNkb_oKisNlopL-k.roa
File:                     JH77xt1dGfFiNkb_oKisNlopL-k.roa (raw, json)
Hash identifier:          CuVeRKYlGtLqgqOpBc8vDFC451vVZIuEdH1E4C6t8ro=
Subject key identifier:   24:7E:FB:C6:DD:5D:19:F1:62:36:46:FF:A0:A8:AC:36:5A:29:2F:E9
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019203C892B5461BD02BE9EC6C21DEE43DA0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JH77xt1dGfFiNkb_oKisNlopL-k.roa
Signing time:             Wed 18 Sep 2024 06:18:49 +0000
ROA not before:           Wed 18 Sep 2024 06:18:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     266400
IP address blocks:        31.57.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:03:c8:92:b5:46:1b:d0:2b:e9:ec:6c:21:de:e4:3d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 18 06:18:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=247efbc6dd5d19f1623646ffa0a8ac365a292fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8d:03:db:90:83:5e:fc:99:00:16:af:64:4c:
                    2e:eb:a9:10:a3:3e:af:34:09:ec:de:9e:76:a6:c0:
                    bc:04:14:9e:5b:9a:6a:4f:c2:fe:80:13:59:09:1b:
                    7a:b5:49:94:25:93:5e:6a:b2:3d:38:4d:8b:d0:82:
                    b9:83:29:6f:17:a7:fa:b8:c8:a0:a6:05:dc:26:40:
                    20:e6:4e:56:a4:57:26:13:1b:86:1d:d5:ed:11:b4:
                    2a:7c:14:7a:b4:1a:ca:f9:50:61:64:cd:b9:44:1a:
                    7f:f6:67:24:ee:c0:46:52:3c:03:30:b0:79:07:fd:
                    2b:da:88:9e:d9:21:cd:fd:d4:f4:d8:68:8f:5c:55:
                    6f:ff:7f:32:2b:e4:36:34:84:2c:b3:73:45:d0:27:
                    74:e9:a7:50:c5:49:48:24:69:f8:3a:53:1f:51:6a:
                    2f:4f:18:a9:76:e5:70:bd:c8:d9:b1:35:a5:dd:b7:
                    84:c3:3c:54:e2:26:eb:f0:cd:93:d4:dc:e4:87:4b:
                    b7:b1:82:1e:58:83:dd:5c:83:fd:6c:df:cd:0f:62:
                    d4:08:dc:be:ef:ef:9e:94:ee:82:18:bf:31:c2:1d:
                    24:66:9b:0f:57:88:8e:a5:38:b7:e4:d9:ab:f6:f9:
                    94:9c:d3:52:fe:6e:75:ed:98:90:59:3d:68:4d:7f:
                    6b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7E:FB:C6:DD:5D:19:F1:62:36:46:FF:A0:A8:AC:36:5A:29:2F:E9
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/JH77xt1dGfFiNkb_oKisNlopL-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:89:c1:cb:27:d6:98:87:f3:58:c4:c4:65:f5:98:75:29:01:
         ed:d5:d6:06:4c:72:f9:76:b2:67:c2:f1:06:47:df:f4:0e:99:
         2b:a3:2b:06:7c:aa:a3:f0:a5:80:e1:69:a4:3e:47:cb:90:d2:
         8e:34:97:38:bd:34:58:3f:0e:eb:9a:2e:b8:cd:b4:bd:74:e8:
         1b:2c:c2:ca:e4:34:e5:22:2f:b4:f8:0a:a3:41:81:23:1e:a2:
         5e:76:ec:b1:71:dc:d0:4a:dc:5a:58:b0:71:a3:e3:11:3a:24:
         82:7f:0f:31:61:0e:fe:11:d4:e4:b7:55:f4:c4:b4:04:e8:1c:
         cb:08:ed:12:3a:a8:eb:6e:4c:01:7c:bd:ce:0a:3d:94:7f:bd:
         2a:bb:f6:cc:61:78:78:68:bf:42:72:12:8a:74:db:94:3c:15:
         cd:38:d7:9f:9b:1a:54:fd:15:e4:ff:12:dd:66:93:d7:52:b7:
         08:21:79:0f:b9:e6:69:c7:7a:6f:84:fb:04:a1:8a:b3:b7:e9:
         e2:47:44:c4:d9:e5:71:f2:cd:fb:1f:fe:21:7f:9d:4d:e1:df:
         f6:4d:d7:6f:de:ac:8b:ff:31:ca:be:9c:f5:8d:ca:20:bf:6c:
         cd:ff:36:61:98:9f:ce:7b:ce:12:6e:f4:8f:43:25:c4:b7:29:
         76:8d:ad:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIDyJK1RhvQK+nsbCHe5D2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTE4MDYxODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdlZmJjNmRkNWQxOWYxNjIzNjQ2ZmZhMGE4YWMzNjVhMjkyZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo0D25CDXvyZABavZEwu66kQoz6v
NAns3p52psC8BBSeW5pqT8L+gBNZCRt6tUmUJZNearI9OE2L0IK5gylvF6f6uMig
pgXcJkAg5k5WpFcmExuGHdXtEbQqfBR6tBrK+VBhZM25RBp/9mck7sBGUjwDMLB5
B/0r2oie2SHN/dT02GiPXFVv/38yK+Q2NIQss3NF0Cd06adQxUlIJGn4OlMfUWov
TxipduVwvcjZsTWl3beEwzxU4ibr8M2T1Nzkh0u3sYIeWIPdXIP9bN/ND2LUCNy+
7++elO6CGL8xwh0kZpsPV4iOpTi35Nmr9vmUnNNS/m517ZiQWT1oTX9r/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCR++8bdXRnxYjZG/6CorDZaKS/pMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSkg3N3h0MWRHZkZpTmtiX29LaXNObG9wTC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzmuMA0G
CSqGSIb3DQEBCwUAA4IBAQCXicHLJ9aYh/NYxMRl9Zh1KQHt1dYGTHL5drJnwvEG
R9/0DpkroysGfKqj8KWA4WmkPkfLkNKONJc4vTRYPw7rmi64zbS9dOgbLMLK5DTl
Ii+0+AqjQYEjHqJeduyxcdzQStxaWLBxo+MROiSCfw8xYQ7+EdTkt1X0xLQE6BzL
CO0SOqjrbkwBfL3OCj2Uf70qu/bMYXh4aL9CchKKdNuUPBXNONefmxpU/RXk/xLd
ZpPXUrcIIXkPueZpx3pvhPsEoYqzt+niR0TE2eVx8s37H/4hf51N4d/2Tddv3qyL
/zHKvpz1jcogv2zN/zZhmJ/Oe84SbvSPQyXEtyl2ja2a
-----END CERTIFICATE-----