Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyG5FXIVCWRDLyNqdykkEmf5OjA.roa
File:                     TyG5FXIVCWRDLyNqdykkEmf5OjA.roa (raw, json)
Hash identifier:          ngVUD82KLBwBlY4Ca/5sXzLLT1e9TWsxW6xVMybwTIo=
Subject key identifier:   4F:21:B9:15:72:15:09:64:43:2F:23:6A:77:29:24:12:67:F9:3A:30
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428233A76EF7DF28D8B0910582987D6F5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyG5FXIVCWRDLyNqdykkEmf5OjA.roa
Signing time:             Thu 02 Jan 2025 17:49:44 +0000
ROA not before:           Thu 02 Jan 2025 17:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20853
IP address blocks:        31.56.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3a:76:ef:7d:f2:8d:8b:09:10:58:29:87:d6:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f21b91572150964432f236a7729241267f93a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:de:ba:c5:ff:a3:9d:9e:9b:9b:80:94:5a:7d:
                    25:27:e7:4b:08:36:c4:f4:9d:6a:d6:d4:51:6a:4f:
                    dd:b8:87:09:b5:9f:28:e6:5d:8f:b3:37:49:9c:e7:
                    7f:cd:94:d0:62:a6:fb:c9:d5:ab:39:e7:14:e4:dd:
                    9b:c5:52:37:37:9c:b2:ec:57:18:91:8c:a6:03:c9:
                    5a:30:a1:c8:4b:fc:fd:0f:2a:42:44:9d:43:45:67:
                    45:5a:2a:ca:e5:35:c4:b1:ff:ae:e1:ae:90:48:d8:
                    b0:0a:8f:b1:63:bb:4b:5e:f4:aa:dd:b0:79:3d:84:
                    90:2a:ce:21:b9:96:fd:ae:28:a4:85:28:80:7b:34:
                    97:76:7e:c7:5d:e4:08:b1:ac:f3:0b:28:44:be:17:
                    65:4c:4c:5e:77:40:2d:e7:bc:67:f9:c4:96:dd:6a:
                    31:78:b5:0e:58:0a:60:aa:47:43:6d:b6:cc:2e:76:
                    13:f7:91:0d:1b:a1:f4:7d:c8:bb:91:fd:2a:f6:a4:
                    e1:2c:63:97:f5:b2:b0:a1:71:ac:70:75:9a:85:30:
                    a4:9a:d3:3e:47:ef:20:b2:fc:14:a3:86:37:2e:46:
                    81:05:d0:1d:eb:d9:c2:6f:e4:7e:ad:da:bd:3f:af:
                    5a:67:07:a3:b7:76:bc:90:46:85:58:37:05:fd:d5:
                    0f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:21:B9:15:72:15:09:64:43:2F:23:6A:77:29:24:12:67:F9:3A:30
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TyG5FXIVCWRDLyNqdykkEmf5OjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:58:3a:98:5f:c2:00:d3:cf:f5:a6:a5:18:10:83:aa:25:15:
         39:ef:f3:dd:da:18:32:2a:61:59:49:af:1f:8b:66:7a:f4:5a:
         6b:dc:cf:d1:67:f3:28:47:25:f7:a1:49:cf:56:fa:45:12:d0:
         96:1b:9b:1b:f2:c6:91:81:17:01:7a:c8:70:d4:d0:a1:36:12:
         45:aa:20:b5:45:07:86:2e:63:84:c6:aa:1d:5d:b5:4f:ad:a0:
         30:29:28:75:c9:53:cf:bd:e4:89:6a:18:95:d7:3a:ed:02:4a:
         9b:20:9d:29:01:ea:39:cb:c8:57:de:ef:ca:4f:d7:3e:05:72:
         62:5a:41:3b:e8:98:1d:9d:a4:70:86:ee:a8:79:d7:7c:b8:89:
         60:4d:1f:02:7a:47:98:0b:63:f4:63:39:39:7d:85:0a:04:35:
         e5:e3:02:9f:0f:f9:30:6b:1e:a6:10:80:ac:e6:09:32:8f:5d:
         b2:6e:2e:5a:f4:51:81:1e:8e:a9:e7:e6:f4:e1:a5:75:e1:f8:
         64:b3:da:2d:b5:e9:9f:57:5c:b7:e0:28:70:fe:02:56:e7:f1:
         29:61:1c:73:21:33:5b:a1:99:5b:72:be:8d:28:0c:93:49:dd:
         8c:92:cb:d4:9b:9e:53:22:8d:46:9e:d5:41:a5:08:90:1a:29:
         4b:48:ad:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzp2733yjYsJEFgph9b1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjIxYjkxNTcyMTUwOTY0NDMyZjIzNmE3NzI5MjQxMjY3ZjkzYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt66xf+jnZ6bm4CUWn0lJ+dLCDbE
9J1q1tRRak/duIcJtZ8o5l2PszdJnOd/zZTQYqb7ydWrOecU5N2bxVI3N5yy7FcY
kYymA8laMKHIS/z9DypCRJ1DRWdFWirK5TXEsf+u4a6QSNiwCo+xY7tLXvSq3bB5
PYSQKs4huZb9riikhSiAezSXdn7HXeQIsazzCyhEvhdlTExed0At57xn+cSW3Wox
eLUOWApgqkdDbbbMLnYT95ENG6H0fci7kf0q9qThLGOX9bKwoXGscHWahTCkmtM+
R+8gsvwUo4Y3LkaBBdAd69nCb+R+rdq9P69aZwejt3a8kEaFWDcF/dUPhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8huRVyFQlkQy8jancpJBJn+TowMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVHlHNUZYSVZDV1JETHlOcWR5a2tFbWY1T2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHziRMA0G
CSqGSIb3DQEBCwUAA4IBAQCXWDqYX8IA08/1pqUYEIOqJRU57/Pd2hgyKmFZSa8f
i2Z69Fpr3M/RZ/MoRyX3oUnPVvpFEtCWG5sb8saRgRcBeshw1NChNhJFqiC1RQeG
LmOExqodXbVPraAwKSh1yVPPveSJahiV1zrtAkqbIJ0pAeo5y8hX3u/KT9c+BXJi
WkE76JgdnaRwhu6oedd8uIlgTR8CekeYC2P0Yzk5fYUKBDXl4wKfD/kwax6mEICs
5gkyj12ybi5a9FGBHo6p5+b04aV14fhks9ottemfV1y34Chw/gJW5/EpYRxzITNb
oZlbcr6NKAyTSd2MksvUm55TIo1GntVBpQiQGilLSK1V
-----END CERTIFICATE-----