Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RN4gRDIa1NIy6WjHYeopY0Ji8H0.roa
File:                     RN4gRDIa1NIy6WjHYeopY0Ji8H0.roa (raw, json)
Hash identifier:          hU9z0Zfcq1v2+5CcCV9HnK1RCN4r0hmxZ5Ti7qW+bgo=
Subject key identifier:   44:DE:20:44:32:1A:D4:D2:32:E9:68:C7:61:EA:29:63:42:62:F0:7D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0191C650FF19EC79A0B9F9A50183321636FD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RN4gRDIa1NIy6WjHYeopY0Ji8H0.roa
Signing time:             Fri 06 Sep 2024 07:51:22 +0000
ROA not before:           Fri 06 Sep 2024 07:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208450
IP address blocks:        31.56.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:50:ff:19:ec:79:a0:b9:f9:a5:01:83:32:16:36:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  6 07:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44de2044321ad4d232e968c761ea29634262f07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cd:ff:5a:ca:65:a3:5b:69:e8:69:af:ed:ab:
                    b2:bd:60:06:a6:70:68:8c:fd:af:20:34:10:2b:48:
                    07:fa:60:ed:d1:84:4c:13:6e:7e:df:92:86:52:73:
                    19:68:bb:7e:32:ab:a9:21:d4:c2:29:6d:01:cc:86:
                    4e:cc:c9:64:6c:52:a1:19:a8:ab:10:54:99:65:7f:
                    85:c5:38:1e:d2:ad:24:2f:a7:af:f2:15:8e:ba:56:
                    52:d6:38:e6:2c:ca:49:29:d0:d4:de:1f:d1:40:56:
                    61:d4:aa:e2:95:e2:7c:15:6b:66:98:26:98:ed:57:
                    79:1a:fc:68:ac:ec:bb:af:c6:ac:74:79:cc:8a:1c:
                    44:dd:92:76:3b:7f:93:c4:05:8c:b5:0b:40:85:e0:
                    37:e5:20:91:58:7a:a6:be:34:5d:19:01:18:1f:cc:
                    ea:63:a9:85:6f:72:13:63:8c:bc:5a:39:cf:1f:45:
                    7c:a2:a0:70:c8:fc:65:f3:f9:0c:6f:cd:c6:44:19:
                    79:a4:f3:79:a6:9f:54:00:31:b8:63:02:77:ed:a1:
                    82:70:e6:9e:5d:4a:ae:f0:5a:44:df:6e:86:52:81:
                    3f:2c:35:5f:6d:b4:68:64:7e:62:42:b0:5b:f0:40:
                    22:a4:0c:31:8f:04:94:72:28:26:9d:12:5d:04:da:
                    24:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:DE:20:44:32:1A:D4:D2:32:E9:68:C7:61:EA:29:63:42:62:F0:7D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RN4gRDIa1NIy6WjHYeopY0Ji8H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:57:e3:0f:78:f5:99:95:da:05:be:bf:ad:c3:72:33:bd:1f:
         42:e8:25:f1:4c:c4:c6:8c:5e:23:d1:8b:d8:94:7d:08:f0:86:
         01:e1:44:f3:eb:bc:06:af:ec:f5:7d:73:b2:6f:37:16:78:ab:
         73:87:07:67:ee:0c:c6:4b:6b:6d:2d:ce:88:39:68:eb:fb:b3:
         21:88:23:25:e5:38:c2:25:5d:3a:bf:ac:09:47:cb:53:f3:f8:
         19:68:93:2d:88:90:28:1c:ef:73:da:00:ad:02:cc:01:a5:8f:
         ee:d7:2e:d0:58:a2:f8:07:fc:f8:65:6e:7a:41:68:fb:5d:7b:
         88:10:27:3c:20:fe:18:f5:fa:5e:15:03:fb:07:56:f5:f8:82:
         d8:9f:f3:45:2d:8b:70:c3:27:e9:b6:0a:6c:96:0b:ec:21:27:
         da:b6:09:c6:0f:3b:c0:ce:2f:bd:a5:dc:b2:a9:e6:6e:c1:b0:
         11:53:57:90:76:b5:60:6f:2d:0e:c6:52:77:ea:c1:e4:b8:ab:
         fa:4f:45:f0:d9:73:62:c6:ad:b9:75:81:8b:2e:1b:b1:41:be:
         29:73:f7:05:d2:09:46:9d:50:4a:e5:3a:65:95:b7:9b:6a:5a:
         e4:95:39:08:49:df:52:02:e4:82:cf:49:db:bf:96:1d:24:4e:
         71:79:71:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHGUP8Z7HmgufmlAYMyFjb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTA2MDc1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGRlMjA0NDMyMWFkNGQyMzJlOTY4Yzc2MWVhMjk2MzQyNjJmMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo83/Wsplo1tp6Gmv7auyvWAGpnBo
jP2vIDQQK0gH+mDt0YRME25+35KGUnMZaLt+MqupIdTCKW0BzIZOzMlkbFKhGair
EFSZZX+FxTge0q0kL6ev8hWOulZS1jjmLMpJKdDU3h/RQFZh1KrileJ8FWtmmCaY
7Vd5GvxorOy7r8asdHnMihxE3ZJ2O3+TxAWMtQtAheA35SCRWHqmvjRdGQEYH8zq
Y6mFb3ITY4y8WjnPH0V8oqBwyPxl8/kMb83GRBl5pPN5pp9UADG4YwJ37aGCcOae
XUqu8FpE326GUoE/LDVfbbRoZH5iQrBb8EAipAwxjwSUcigmnRJdBNok4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETeIEQyGtTSMulox2HqKWNCYvB9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUk40Z1JESWExTkl5NldqSFllb3BZMEppOEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCV+MPePWZldoFvr+tw3IzvR9C6CXxTMTGjF4j0YvY
lH0I8IYB4UTz67wGr+z1fXOybzcWeKtzhwdn7gzGS2ttLc6IOWjr+7MhiCMl5TjC
JV06v6wJR8tT8/gZaJMtiJAoHO9z2gCtAswBpY/u1y7QWKL4B/z4ZW56QWj7XXuI
ECc8IP4Y9fpeFQP7B1b1+ILYn/NFLYtwwyfptgpslgvsISfatgnGDzvAzi+9pdyy
qeZuwbARU1eQdrVgby0OxlJ36sHkuKv6T0Xw2XNixq25dYGLLhuxQb4pc/cF0glG
nVBK5TpllbebalrklTkISd9SAuSCz0nbv5YdJE5xeXES
-----END CERTIFICATE-----