Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N5RyPxrcG-TJiLCQCft53rtsvZw.roa
File:                     N5RyPxrcG-TJiLCQCft53rtsvZw.roa (raw, json)
Hash identifier:          u7xmRsAcNff+39KqB9aZdx0N8n3gSmMelvwLXiBjjDM=
Subject key identifier:   37:94:72:3F:1A:DC:1B:E4:C9:88:B0:90:09:FB:79:DE:BB:6C:BD:9C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282358D2DF6FEBF37CB467501D212E45
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N5RyPxrcG-TJiLCQCft53rtsvZw.roa
Signing time:             Thu 02 Jan 2025 17:49:52 +0000
ROA not before:           Thu 02 Jan 2025 17:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150770
IP address blocks:        31.56.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:58:d2:df:6f:eb:f3:7c:b4:67:50:1d:21:2e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3794723f1adc1be4c988b09009fb79debb6cbd9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0a:91:d5:f7:7a:ac:6d:1e:dc:67:b3:d1:b7:
                    37:ca:04:e4:1f:19:59:a1:64:4a:97:c0:8b:8e:c7:
                    0a:24:30:63:51:21:78:3a:4d:57:05:e4:60:16:63:
                    d8:ec:b0:c9:4e:22:9a:73:82:eb:68:22:ce:86:19:
                    c4:be:89:11:7b:c8:a2:83:75:ed:88:66:b2:db:4c:
                    05:49:0d:c7:2b:e3:aa:c8:ec:67:ba:e6:c3:ca:a1:
                    55:a2:0a:10:70:c1:31:38:8b:98:da:1c:25:cd:6a:
                    57:a8:ea:d9:ca:1c:ed:54:13:92:d3:12:05:d1:9e:
                    ae:b4:74:86:6a:6a:d7:c1:ff:18:7d:51:41:98:ff:
                    10:f5:7e:cb:2b:a1:b2:1c:79:58:80:99:5b:61:17:
                    cf:90:48:7f:70:ff:dd:a9:b7:5f:f0:78:8a:43:1f:
                    de:c1:b2:8d:fb:af:c2:32:02:cc:c6:05:93:e0:17:
                    b1:ad:7f:6e:42:48:b0:87:98:fb:af:32:34:ee:59:
                    c7:cd:34:6e:94:39:1e:30:be:a6:e5:88:0d:f9:e2:
                    0d:11:44:12:2c:d1:e6:d5:e5:7f:be:89:f6:7e:26:
                    7e:bb:66:5f:0b:11:2f:21:fe:0a:cc:93:ad:a4:77:
                    4f:1a:01:5e:67:fb:0d:43:5e:3c:ff:3b:d1:68:6d:
                    4e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:94:72:3F:1A:DC:1B:E4:C9:88:B0:90:09:FB:79:DE:BB:6C:BD:9C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N5RyPxrcG-TJiLCQCft53rtsvZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4a:30:f5:b6:d4:7b:e6:64:da:00:3d:54:57:a0:38:9f:1f:
         4c:13:b3:26:f7:67:3f:b6:f5:cb:2d:59:7d:d3:77:56:ba:ff:
         3e:f6:b6:f7:df:6e:30:50:c1:07:0a:02:0e:e8:c3:92:5b:51:
         8d:72:b4:15:b3:08:24:e2:cb:c5:b4:4a:1c:39:6d:e5:19:ad:
         35:95:42:db:6e:03:8d:f1:77:2e:aa:08:9e:0e:b4:db:46:89:
         3e:e0:7e:5f:03:0b:f2:43:1c:8c:4d:b8:f9:0e:cf:9a:3b:72:
         a7:5f:f2:26:43:6d:a4:3d:43:9a:60:b9:89:04:5d:07:9d:26:
         38:b8:e9:38:89:73:86:18:06:04:06:81:e6:42:e4:07:c6:2d:
         2c:31:f7:ff:ae:5a:f5:91:ea:d4:f1:ab:fa:84:b6:f2:67:b6:
         c8:b1:84:8a:c9:6c:c2:de:02:5f:95:3e:29:46:10:eb:0d:df:
         95:39:2f:6b:b3:4e:f9:67:a4:11:49:ce:7c:12:ed:84:22:32:
         7b:a6:a0:94:c9:49:7e:a2:c8:bf:87:bd:d1:5f:87:b0:4f:60:
         18:c7:ef:0f:cf:93:ff:4b:91:c4:73:c6:77:8a:90:30:f8:a3:
         91:63:01:a6:dd:a0:12:36:db:3e:e6:a6:fd:b2:dc:dc:1b:49:
         53:b0:a6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1jS32/r83y0Z1AdIS5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk0NzIzZjFhZGMxYmU0Yzk4OGIwOTAwOWZiNzlkZWJiNmNiZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAqR1fd6rG0e3Gez0bc3ygTkHxlZ
oWRKl8CLjscKJDBjUSF4Ok1XBeRgFmPY7LDJTiKac4LraCLOhhnEvokRe8iig3Xt
iGay20wFSQ3HK+OqyOxnuubDyqFVogoQcMExOIuY2hwlzWpXqOrZyhztVBOS0xIF
0Z6utHSGamrXwf8YfVFBmP8Q9X7LK6GyHHlYgJlbYRfPkEh/cP/dqbdf8HiKQx/e
wbKN+6/CMgLMxgWT4BexrX9uQkiwh5j7rzI07lnHzTRulDkeML6m5YgN+eINEUQS
LNHm1eV/von2fiZ+u2ZfCxEvIf4KzJOtpHdPGgFeZ/sNQ148/zvRaG1OrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeUcj8a3BvkyYiwkAn7ed67bL2cMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTjVSeVB4cmNHLVRKaUxDUUNmdDUzcnRzdlp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzglMA0G
CSqGSIb3DQEBCwUAA4IBAQCJSjD1ttR75mTaAD1UV6A4nx9ME7Mm92c/tvXLLVl9
03dWuv8+9rb3324wUMEHCgIO6MOSW1GNcrQVswgk4svFtEocOW3lGa01lULbbgON
8XcuqgieDrTbRok+4H5fAwvyQxyMTbj5Ds+aO3KnX/ImQ22kPUOaYLmJBF0HnSY4
uOk4iXOGGAYEBoHmQuQHxi0sMff/rlr1kerU8av6hLbyZ7bIsYSKyWzC3gJflT4p
RhDrDd+VOS9rs075Z6QRSc58Eu2EIjJ7pqCUyUl+osi/h73RX4ewT2AYx+8Pz5P/
S5HEc8Z3ipAw+KORYwGm3aASNts+5qb9stzcG0lTsKaD
-----END CERTIFICATE-----