Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N86Wzy1lyRSnREaKYMXj7PVp_SM.roa
File:                     N86Wzy1lyRSnREaKYMXj7PVp_SM.roa (raw, json)
Hash identifier:          7Q58VjCmbVf6S3WaA3CmMOT1FjCglg/Y2y6UySSCUwE=
Subject key identifier:   37:CE:96:CF:2D:65:C9:14:A7:44:46:8A:60:C5:E3:EC:F5:69:FD:23
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195336309F74F85744502D7066BCB94322F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N86Wzy1lyRSnREaKYMXj7PVp_SM.roa
Signing time:             Sun 23 Feb 2025 15:18:03 +0000
ROA not before:           Sun 23 Feb 2025 15:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216022
IP address blocks:        31.56.241.0/24 maxlen: 24
                          31.57.40.0/24 maxlen: 24
                          31.57.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:33:63:09:f7:4f:85:74:45:02:d7:06:6b:cb:94:32:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 23 15:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37ce96cf2d65c914a744468a60c5e3ecf569fd23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4a:d4:4b:b2:64:c5:54:58:aa:ca:f5:ba:ff:
                    0b:eb:f9:97:89:44:e1:0f:ce:fc:84:59:bc:c0:7a:
                    d4:24:92:65:a1:c4:ea:60:c3:7a:b1:d9:ec:ff:97:
                    2f:b4:43:30:d2:6c:f7:73:75:1c:e6:f8:70:b9:ca:
                    c9:da:6f:0e:41:16:df:39:74:75:27:e1:b8:d2:6d:
                    e6:cd:67:54:a3:23:7c:35:9c:31:5c:c9:44:75:7f:
                    0e:0c:5b:6a:c7:a3:c6:dd:2f:74:1a:82:a8:9c:ab:
                    7b:eb:02:f9:1f:a5:58:ee:91:e0:e3:b4:13:8f:e3:
                    8d:db:7d:06:8c:eb:ac:09:e9:59:c9:06:c6:21:eb:
                    8b:00:6c:fd:cf:c4:a1:cf:7a:48:bf:38:27:e4:cd:
                    06:da:72:ab:8c:cf:f5:c2:ec:a4:16:9d:39:29:bb:
                    f7:d8:3b:26:07:5a:29:7f:4f:e8:e7:60:23:45:87:
                    d0:c7:89:3f:00:d6:97:7c:21:ee:0f:b8:e3:94:54:
                    e4:17:6c:11:68:85:90:88:e6:7d:ee:99:eb:9a:97:
                    5b:34:a8:b9:af:27:d8:2b:23:eb:77:3f:7b:4d:17:
                    08:6e:9c:86:0c:b9:2a:82:20:fe:61:a2:cb:06:58:
                    9a:ba:9d:aa:34:f8:a4:e4:ad:3b:cf:44:56:84:2c:
                    2b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:CE:96:CF:2D:65:C9:14:A7:44:46:8A:60:C5:E3:EC:F5:69:FD:23
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/N86Wzy1lyRSnREaKYMXj7PVp_SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.241.0/24
                  31.57.40.0/24
                  31.57.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:f3:36:9e:38:cf:6c:63:2c:b1:1b:e8:4f:3d:18:cf:37:99:
         27:88:ec:96:0a:3d:78:8d:c1:64:a6:d4:97:90:02:bb:dd:fc:
         db:f2:b4:ea:05:17:2e:8f:cd:2a:44:b9:60:34:3d:62:00:0d:
         cb:6a:b7:ee:a4:fc:48:80:7a:03:34:13:a4:68:b0:24:84:57:
         f0:1d:41:91:85:34:79:8b:fd:35:01:de:ee:f2:c7:c7:aa:f4:
         6f:7a:23:41:49:5a:c3:96:49:a3:dc:0f:b8:a4:65:b5:9b:2a:
         c2:07:d8:0d:05:4b:89:d4:ce:3a:1b:39:7f:34:ae:c8:1a:6f:
         0e:52:db:ed:cd:88:5a:5e:f3:cc:b3:c1:61:62:87:da:56:6a:
         4d:84:d1:07:f8:83:5a:66:83:6c:16:8f:ad:47:7b:54:19:c6:
         09:d8:e4:c7:64:7a:bc:0b:62:b6:99:ba:c6:57:e6:cc:ac:f8:
         b7:29:35:f2:2b:7c:52:e5:a0:cd:90:83:93:4e:32:c3:f9:ad:
         f5:22:e2:91:d3:59:f6:26:b5:0c:6d:40:d1:b1:8b:6f:68:c0:
         e2:c2:21:1b:43:79:ef:4d:52:37:4a:b7:f8:84:6a:42:36:27:
         cd:38:c4:48:09:ed:cf:5b:3e:15:eb:a7:0b:58:eb:5a:59:c9:
         54:5a:1e:b0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUzYwn3T4V0RQLXBmvLlDIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMjIzMTUxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2NlOTZjZjJkNjVjOTE0YTc0NDQ2OGE2MGM1ZTNlY2Y1NjlmZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxErUS7JkxVRYqsr1uv8L6/mXiUTh
D878hFm8wHrUJJJlocTqYMN6sdns/5cvtEMw0mz3c3Uc5vhwucrJ2m8OQRbfOXR1
J+G40m3mzWdUoyN8NZwxXMlEdX8ODFtqx6PG3S90GoKonKt76wL5H6VY7pHg47QT
j+ON230GjOusCelZyQbGIeuLAGz9z8Shz3pIvzgn5M0G2nKrjM/1wuykFp05Kbv3
2DsmB1opf0/o52AjRYfQx4k/ANaXfCHuD7jjlFTkF2wRaIWQiOZ97pnrmpdbNKi5
ryfYKyPrdz97TRcIbpyGDLkqgiD+YaLLBliaup2qNPik5K07z0RWhCwrawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDfOls8tZckUp0RGimDF4+z1af0jMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTjg2V3p5MWx5UlNuUkVhS1lNWGo3UFZwX1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjxAwQA
HzkoAwQAHzn0MA0GCSqGSIb3DQEBCwUAA4IBAQCn8zaeOM9sYyyxG+hPPRjPN5kn
iOyWCj14jcFkptSXkAK73fzb8rTqBRcuj80qRLlgND1iAA3LarfupPxIgHoDNBOk
aLAkhFfwHUGRhTR5i/01Ad7u8sfHqvRveiNBSVrDlkmj3A+4pGW1myrCB9gNBUuJ
1M46Gzl/NK7IGm8OUtvtzYhaXvPMs8FhYofaVmpNhNEH+INaZoNsFo+tR3tUGcYJ
2OTHZHq8C2K2mbrGV+bMrPi3KTXyK3xS5aDNkIOTTjLD+a31IuKR01n2JrUMbUDR
sYtvaMDiwiEbQ3nvTVI3Srf4hGpCNifNOMRICe3PWz4V66cLWOtaWclUWh6w
-----END CERTIFICATE-----