Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KqArNxu8AYe0LbK3BiWPmcRb028.roa
File:                     KqArNxu8AYe0LbK3BiWPmcRb028.roa (raw, json)
Hash identifier:          OG139/6vmgcaWBm56NSzfR+W46zLKoW2uEYFcb+++do=
Subject key identifier:   2A:A0:2B:37:1B:BC:01:87:B4:2D:B2:B7:06:25:8F:99:C4:5B:D3:6F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019267075DD0E3CA2B7A96F44F03E2BB0611
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KqArNxu8AYe0LbK3BiWPmcRb028.roa
Signing time:             Mon 07 Oct 2024 12:49:48 +0000
ROA not before:           Mon 07 Oct 2024 12:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265005
IP address blocks:        31.56.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:67:07:5d:d0:e3:ca:2b:7a:96:f4:4f:03:e2:bb:06:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  7 12:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa02b371bbc0187b42db2b706258f99c45bd36f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:66:ea:6f:a8:d0:72:3e:33:37:59:be:f9:cb:
                    96:53:74:25:b1:cf:78:9f:10:52:fa:13:32:19:36:
                    6d:52:db:c6:db:6e:ce:97:ed:73:ab:38:b0:d5:5c:
                    87:e8:89:b7:45:e1:b0:04:65:64:20:18:ce:ec:9a:
                    8a:1a:88:49:6d:7a:27:7d:4f:21:f4:d7:07:c2:fb:
                    3c:2a:86:57:d9:d1:8b:04:c9:1e:08:d6:81:76:87:
                    15:52:fa:f9:85:bf:2e:47:d6:b0:56:b8:06:1a:f4:
                    54:87:02:30:2c:0f:36:7a:94:c5:54:ca:c4:71:a3:
                    cf:5a:b8:cc:09:df:aa:96:16:65:e5:8c:09:ba:eb:
                    d1:46:75:f5:62:80:72:ff:6a:a2:f0:39:1b:38:ea:
                    47:02:9a:10:10:a9:87:6e:73:29:8c:96:30:62:d1:
                    7a:06:3e:d6:b2:db:4c:2b:bf:f0:e6:d9:d1:18:e7:
                    32:25:86:58:91:a2:d0:8f:e1:2c:c7:a9:68:9a:3b:
                    bf:71:7c:a7:39:69:f6:37:10:4e:41:b6:95:7e:43:
                    e4:d3:53:b4:60:60:bd:96:33:fd:b1:a6:a4:0c:c9:
                    d1:68:f2:80:c5:91:d4:43:1c:d0:20:45:00:6e:b1:
                    c2:f4:5d:59:cc:f9:12:34:c0:21:14:f3:e5:1f:0f:
                    2a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A0:2B:37:1B:BC:01:87:B4:2D:B2:B7:06:25:8F:99:C4:5B:D3:6F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KqArNxu8AYe0LbK3BiWPmcRb028.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:2d:c2:79:ee:59:e0:5c:95:bc:52:98:4b:6d:14:67:fc:88:
         a4:0a:e6:a4:a2:1d:12:cb:10:c1:50:a5:a8:b5:e8:33:6d:07:
         8c:af:52:1a:c5:d1:c2:d3:5d:8b:8c:eb:79:7e:4d:03:78:4b:
         66:08:58:ae:7f:24:73:3a:9a:8c:76:f1:e0:eb:82:c3:a0:29:
         99:e8:ac:7d:28:26:59:cf:37:c0:89:9d:70:8c:11:8e:06:6e:
         c1:54:33:4b:4d:96:82:56:c7:fb:bc:af:18:9e:e7:d5:3f:2f:
         f7:91:16:40:38:a1:9a:7c:b6:c2:4d:e2:a8:0d:45:95:e3:5b:
         4c:b3:1f:78:d3:7e:45:6f:7c:05:2a:8c:8c:ca:93:7b:f2:cf:
         fb:d8:8e:09:14:47:31:43:29:f0:40:bf:cb:e5:d1:f1:1d:30:
         8b:09:44:58:8d:5f:4b:ae:a3:ee:28:98:7f:74:a3:65:16:b0:
         20:e1:18:76:71:ef:9e:a0:ce:16:8d:0d:ac:03:fb:6e:38:79:
         13:c5:af:55:7a:52:27:a1:04:d1:b0:c2:85:c7:b0:ba:da:fd:
         c9:4a:ea:94:6f:77:04:e3:23:59:d1:ae:a1:78:8a:41:e1:8e:
         88:cd:7a:f2:d0:c6:91:e4:d8:83:61:ef:1f:91:94:52:bb:69:
         e9:ab:7e:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJnB13Q48orepb0TwPiuwYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDA3MTI0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWEwMmIzNzFiYmMwMTg3YjQyZGIyYjcwNjI1OGY5OWM0NWJkMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGbqb6jQcj4zN1m++cuWU3Qlsc94
nxBS+hMyGTZtUtvG227Ol+1zqziw1VyH6Im3ReGwBGVkIBjO7JqKGohJbXonfU8h
9NcHwvs8KoZX2dGLBMkeCNaBdocVUvr5hb8uR9awVrgGGvRUhwIwLA82epTFVMrE
caPPWrjMCd+qlhZl5YwJuuvRRnX1YoBy/2qi8DkbOOpHApoQEKmHbnMpjJYwYtF6
Bj7WsttMK7/w5tnRGOcyJYZYkaLQj+Esx6lomju/cXynOWn2NxBOQbaVfkPk01O0
YGC9ljP9saakDMnRaPKAxZHUQxzQIEUAbrHC9F1ZzPkSNMAhFPPlHw8qpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqgKzcbvAGHtC2ytwYlj5nEW9NvMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS3FBck54dThBWWUwTGJLM0JpV1BtY1JiMDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgCMA0G
CSqGSIb3DQEBCwUAA4IBAQAeLcJ57lngXJW8UphLbRRn/IikCuakoh0SyxDBUKWo
tegzbQeMr1IaxdHC012LjOt5fk0DeEtmCFiufyRzOpqMdvHg64LDoCmZ6Kx9KCZZ
zzfAiZ1wjBGOBm7BVDNLTZaCVsf7vK8YnufVPy/3kRZAOKGafLbCTeKoDUWV41tM
sx94035Fb3wFKoyMypN78s/72I4JFEcxQynwQL/L5dHxHTCLCURYjV9LrqPuKJh/
dKNlFrAg4Rh2ce+eoM4WjQ2sA/tuOHkTxa9VelInoQTRsMKFx7C62v3JSuqUb3cE
4yNZ0a6heIpB4Y6IzXry0MaR5NiDYe8fkZRSu2npq36s
-----END CERTIFICATE-----