Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QjB8nMElvVaKNhO7TTdnlteF6Hk.roa
File:                     QjB8nMElvVaKNhO7TTdnlteF6Hk.roa (raw, json)
Hash identifier:          GoumLEg7bLshS4HdjaxeuLpwuDdidUNsxf/MHr+m2sI=
Subject key identifier:   42:30:7C:9C:C1:25:BD:56:8A:36:13:BB:4D:37:67:96:D7:85:E8:79
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019460C419280B76AB02458BC9E99D08E494
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QjB8nMElvVaKNhO7TTdnlteF6Hk.roa
Signing time:             Mon 13 Jan 2025 17:44:11 +0000
ROA not before:           Mon 13 Jan 2025 17:44:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198831
IP address blocks:        31.59.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:c4:19:28:0b:76:ab:02:45:8b:c9:e9:9d:08:e4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 13 17:44:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42307c9cc125bd568a3613bb4d376796d785e879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:40:6c:c5:34:b3:24:91:6a:a8:d5:01:4a:a6:
                    8a:1b:8b:9e:e8:bd:a8:53:81:9e:23:e5:ea:ac:ae:
                    1e:cb:a0:a0:38:4b:35:b8:f3:a9:1c:f0:e1:34:57:
                    1c:da:ea:b6:66:8b:ed:af:3b:c9:56:9f:e1:55:81:
                    87:8b:db:28:9b:d2:6e:e1:82:52:4a:12:ff:88:cc:
                    04:7e:43:50:b1:4d:f1:6a:d4:f2:e9:1f:74:d4:d1:
                    e4:7c:72:1d:84:45:02:89:08:34:45:e1:2e:b7:8f:
                    60:de:15:33:22:52:89:fc:89:02:83:4f:09:32:ea:
                    27:dd:46:5f:f9:cd:82:cc:d1:4a:c8:46:42:3c:8b:
                    7d:aa:cb:41:11:67:c2:da:dd:d7:15:09:25:f6:52:
                    bc:8d:04:30:40:9b:c7:f8:65:11:dc:65:48:73:77:
                    18:bd:0d:6f:da:9b:a0:8a:0b:05:03:19:b6:67:89:
                    6c:28:59:ab:3b:7b:6d:a5:7c:06:e0:37:24:ce:1a:
                    1f:87:7f:7b:4a:73:4c:3e:f4:69:0c:9a:f1:e2:8f:
                    0d:7f:d3:6c:ef:05:3a:56:da:4f:57:57:17:67:83:
                    7e:70:fa:b6:a7:66:6d:31:b7:81:04:ad:07:87:3f:
                    e2:97:f4:26:e3:99:a3:74:93:f3:7e:56:a1:44:14:
                    69:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:30:7C:9C:C1:25:BD:56:8A:36:13:BB:4D:37:67:96:D7:85:E8:79
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QjB8nMElvVaKNhO7TTdnlteF6Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:fa:54:a7:76:ae:cb:fd:be:d3:33:78:a0:fb:54:98:c6:d1:
         3a:ac:b0:02:4c:2b:08:9e:62:55:f0:86:bb:ca:e7:a6:68:4a:
         6e:47:32:a0:8a:6f:5e:df:aa:bd:6b:dd:fa:e5:97:99:c9:8f:
         9a:72:c7:ea:94:72:70:f8:5c:1f:40:a1:99:21:a7:71:f5:2b:
         c5:25:e5:8f:e9:bf:f7:cb:96:25:cb:92:2d:90:d7:37:44:57:
         3a:9f:c1:7c:65:0b:aa:28:87:23:10:a6:d8:6e:29:06:3d:e1:
         a6:79:f3:1d:d3:5a:9f:74:6f:62:94:ad:54:a0:23:82:b7:b7:
         8c:69:63:88:af:75:32:06:70:a3:ca:8b:cc:87:f0:39:40:95:
         f7:6e:ac:01:37:7c:81:d9:7a:80:56:86:09:94:63:ca:d6:24:
         d5:4f:1f:bb:62:ab:d4:cf:e7:99:9b:b5:a8:4c:d2:38:14:20:
         d2:10:d7:3b:07:85:70:63:22:4e:8d:a3:fc:f2:91:5d:bd:af:
         26:62:d4:eb:87:ef:5b:55:8e:2a:57:d6:da:e7:3c:e1:7c:e4:
         d0:ff:ed:b7:a1:af:28:d0:8d:21:73:e1:2d:f8:47:26:6a:36:
         bc:71:2d:2a:ec:62:72:59:5c:6b:8b:3c:9d:ef:56:d9:e4:b2:
         5d:fc:a0:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRgxBkoC3arAkWLyemdCOSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTEzMTc0NDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjMwN2M5Y2MxMjViZDU2OGEzNjEzYmI0ZDM3Njc5NmQ3ODVlODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0BsxTSzJJFqqNUBSqaKG4ue6L2o
U4GeI+XqrK4ey6CgOEs1uPOpHPDhNFcc2uq2ZovtrzvJVp/hVYGHi9som9Ju4YJS
ShL/iMwEfkNQsU3xatTy6R901NHkfHIdhEUCiQg0ReEut49g3hUzIlKJ/IkCg08J
Muon3UZf+c2CzNFKyEZCPIt9qstBEWfC2t3XFQkl9lK8jQQwQJvH+GUR3GVIc3cY
vQ1v2pugigsFAxm2Z4lsKFmrO3ttpXwG4Dckzhofh397SnNMPvRpDJrx4o8Nf9Ns
7wU6VtpPV1cXZ4N+cPq2p2ZtMbeBBK0Hhz/il/Qm45mjdJPzflahRBRp0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIwfJzBJb1WijYTu003Z5bXheh5MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUWpCOG5NRWx2VmFLTmhPN1RUZG5sdGVGNkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzv0MA0G
CSqGSIb3DQEBCwUAA4IBAQCM+lSndq7L/b7TM3ig+1SYxtE6rLACTCsInmJV8Ia7
yuemaEpuRzKgim9e36q9a9365ZeZyY+acsfqlHJw+FwfQKGZIadx9SvFJeWP6b/3
y5Yly5ItkNc3RFc6n8F8ZQuqKIcjEKbYbikGPeGmefMd01qfdG9ilK1UoCOCt7eM
aWOIr3UyBnCjyovMh/A5QJX3bqwBN3yB2XqAVoYJlGPK1iTVTx+7YqvUz+eZm7Wo
TNI4FCDSENc7B4VwYyJOjaP88pFdva8mYtTrh+9bVY4qV9ba5zzhfOTQ/+23oa8o
0I0hc+Et+Ecmaja8cS0q7GJyWVxrizyd71bZ5LJd/KAZ
-----END CERTIFICATE-----