Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoQHG45KBTi5aRxeKj7vPLghBjE.roa
File:                     LoQHG45KBTi5aRxeKj7vPLghBjE.roa (raw, json)
Hash identifier:          bapidb+K4wxlhwcNJ37ip/aQ2BtCuEXbxFTnK4TKMzE=
Subject key identifier:   2E:84:07:1B:8E:4A:05:38:B9:69:1C:5E:2A:3E:EF:3C:B8:21:06:31
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234057DCA46EFCFD278633A9F5FDFD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoQHG45KBTi5aRxeKj7vPLghBjE.roa
Signing time:             Thu 02 Jan 2025 17:49:46 +0000
ROA not before:           Thu 02 Jan 2025 17:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        31.59.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:40:57:dc:a4:6e:fc:fd:27:86:33:a9:f5:fd:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e84071b8e4a0538b9691c5e2a3eef3cb8210631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:1c:09:5f:c8:5f:19:fd:27:9a:a2:3d:47:3e:
                    95:f4:88:d7:aa:71:0c:54:3b:ca:85:6a:6e:25:85:
                    46:2d:75:7d:a6:0f:04:a8:d7:5e:e5:21:b5:49:ce:
                    29:92:e1:a3:6a:ea:2d:08:16:39:82:13:ce:f7:ca:
                    42:1c:c2:74:d3:ee:d6:ec:27:e0:d2:31:1a:4b:fd:
                    15:bb:b2:f2:73:37:a5:98:25:a9:fe:37:b7:65:dd:
                    52:b1:8d:f3:45:db:32:b7:a2:3f:fd:79:45:0f:81:
                    2f:09:2a:6a:fa:b8:e0:ff:c2:8d:7d:b3:ed:71:2a:
                    ac:b5:aa:f3:0f:ff:eb:03:3e:eb:a1:c2:6a:f8:20:
                    89:c7:07:ef:2f:fa:f1:a4:ed:29:ae:bc:42:70:24:
                    ad:aa:2a:6d:59:ad:ed:8f:34:86:59:90:d2:42:99:
                    02:52:65:c4:8d:72:c6:70:6c:a8:58:4a:a9:28:6b:
                    bf:b5:cb:3d:e1:8a:16:ca:df:b8:2d:43:59:ea:97:
                    e5:83:aa:d7:3e:70:43:9f:b9:6d:cc:f0:d7:ef:78:
                    e2:40:65:6c:03:37:bd:09:0c:e1:e7:e3:52:cc:ec:
                    b8:fa:fc:60:ed:26:e1:70:31:2b:99:e3:2d:0e:10:
                    66:cb:a1:68:72:7a:83:d7:1c:4b:a1:4c:e4:01:b1:
                    42:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:84:07:1B:8E:4A:05:38:B9:69:1C:5E:2A:3E:EF:3C:B8:21:06:31
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LoQHG45KBTi5aRxeKj7vPLghBjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:4d:2b:ec:57:51:7e:96:3a:18:e7:7e:5a:81:4c:39:63:5b:
         ae:b4:1f:e2:f7:02:42:a3:b5:a5:95:70:2c:5e:65:a8:8b:0d:
         9e:bd:94:36:80:a2:bd:3b:ca:6a:04:8b:7e:30:02:37:e9:cd:
         fe:70:43:f6:5d:77:1c:2c:b1:95:71:c3:06:f4:6c:6b:74:0d:
         db:c0:6c:ff:8f:ea:c5:9f:b1:3b:34:98:4f:fa:63:65:f3:c0:
         74:8b:f4:37:22:b7:e0:d9:75:3b:cf:e0:cb:85:f5:a4:26:ad:
         49:e8:83:39:5c:75:5d:e4:f2:3a:7d:c9:3c:61:c0:5b:ca:73:
         f8:4e:89:12:4a:a4:d1:a2:f0:13:f3:c1:f5:ee:02:f3:69:e2:
         ca:c1:c1:1e:d3:43:ec:be:61:b9:38:74:c9:f4:c1:71:69:50:
         af:33:03:f1:df:c6:99:80:84:f4:1e:31:be:f6:40:00:63:e2:
         cf:42:63:cf:b2:70:58:7a:be:9d:56:38:96:0e:a6:27:69:bb:
         67:26:78:c2:6b:26:67:e6:54:d9:96:f7:e5:d4:ee:b7:da:76:
         fd:0c:26:21:97:63:0e:cf:c5:f2:5a:1b:e1:ef:38:95:de:70:
         53:17:ca:3b:d1:62:9e:28:98:50:cc:10:6c:4f:02:6f:c7:c7:
         6e:b1:79:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0BX3KRu/P0nhjOp9f39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTg0MDcxYjhlNGEwNTM4Yjk2OTFjNWUyYTNlZWYzY2I4MjEwNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hwJX8hfGf0nmqI9Rz6V9IjXqnEM
VDvKhWpuJYVGLXV9pg8EqNde5SG1Sc4pkuGjauotCBY5ghPO98pCHMJ00+7W7Cfg
0jEaS/0Vu7LyczelmCWp/je3Zd1SsY3zRdsyt6I//XlFD4EvCSpq+rjg/8KNfbPt
cSqstarzD//rAz7rocJq+CCJxwfvL/rxpO0prrxCcCStqiptWa3tjzSGWZDSQpkC
UmXEjXLGcGyoWEqpKGu/tcs94YoWyt+4LUNZ6pflg6rXPnBDn7ltzPDX73jiQGVs
Aze9CQzh5+NSzOy4+vxg7SbhcDErmeMtDhBmy6FocnqD1xxLoUzkAbFCOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6EBxuOSgU4uWkcXio+7zy4IQYxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTG9RSEc0NUtCVGk1YVJ4ZUtqN3ZQTGdoQmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzsoMA0G
CSqGSIb3DQEBCwUAA4IBAQA3TSvsV1F+ljoY535agUw5Y1uutB/i9wJCo7WllXAs
XmWoiw2evZQ2gKK9O8pqBIt+MAI36c3+cEP2XXccLLGVccMG9GxrdA3bwGz/j+rF
n7E7NJhP+mNl88B0i/Q3Irfg2XU7z+DLhfWkJq1J6IM5XHVd5PI6fck8YcBbynP4
TokSSqTRovAT88H17gLzaeLKwcEe00PsvmG5OHTJ9MFxaVCvMwPx38aZgIT0HjG+
9kAAY+LPQmPPsnBYer6dVjiWDqYnabtnJnjCayZn5lTZlvfl1O632nb9DCYhl2MO
z8XyWhvh7ziV3nBTF8o70WKeKJhQzBBsTwJvx8dusXkd
-----END CERTIFICATE-----