Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SEzcVzEiiXSDY21hLTsDmzHU5vc.roa
File:                     SEzcVzEiiXSDY21hLTsDmzHU5vc.roa (raw, json)
Hash identifier:          Fu1qFW2hzatkSFdJPfj98tkKck5KpmK2QVOM+Jl9kpw=
Subject key identifier:   48:4C:DC:57:31:22:89:74:83:63:6D:61:2D:3B:03:9B:31:D4:E6:F7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428233C9A628D5F5FED394966C136DDFE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SEzcVzEiiXSDY21hLTsDmzHU5vc.roa
Signing time:             Thu 02 Jan 2025 17:49:45 +0000
ROA not before:           Thu 02 Jan 2025 17:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24429
IP address blocks:        31.56.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3c:9a:62:8d:5f:5f:ed:39:49:66:c1:36:dd:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=484cdc573122897483636d612d3b039b31d4e6f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d8:9b:85:96:8a:d1:eb:0a:22:14:3c:18:4f:
                    49:ff:58:55:28:64:1c:c1:7c:53:0e:ac:b8:32:8e:
                    48:25:82:9b:a3:a9:66:57:c5:b7:55:96:45:45:06:
                    46:c5:28:e6:f7:67:15:38:06:f2:43:fd:39:d4:c2:
                    56:db:4d:f5:da:2e:70:13:1b:58:db:e3:17:fe:9e:
                    e3:e7:9c:ed:66:eb:2e:79:15:e5:f5:3c:e2:8c:b4:
                    fe:4e:ec:ff:9e:ae:2e:e0:8c:22:d5:b5:42:eb:a6:
                    f3:73:7d:ff:03:ae:fc:97:76:10:b0:e3:32:20:c7:
                    0e:c3:b3:4e:d8:4d:45:51:17:d3:41:2c:b3:7f:8f:
                    21:2d:c4:89:cb:ca:eb:bd:49:fc:8d:f5:96:7c:0f:
                    a1:33:84:20:03:9e:f7:08:71:a7:4c:af:c3:81:69:
                    84:92:7b:63:dd:2b:17:8b:c2:22:ae:26:1a:17:1b:
                    f7:a2:31:30:2b:7a:36:82:1a:e5:56:29:38:89:8f:
                    7c:9b:fc:c2:bf:78:0a:5d:27:7b:d3:d4:11:b7:06:
                    b0:78:c4:d3:f5:b3:5b:25:02:d7:4d:dc:7c:2d:80:
                    7d:6e:e2:49:f0:27:ef:e2:46:db:cb:5f:38:8c:3b:
                    dd:d7:9d:58:66:c5:6a:e4:eb:7b:7d:07:ee:d2:7a:
                    05:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:4C:DC:57:31:22:89:74:83:63:6D:61:2D:3B:03:9B:31:D4:E6:F7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/SEzcVzEiiXSDY21hLTsDmzHU5vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3c:54:fa:31:38:d2:b7:1f:b2:a5:38:3c:1b:4e:9c:3d:ba:
         53:e3:c9:f6:1c:39:b3:38:2b:7b:0b:58:6e:5a:7b:ce:7f:a1:
         eb:46:db:54:56:9a:a5:78:f5:e5:6b:f7:61:ac:57:b6:20:ac:
         da:01:72:15:b7:0a:3a:33:ca:44:b1:b9:e2:ba:75:f4:cc:ec:
         7a:4c:13:70:ab:15:d2:7d:bc:80:05:f1:aa:e3:36:ef:ed:36:
         39:db:34:2c:4b:9a:f5:9d:2e:e7:3a:a9:5e:43:8c:fc:85:a2:
         db:cf:1b:b5:e2:b9:e0:16:e5:09:6f:5c:d8:8c:71:18:c7:c5:
         d0:2d:ca:8c:e5:d5:69:2b:d3:20:17:5a:8a:8a:2b:ad:b7:fb:
         20:b2:07:74:96:ef:52:75:2e:7c:78:65:07:0b:3f:78:d9:ee:
         d1:d3:ef:37:36:ec:a9:91:e7:18:12:aa:9d:40:01:0c:4f:5a:
         f5:87:12:38:30:26:cb:3f:b5:3a:5c:a5:e0:96:a5:7d:e7:54:
         a8:1d:3a:70:02:e1:5b:85:84:81:00:13:e6:a0:0b:ec:af:9e:
         08:7d:88:94:c4:12:4c:5a:e2:9a:28:33:6b:b8:b4:dd:f7:e2:
         e8:25:b2:6b:14:d5:d3:17:a9:39:81:f6:52:f9:81:24:84:47:
         69:31:90:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzyaYo1fX+05SWbBNt3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODRjZGM1NzMxMjI4OTc0ODM2MzZkNjEyZDNiMDM5YjMxZDRlNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9ibhZaK0esKIhQ8GE9J/1hVKGQc
wXxTDqy4Mo5IJYKbo6lmV8W3VZZFRQZGxSjm92cVOAbyQ/051MJW20312i5wExtY
2+MX/p7j55ztZusueRXl9TzijLT+Tuz/nq4u4Iwi1bVC66bzc33/A678l3YQsOMy
IMcOw7NO2E1FURfTQSyzf48hLcSJy8rrvUn8jfWWfA+hM4QgA573CHGnTK/DgWmE
kntj3SsXi8IiriYaFxv3ojEwK3o2ghrlVik4iY98m/zCv3gKXSd709QRtwaweMTT
9bNbJQLXTdx8LYB9buJJ8Cfv4kbby184jDvd151YZsVq5Ot7fQfu0noFIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhM3FcxIol0g2NtYS07A5sx1Ob3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvU0V6Y1Z6RWlpWFNEWTIxaExUc0RtekhVNXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzh8MA0G
CSqGSIb3DQEBCwUAA4IBAQBcPFT6MTjStx+ypTg8G06cPbpT48n2HDmzOCt7C1hu
WnvOf6HrRttUVpqlePXla/dhrFe2IKzaAXIVtwo6M8pEsbniunX0zOx6TBNwqxXS
fbyABfGq4zbv7TY52zQsS5r1nS7nOqleQ4z8haLbzxu14rngFuUJb1zYjHEYx8XQ
LcqM5dVpK9MgF1qKiiutt/sgsgd0lu9SdS58eGUHCz942e7R0+83NuypkecYEqqd
QAEMT1r1hxI4MCbLP7U6XKXglqV951SoHTpwAuFbhYSBABPmoAvsr54IfYiUxBJM
WuKaKDNruLTd9+LoJbJrFNXTF6k5gfZS+YEkhEdpMZAe
-----END CERTIFICATE-----