Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R-o5vPWc1Nea2i7d6gUKA4WdF78.roa
File:                     R-o5vPWc1Nea2i7d6gUKA4WdF78.roa (raw, json)
Hash identifier:          lgxOBmVW8pzm7Rv93yIXPxXgqUohU+uvxQM5b2X6/F4=
Subject key identifier:   47:EA:39:BC:F5:9C:D4:D7:9A:DA:2E:DD:EA:05:0A:03:85:9D:17:BF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019302A6BBE723273AE51DA84B9E318796A1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R-o5vPWc1Nea2i7d6gUKA4WdF78.roa
Signing time:             Wed 06 Nov 2024 18:05:01 +0000
ROA not before:           Wed 06 Nov 2024 18:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213930
IP address blocks:        31.57.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:a6:bb:e7:23:27:3a:e5:1d:a8:4b:9e:31:87:96:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  6 18:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47ea39bcf59cd4d79ada2eddea050a03859d17bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:06:45:76:6a:3c:14:de:0f:c4:35:3f:25:21:
                    d7:35:90:58:69:01:5a:32:c9:69:90:ce:78:96:36:
                    25:37:4f:e5:2a:35:77:7b:e2:41:71:c1:f7:77:b0:
                    f0:c3:fd:55:46:d0:4c:a7:db:e7:fe:b4:89:73:09:
                    29:46:d9:7f:1f:0c:94:1f:a2:6f:5d:b9:a4:cf:f5:
                    32:a6:58:05:23:b8:8c:9b:dd:ba:db:1d:b4:73:9f:
                    6e:12:1c:b1:1e:d4:b4:36:e9:62:bc:b1:8f:fa:19:
                    dd:ed:5e:c2:10:d2:e1:af:4c:7f:9d:a4:b7:25:ca:
                    d2:d6:62:7e:ea:c7:fe:10:79:2f:4c:f1:aa:0e:26:
                    d4:68:42:50:6a:06:ad:7a:8d:a5:5f:0b:be:3a:b5:
                    1d:4f:19:3f:30:7e:24:2a:f1:d7:c2:81:07:f1:f9:
                    9b:c2:0f:66:bb:4e:b3:c9:03:cf:1a:74:36:85:c5:
                    90:51:89:de:4a:d9:65:e9:de:64:74:72:14:f0:2f:
                    e7:50:cb:e9:cb:2c:48:2d:6d:29:a0:e4:1f:28:00:
                    37:69:5e:d6:70:89:f3:73:ff:42:82:b2:28:0e:5d:
                    7a:dc:09:9d:1c:2d:07:8b:76:97:0b:91:45:c2:e8:
                    9e:db:c8:35:31:ca:e9:e9:25:a8:e1:8b:2b:d3:3a:
                    9e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EA:39:BC:F5:9C:D4:D7:9A:DA:2E:DD:EA:05:0A:03:85:9D:17:BF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R-o5vPWc1Nea2i7d6gUKA4WdF78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ee:3e:3e:c6:80:39:35:4f:57:3b:cf:09:b5:ee:a0:09:20:
         73:52:17:b3:32:38:45:33:8d:39:86:6f:f5:bb:30:58:73:ac:
         db:09:99:28:7e:24:25:83:fe:03:ab:06:31:b3:9e:0c:41:8e:
         9e:e0:98:ab:8e:55:62:53:71:29:54:fd:20:b9:5d:c3:ed:d5:
         9a:e2:5b:ce:17:65:dc:9c:e6:9d:0f:39:ce:47:6e:73:24:51:
         4d:eb:17:3f:f0:c9:bb:8c:40:9a:2c:36:a2:4e:a7:99:dd:f9:
         41:38:4a:e2:2a:a0:3d:81:9e:b9:a2:26:76:3c:94:6f:5e:8f:
         51:a7:5c:a2:d8:44:a9:09:b6:26:43:78:f3:ee:ae:cc:5f:58:
         47:7b:d7:ef:c2:fa:79:17:d2:74:68:e5:4b:55:fd:f1:3f:74:
         bf:b4:a1:41:67:29:70:dd:15:d5:96:76:55:58:f4:c7:8b:ad:
         14:45:87:02:7c:b4:8f:6f:f2:6a:88:25:31:f8:16:dd:56:c4:
         87:e4:59:34:3d:44:3c:c6:59:b6:64:4a:16:3c:55:15:cc:2d:
         45:c5:12:23:e9:71:18:74:fd:35:f7:4f:b0:cd:de:5c:ee:e7:
         96:54:4e:59:e5:7f:93:6d:68:36:35:97:59:bf:9d:01:b6:5c:
         a4:09:3f:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCprvnIyc65R2oS54xh5ahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA2MTgwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VhMzliY2Y1OWNkNGQ3OWFkYTJlZGRlYTA1MGEwMzg1OWQxN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwZFdmo8FN4PxDU/JSHXNZBYaQFa
MslpkM54ljYlN0/lKjV3e+JBccH3d7Dww/1VRtBMp9vn/rSJcwkpRtl/HwyUH6Jv
Xbmkz/UyplgFI7iMm9262x20c59uEhyxHtS0NulivLGP+hnd7V7CENLhr0x/naS3
JcrS1mJ+6sf+EHkvTPGqDibUaEJQagateo2lXwu+OrUdTxk/MH4kKvHXwoEH8fmb
wg9mu06zyQPPGnQ2hcWQUYneStll6d5kdHIU8C/nUMvpyyxILW0poOQfKAA3aV7W
cInzc/9CgrIoDl163AmdHC0Hi3aXC5FFwuie28g1Mcrp6SWo4Ysr0zqe1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfqObz1nNTXmtou3eoFCgOFnRe/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUi1vNXZQV2MxTmVhMmk3ZDZnVUtBNFdkRjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznyMA0G
CSqGSIb3DQEBCwUAA4IBAQBC7j4+xoA5NU9XO88Jte6gCSBzUhezMjhFM405hm/1
uzBYc6zbCZkofiQlg/4DqwYxs54MQY6e4JirjlViU3EpVP0guV3D7dWa4lvOF2Xc
nOadDznOR25zJFFN6xc/8Mm7jECaLDaiTqeZ3flBOEriKqA9gZ65oiZ2PJRvXo9R
p1yi2ESpCbYmQ3jz7q7MX1hHe9fvwvp5F9J0aOVLVf3xP3S/tKFBZylw3RXVlnZV
WPTHi60URYcCfLSPb/JqiCUx+BbdVsSH5Fk0PUQ8xlm2ZEoWPFUVzC1FxRIj6XEY
dP0190+wzd5c7ueWVE5Z5X+TbWg2NZdZv50BtlykCT8y
-----END CERTIFICATE-----