Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Nbf6-m7KaN04z-wVFZ41AMOqM3A.roa
File:                     Nbf6-m7KaN04z-wVFZ41AMOqM3A.roa (raw, json)
Hash identifier:          q60DbMhrZk5o3Q9aNE0aA4IULdFZEE+dwVf9JLXMYR0=
Subject key identifier:   35:B7:FA:FA:6E:CA:68:DD:38:CF:EC:15:15:9E:35:00:C3:AA:33:70
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282388C6C758D330759391F15AC9F832
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Nbf6-m7KaN04z-wVFZ41AMOqM3A.roa
Signing time:             Thu 02 Jan 2025 17:50:04 +0000
ROA not before:           Thu 02 Jan 2025 17:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        31.57.246.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:88:c6:c7:58:d3:30:75:93:91:f1:5a:c9:f8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35b7fafa6eca68dd38cfec15159e3500c3aa3370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:db:81:eb:c8:04:c2:30:fa:f5:3e:20:07:04:
                    06:4b:4f:6d:b3:66:be:39:0a:75:e3:44:ee:b0:10:
                    cd:76:d7:a8:de:bd:f8:0e:21:4d:bb:5f:ba:e7:2a:
                    95:4c:8f:e1:5a:7f:c8:48:ee:37:1f:47:b4:47:13:
                    5e:18:72:80:cd:b8:36:89:aa:e1:42:aa:e0:f9:be:
                    a5:e7:2d:10:7b:e2:7a:8b:6d:52:e9:6b:81:e0:74:
                    ac:e0:e5:f1:e0:52:ae:cb:c3:36:e5:41:0a:9d:bc:
                    66:10:89:82:e8:a6:a7:79:b3:ae:bb:43:7e:6b:b1:
                    fc:4e:34:ff:53:88:37:fe:f8:82:df:dd:50:d8:66:
                    38:5e:21:a4:d2:35:a6:a7:08:3a:16:f5:b2:3c:20:
                    99:b0:db:59:6a:54:b9:10:78:91:b0:d1:36:28:42:
                    22:9b:30:44:9c:22:64:8e:7c:0c:f5:15:fc:a8:98:
                    57:de:e2:05:4c:15:5e:82:46:1d:9d:f7:25:43:ad:
                    03:ae:fc:a0:72:f2:3d:13:47:ef:1e:35:8d:8d:4f:
                    c1:c6:87:b7:37:c1:a8:1b:ae:8d:0a:12:8d:ab:ad:
                    8c:83:9f:4f:66:f4:38:a4:fb:c4:a8:3b:2d:b0:54:
                    02:10:50:03:1d:ca:73:3a:36:09:6c:3c:9d:0a:6a:
                    41:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B7:FA:FA:6E:CA:68:DD:38:CF:EC:15:15:9E:35:00:C3:AA:33:70
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Nbf6-m7KaN04z-wVFZ41AMOqM3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:c4:59:c1:aa:07:4d:e1:ef:bc:4b:2b:ce:7f:df:95:05:48:
         68:ec:fa:b9:ec:24:5b:55:b8:db:c8:5e:c4:ba:60:e3:1e:87:
         66:96:1c:ae:56:ad:51:33:bf:de:4c:51:4d:e3:c6:be:9a:0c:
         84:6b:0b:3e:e1:da:01:e1:25:40:78:58:6e:89:ab:e1:f1:ec:
         fa:8f:f9:ab:f1:e2:55:50:8c:24:a7:55:79:f9:17:b7:20:e9:
         b4:25:ee:2c:7c:ca:02:bf:58:4f:4b:30:dc:83:8f:4b:ba:7c:
         9e:5e:84:61:8c:5e:1e:8a:2f:19:f3:d8:87:b1:58:39:dc:96:
         76:12:b4:d1:46:7b:6c:1a:ab:d7:ba:ab:e0:32:fc:2a:85:3e:
         3c:27:32:8a:09:c3:05:09:5e:76:a5:3b:e0:a5:89:d8:58:b6:
         c2:37:29:9d:75:9d:a8:90:b2:85:40:05:43:b0:bc:0c:ee:19:
         e4:e6:51:4d:87:c8:17:99:a3:2e:55:57:9e:ee:2f:29:fb:20:
         6d:52:9f:2c:bf:02:e9:6b:df:62:32:25:63:28:5f:bb:bf:32:
         04:8c:33:0b:15:70:41:9f:6c:f8:ee:09:3f:39:bd:c2:60:df:
         73:39:f9:78:e5:da:90:13:e3:40:09:a7:86:dc:c5:10:ae:e1:
         0c:42:31:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4jGx1jTMHWTkfFayfgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI3ZmFmYTZlY2E2OGRkMzhjZmVjMTUxNTllMzUwMGMzYWEzMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9uB68gEwjD69T4gBwQGS09ts2a+
OQp140TusBDNdteo3r34DiFNu1+65yqVTI/hWn/ISO43H0e0RxNeGHKAzbg2iarh
Qqrg+b6l5y0Qe+J6i21S6WuB4HSs4OXx4FKuy8M25UEKnbxmEImC6KanebOuu0N+
a7H8TjT/U4g3/viC391Q2GY4XiGk0jWmpwg6FvWyPCCZsNtZalS5EHiRsNE2KEIi
mzBEnCJkjnwM9RX8qJhX3uIFTBVegkYdnfclQ60DrvygcvI9E0fvHjWNjU/Bxoe3
N8GoG66NChKNq62Mg59PZvQ4pPvEqDstsFQCEFADHcpzOjYJbDydCmpBRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW3+vpuymjdOM/sFRWeNQDDqjNwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTmJmNi1tN0thTjA0ei13VkZaNDFBTU9xTTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzn2MA0G
CSqGSIb3DQEBCwUAA4IBAQAnxFnBqgdN4e+8SyvOf9+VBUho7Pq57CRbVbjbyF7E
umDjHodmlhyuVq1RM7/eTFFN48a+mgyEaws+4doB4SVAeFhuiavh8ez6j/mr8eJV
UIwkp1V5+Re3IOm0Je4sfMoCv1hPSzDcg49LunyeXoRhjF4eii8Z89iHsVg53JZ2
ErTRRntsGqvXuqvgMvwqhT48JzKKCcMFCV52pTvgpYnYWLbCNymddZ2okLKFQAVD
sLwM7hnk5lFNh8gXmaMuVVee7i8p+yBtUp8svwLpa99iMiVjKF+7vzIEjDMLFXBB
n2z47gk/Ob3CYN9zOfl45dqQE+NACaeG3MUQruEMQjE9
-----END CERTIFICATE-----