Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Tl-029CPp1qb7IL4dSRyysmC-Wc.roa
File:                     Tl-029CPp1qb7IL4dSRyysmC-Wc.roa (raw, json)
Hash identifier:          KfLspnx6z0FotQPsD+r14c/MOQwQIEqZA7vCxk+IZgw=
Subject key identifier:   4E:5F:B4:DB:D0:8F:A7:5A:9B:EC:82:F8:75:24:72:CA:C9:82:F9:67
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823562A85EAF0EDA788D6D66F61A3B6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Tl-029CPp1qb7IL4dSRyysmC-Wc.roa
Signing time:             Thu 02 Jan 2025 17:49:51 +0000
ROA not before:           Thu 02 Jan 2025 17:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140224
IP address blocks:        31.56.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:56:2a:85:ea:f0:ed:a7:88:d6:d6:6f:61:a3:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e5fb4dbd08fa75a9bec82f8752472cac982f967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:02:81:2a:63:d0:13:30:d7:e3:6a:9a:43:94:
                    d3:56:74:99:8e:18:47:28:1d:f3:c7:2d:09:85:2b:
                    78:39:7a:bb:aa:48:ae:85:9e:a1:69:1d:e5:6e:be:
                    ca:47:5d:d2:49:52:01:44:8b:69:01:6d:59:c1:c1:
                    fe:d5:61:d5:76:e2:b5:20:9d:70:73:df:24:d2:09:
                    1f:9e:48:37:48:9f:28:1e:7a:84:f9:f2:a1:82:fe:
                    fc:16:74:7d:ff:f0:83:a0:7f:e8:b7:90:01:49:f4:
                    d1:99:40:1c:3f:97:9f:fa:c6:5d:a2:42:99:f1:a9:
                    f9:90:d9:37:a9:ed:6f:7c:a3:25:44:71:93:e3:29:
                    cc:9e:f3:eb:fc:9b:48:69:10:f7:e5:f4:fa:88:74:
                    24:7a:0e:e9:6f:c1:87:21:16:52:65:7c:30:f4:f7:
                    91:72:0f:a6:50:98:70:f9:a7:4a:d6:60:45:4c:e4:
                    11:e5:16:b8:2f:0b:77:c3:5f:a9:0a:be:4a:ad:81:
                    5e:0a:40:8f:68:35:23:6c:2e:18:7b:fa:75:b4:b7:
                    64:f1:4d:e0:df:43:f5:9d:5b:2d:b4:53:a2:1b:7a:
                    81:f2:d8:89:46:c8:f2:92:af:17:86:27:27:18:e0:
                    c8:bc:09:65:a8:93:69:61:04:ad:a7:ca:6c:c2:79:
                    5b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:5F:B4:DB:D0:8F:A7:5A:9B:EC:82:F8:75:24:72:CA:C9:82:F9:67
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Tl-029CPp1qb7IL4dSRyysmC-Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:5d:e6:09:7d:ad:05:f5:9d:c4:ee:9a:7a:cf:a7:d0:8c:8c:
         f2:5b:88:d7:a3:c7:26:b3:b0:40:3c:ae:8e:95:eb:2e:fe:bf:
         a2:47:f3:78:b8:10:bd:71:6d:7d:eb:b5:27:00:4a:c8:64:5b:
         51:52:61:02:f9:15:43:f4:74:5c:4f:15:1b:dd:55:69:f3:d0:
         67:5d:ca:89:be:3e:71:76:9f:33:50:d2:4e:9f:d9:ad:86:5c:
         94:63:6c:36:ed:3b:07:7a:3b:69:45:c2:92:c4:e7:d3:8d:20:
         5a:2c:89:c8:6a:d0:58:0f:d4:d8:b0:66:09:02:be:3f:7c:63:
         92:50:87:f8:34:47:8f:4b:c1:f2:a6:94:03:e4:f4:27:9e:09:
         42:60:56:69:0e:f4:1d:af:a4:e2:3f:2b:24:a4:19:9d:23:e5:
         c1:0e:23:49:19:a6:9e:83:7e:52:50:44:3c:22:b6:47:56:ac:
         74:0c:2c:2e:1c:8b:be:b7:28:73:ba:4a:4c:6b:bd:80:91:31:
         19:87:44:5a:24:f3:3e:e8:07:02:48:ef:c5:a9:6f:f1:c7:c1:
         b0:10:c9:e8:05:b8:85:3f:96:60:52:49:d3:8c:d7:83:f5:ae:
         5c:ae:33:d7:99:a8:16:b2:d9:9e:2a:72:03:e8:25:97:61:dc:
         e1:20:19:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1Yqherw7aeI1tZvYaO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTVmYjRkYmQwOGZhNzVhOWJlYzgyZjg3NTI0NzJjYWM5ODJmOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwKBKmPQEzDX42qaQ5TTVnSZjhhH
KB3zxy0JhSt4OXq7qkiuhZ6haR3lbr7KR13SSVIBRItpAW1ZwcH+1WHVduK1IJ1w
c98k0gkfnkg3SJ8oHnqE+fKhgv78FnR9//CDoH/ot5ABSfTRmUAcP5ef+sZdokKZ
8an5kNk3qe1vfKMlRHGT4ynMnvPr/JtIaRD35fT6iHQkeg7pb8GHIRZSZXww9PeR
cg+mUJhw+adK1mBFTOQR5Ra4Lwt3w1+pCr5KrYFeCkCPaDUjbC4Ye/p1tLdk8U3g
30P1nVsttFOiG3qB8tiJRsjykq8XhicnGODIvAllqJNpYQStp8pswnlbAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5ftNvQj6dam+yC+HUkcsrJgvlnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVGwtMDI5Q1BwMXFiN0lMNGRTUnl5c21DLVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzglMA0G
CSqGSIb3DQEBCwUAA4IBAQAjXeYJfa0F9Z3E7pp6z6fQjIzyW4jXo8cms7BAPK6O
lesu/r+iR/N4uBC9cW1967UnAErIZFtRUmEC+RVD9HRcTxUb3VVp89BnXcqJvj5x
dp8zUNJOn9mthlyUY2w27TsHejtpRcKSxOfTjSBaLInIatBYD9TYsGYJAr4/fGOS
UIf4NEePS8HyppQD5PQnnglCYFZpDvQdr6TiPyskpBmdI+XBDiNJGaaeg35SUEQ8
IrZHVqx0DCwuHIu+tyhzukpMa72AkTEZh0RaJPM+6AcCSO/FqW/xx8GwEMnoBbiF
P5ZgUknTjNeD9a5crjPXmagWstmeKnID6CWXYdzhIBkf
-----END CERTIFICATE-----