Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4_deqsisT3UFC5PdwfvMwAkRsk.roa
File:                     U4_deqsisT3UFC5PdwfvMwAkRsk.roa (raw, json)
Hash identifier:          ogoVAtTpWG92K85y1s7d9sYJG2kOOcEYjK8wqQzXCAA=
Subject key identifier:   53:8F:DD:7A:AB:22:B1:3D:D4:14:2E:4F:77:07:EF:33:00:24:46:C9
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01931C6793846DC35F6E00A2FAAADDFAA166
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4_deqsisT3UFC5PdwfvMwAkRsk.roa
Signing time:             Mon 11 Nov 2024 18:06:10 +0000
ROA not before:           Mon 11 Nov 2024 18:06:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199414
IP address blocks:        31.56.0.0/24 maxlen: 24
                          31.58.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1c:67:93:84:6d:c3:5f:6e:00:a2:fa:aa:dd:fa:a1:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 11 18:06:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=538fdd7aab22b13dd4142e4f7707ef33002446c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c3:3a:ca:35:3d:56:3a:a4:18:6e:88:06:d3:
                    4d:2a:cf:41:c3:67:de:04:a1:76:12:28:18:b9:86:
                    b8:1b:73:fb:e7:52:4b:2c:ff:8a:4a:2c:67:b9:7e:
                    25:26:56:c9:16:f8:9d:9c:ad:b2:d5:2a:c7:09:1c:
                    27:4d:ba:56:01:20:5b:16:08:89:85:f7:e2:87:2d:
                    9b:12:0c:84:93:35:c3:47:6b:94:20:07:89:12:77:
                    84:df:47:b6:cc:d3:a2:aa:14:4b:d6:f6:90:09:b2:
                    a3:11:1c:e6:0e:68:7d:ea:d5:30:22:6f:de:ae:e3:
                    e5:a3:1c:86:bd:4b:84:52:7a:89:41:f4:8b:34:cd:
                    5a:99:2c:d8:f3:4b:8b:4a:44:19:57:4b:70:1c:37:
                    d6:5d:a7:7f:80:84:88:6d:c2:da:25:b6:d4:b0:3b:
                    d8:50:75:85:93:96:28:63:8c:36:27:a7:5b:41:b4:
                    99:0b:b7:1e:b2:35:52:b6:bf:3b:35:e7:4d:50:89:
                    82:22:4f:8f:85:ff:07:0c:8f:f9:61:76:e9:cd:04:
                    68:36:bf:63:b1:b9:65:40:07:78:1b:77:7a:66:4b:
                    2f:0a:ed:5f:7b:fa:41:cc:2f:ab:c2:f2:59:70:41:
                    22:81:61:3b:f4:43:69:d8:23:77:77:a2:e3:f8:b8:
                    65:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8F:DD:7A:AB:22:B1:3D:D4:14:2E:4F:77:07:EF:33:00:24:46:C9
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4_deqsisT3UFC5PdwfvMwAkRsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.0.0/24
                  31.58.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0c:fb:b8:92:b5:fc:5e:c3:c1:1c:e4:0d:ab:39:3e:10:58:
         1b:ea:b0:d8:da:fc:02:37:7a:f0:8c:02:4e:7f:6a:6f:80:2c:
         70:60:7c:51:27:f0:c7:96:c0:c2:60:c8:41:63:0e:cf:cb:50:
         83:e5:20:ae:a4:b9:52:3c:34:2e:5d:08:e5:71:bb:de:0b:d4:
         ac:f6:35:44:b2:8d:e0:18:7d:bb:60:5d:ad:2e:ae:ef:10:27:
         50:a5:45:bc:65:2c:d5:b5:45:d7:2d:f9:ea:05:49:c4:4d:74:
         4c:1a:0b:eb:7d:2a:31:68:de:49:c4:9b:1e:64:20:52:6f:2c:
         ad:82:67:ab:0d:9b:8c:98:80:fb:77:bd:32:3b:35:30:b4:a9:
         5d:74:89:c4:bb:14:6f:1f:4c:8c:dc:85:7b:bd:51:07:0f:d9:
         d4:d7:33:8c:60:ce:87:d1:9c:7d:b3:3d:41:d4:6b:13:07:73:
         69:9b:c2:45:35:df:fe:32:4c:fa:24:3f:d9:e4:5f:72:3a:ee:
         2b:c7:22:62:c6:11:79:58:59:b2:4b:39:90:2f:dd:03:a8:28:
         8b:b9:9c:d5:60:52:df:7e:62:6d:9d:80:46:bb:49:f2:17:55:
         0c:0b:81:5d:62:50:a9:97:a4:35:9d:5d:9a:a4:b3:2f:a1:8f:
         46:0d:04:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMcZ5OEbcNfbgCi+qrd+qFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTExMTgwNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzhmZGQ3YWFiMjJiMTNkZDQxNDJlNGY3NzA3ZWYzMzAwMjQ0NmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MM6yjU9VjqkGG6IBtNNKs9Bw2fe
BKF2EigYuYa4G3P751JLLP+KSixnuX4lJlbJFvidnK2y1SrHCRwnTbpWASBbFgiJ
hffihy2bEgyEkzXDR2uUIAeJEneE30e2zNOiqhRL1vaQCbKjERzmDmh96tUwIm/e
ruPloxyGvUuEUnqJQfSLNM1amSzY80uLSkQZV0twHDfWXad/gISIbcLaJbbUsDvY
UHWFk5YoY4w2J6dbQbSZC7cesjVStr87NedNUImCIk+Phf8HDI/5YXbpzQRoNr9j
sbllQAd4G3d6ZksvCu1fe/pBzC+rwvJZcEEigWE79ENp2CN3d6Lj+LhlpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFOP3XqrIrE91BQuT3cH7zMAJEbJMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVTRfZGVxc2lzVDNVRkM1UGR3ZnZNd0FrUnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgAAwQA
HzrkMA0GCSqGSIb3DQEBCwUAA4IBAQAIDPu4krX8XsPBHOQNqzk+EFgb6rDY2vwC
N3rwjAJOf2pvgCxwYHxRJ/DHlsDCYMhBYw7Py1CD5SCupLlSPDQuXQjlcbveC9Ss
9jVEso3gGH27YF2tLq7vECdQpUW8ZSzVtUXXLfnqBUnETXRMGgvrfSoxaN5JxJse
ZCBSbyytgmerDZuMmID7d70yOzUwtKlddInEuxRvH0yM3IV7vVEHD9nU1zOMYM6H
0Zx9sz1B1GsTB3Npm8JFNd/+Mkz6JD/Z5F9yOu4rxyJixhF5WFmySzmQL90DqCiL
uZzVYFLffmJtnYBGu0nyF1UMC4FdYlCpl6Q1nV2apLMvoY9GDQTF
-----END CERTIFICATE-----