Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qp_x67nDg2ltsMdG2wDb7d8s-5o.roa
File:                     Qp_x67nDg2ltsMdG2wDb7d8s-5o.roa (raw, json)
Hash identifier:          YcqoxQLAaScqGX8Rv3UeEJW44O5K70GZEPqPUTS+vQ8=
Subject key identifier:   42:9F:F1:EB:B9:C3:83:69:6D:B0:C7:46:DB:00:DB:ED:DF:2C:FB:9A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01928C0FB3112C1F7915CD8F7F28176536B4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qp_x67nDg2ltsMdG2wDb7d8s-5o.roa
Signing time:             Mon 14 Oct 2024 17:24:51 +0000
ROA not before:           Mon 14 Oct 2024 17:24:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15440
IP address blocks:        31.57.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8c:0f:b3:11:2c:1f:79:15:cd:8f:7f:28:17:65:36:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 14 17:24:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=429ff1ebb9c383696db0c746db00dbeddf2cfb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:81:48:83:3a:46:0b:4e:79:7c:dd:99:b0:55:
                    21:dd:18:9b:54:00:1b:81:ed:02:02:de:69:43:db:
                    95:2c:e2:b5:60:ff:70:0a:76:68:e7:12:96:45:87:
                    5e:84:7a:c3:62:6d:4a:20:6e:0f:d4:68:4d:c8:66:
                    7a:71:9d:5c:a6:d4:c5:72:b0:3a:e2:7f:fc:eb:d7:
                    32:bd:9b:d7:c9:56:18:41:9e:e9:ea:8f:2b:64:3e:
                    7e:96:a3:77:6a:0f:cd:f1:41:19:96:c2:ef:75:eb:
                    fc:b1:7f:ca:77:b6:e2:15:fa:4f:fe:08:f2:6d:f5:
                    1b:34:00:49:e4:b3:52:80:06:fb:e3:06:66:38:5d:
                    ab:c5:c2:75:f9:db:3f:df:bf:9b:70:3e:35:d1:a8:
                    17:2f:65:c4:11:b9:c3:ea:cd:3d:ff:be:35:e6:f5:
                    52:15:78:7c:78:86:3b:be:4a:9b:c2:91:c1:03:64:
                    6e:2a:17:8d:d0:a0:bb:bb:11:50:e2:c3:77:75:14:
                    25:03:ef:bf:aa:00:af:f7:2d:5c:2c:ea:8b:a0:e9:
                    df:85:ba:f1:17:bf:b1:92:ee:d9:e5:54:58:56:ac:
                    f3:65:5c:d8:44:19:2e:6f:fb:7a:3a:46:b5:4b:f3:
                    ba:14:79:81:ad:6f:d5:25:3d:bc:17:a7:0f:a3:0f:
                    3e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:9F:F1:EB:B9:C3:83:69:6D:B0:C7:46:DB:00:DB:ED:DF:2C:FB:9A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Qp_x67nDg2ltsMdG2wDb7d8s-5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:be:0c:7b:a4:6e:96:af:ee:72:da:f2:48:8b:bb:c4:3e:52:
         04:70:0a:ed:5a:0e:50:7b:41:da:a8:f2:bf:4a:54:af:fa:c2:
         3f:e3:c1:de:0b:be:5f:56:75:ae:b9:9d:f7:c4:44:4b:50:e6:
         f3:64:5d:d8:a4:55:03:3c:39:5c:00:0f:03:2e:fe:f2:36:a9:
         66:58:37:8e:7e:7d:0f:bb:fa:0e:5d:da:a8:c6:5b:a2:ea:4c:
         59:cc:8d:ef:75:41:98:1f:9f:14:85:5a:4e:b6:2b:df:cd:49:
         50:0a:0e:f7:81:44:41:b6:0b:87:d4:42:58:e2:ea:4a:92:b9:
         94:8c:68:c7:e3:57:1b:d6:c1:93:83:4f:dc:d9:9d:23:82:37:
         af:a9:c7:23:15:bb:9e:bf:5b:dd:05:29:44:67:84:30:83:f7:
         a0:32:6f:96:38:1a:f1:f1:c4:92:9a:e1:77:8f:a7:94:00:a0:
         b5:49:97:dd:cb:22:48:f3:08:2d:bb:e6:51:c3:11:48:0b:ef:
         06:67:fb:5a:c0:2b:a1:67:e7:68:96:e7:86:e6:3a:42:26:48:
         8e:9e:f9:87:66:b8:14:e0:3d:2e:58:88:f7:d1:56:2d:3a:a9:
         8c:4f:27:4f:99:e0:60:4f:1a:c5:d2:f7:0b:05:4d:ef:96:61:
         f6:07:cd:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKMD7MRLB95Fc2PfygXZTa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDE0MTcyNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjlmZjFlYmI5YzM4MzY5NmRiMGM3NDZkYjAwZGJlZGRmMmNmYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYFIgzpGC055fN2ZsFUh3RibVAAb
ge0CAt5pQ9uVLOK1YP9wCnZo5xKWRYdehHrDYm1KIG4P1GhNyGZ6cZ1cptTFcrA6
4n/869cyvZvXyVYYQZ7p6o8rZD5+lqN3ag/N8UEZlsLvdev8sX/Kd7biFfpP/gjy
bfUbNABJ5LNSgAb74wZmOF2rxcJ1+ds/37+bcD410agXL2XEEbnD6s09/7415vVS
FXh8eIY7vkqbwpHBA2RuKheN0KC7uxFQ4sN3dRQlA++/qgCv9y1cLOqLoOnfhbrx
F7+xku7Z5VRYVqzzZVzYRBkub/t6Oka1S/O6FHmBrW/VJT28F6cPow8++wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKf8eu5w4NpbbDHRtsA2+3fLPuaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUXBfeDY3bkRnMmx0c01kRzJ3RGI3ZDhzLTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlmMA0G
CSqGSIb3DQEBCwUAA4IBAQAWvgx7pG6Wr+5y2vJIi7vEPlIEcArtWg5Qe0HaqPK/
SlSv+sI/48HeC75fVnWuuZ33xERLUObzZF3YpFUDPDlcAA8DLv7yNqlmWDeOfn0P
u/oOXdqoxlui6kxZzI3vdUGYH58UhVpOtivfzUlQCg73gURBtguH1EJY4upKkrmU
jGjH41cb1sGTg0/c2Z0jgjevqccjFbuev1vdBSlEZ4Qwg/egMm+WOBrx8cSSmuF3
j6eUAKC1SZfdyyJI8wgtu+ZRwxFIC+8GZ/tawCuhZ+dolueG5jpCJkiOnvmHZrgU
4D0uWIj30VYtOqmMTydPmeBgTxrF0vcLBU3vlmH2B81g
-----END CERTIFICATE-----